m.healthyhairremedy.com/?tid=1022de546b275ba18331241f2da3d6
172.67.165.138301 Moved Permanently 0 B URL HTTP/1.1 m.healthyhairremedy.com/?tid=1022de546b275ba18331241f2da3d6
IP 172.67.165.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /?tid=1022de546b275ba18331241f2da3d6 HTTP/1.1
Host: m.healthyhairremedy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Dec 2022 02:56:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 08 Dec 2022 03:56:45 GMT
Location: https://m.healthyhairremedy.com/?tid=1022de546b275ba18331241f2da3d6
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nXwaQXjEvAFu0HpRsxquGEkGcYPjqAJ6zJRQQQyWnTewjBuDDeI6uXGHHIbvnZku%2FW8SP%2FGQpIyMnPN1ubLBR0GrG%2FBO6WKncYW1m2Nh5ehZnm1mCATlNaPxdKYEIUNDnQXGKxEGCp%2BDMg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77623aca8c870afa-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7005
Expires: Thu, 08 Dec 2022 04:53:30 GMT
Date: Thu, 08 Dec 2022 02:56:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7592
Expires: Thu, 08 Dec 2022 05:03:17 GMT
Date: Thu, 08 Dec 2022 02:56:45 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2699
Expires: Thu, 08 Dec 2022 03:41:44 GMT
Date: Thu, 08 Dec 2022 02:56:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 02:08:07 GMT
content-type: application/json
age: 2918
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ZnpbIAQxZlV/R3kP+hxuLbFzbDX9fur+VSpEo4r2HN/G26rh0lQhd8KqE8zpqMgLZzfSK7bG4LE=
x-amz-request-id: 84FF7QMMVD8NZHVT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 02:47:45 GMT
age: 540
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 02:56:45 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2156d3e9fa2a56ad65314811efe6d607
04ea45189d29cdd63e890ac22f51b01ff7ea355d
674c0fb204287203411af9f26ace7f2e1d04a5da9573a3260321fcaec3917da2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:45 GMT
Server: ECS (amb/6BA6)
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 02:07:58 GMT
age: 2927
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2156d3e9fa2a56ad65314811efe6d607
04ea45189d29cdd63e890ac22f51b01ff7ea355d
674c0fb204287203411af9f26ace7f2e1d04a5da9573a3260321fcaec3917da2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:46 GMT
Last-Modified: Thu, 08 Dec 2022 02:56:45 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6267
Cache-Control: max-age=114871
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:46 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:51:17 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash da956e057260390fdb0f031611642013
9a6e98aab555fffbb13725ed243d0710de42946f
bde9720713f98ab261e1c89c5981a26ae8120ba67a48d7e0c7214ebeca9529c8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4485
Cache-Control: max-age=171444
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:46 GMT
Etag: "63913b9d-1d7"
Expires: Sat, 10 Dec 2022 02:34:10 GMT
Last-Modified: Thu, 08 Dec 2022 01:19:25 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
www.paypalobjects.com/en_US/i/scr/pixel.gif
192.229.221.25200 OK 43 B URL HTTP/2 www.paypalobjects.com/en_US/i/scr/pixel.gif
IP 192.229.221.25:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /en_US/i/scr/pixel.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Thu, 08 Dec 2022 02:56:46 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637be-2b"
expires: Thu, 08 Dec 2022 03:56:46 GMT
last-modified: Fri, 16 Aug 2019 04:57:34 GMT
paypal-debug-id: 81b5359302d60
server: ECAcc (ska/F6E2)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
x-content-type-options: nosniff
content-length: 43
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 30aec170d58f580f2ed4da4b92d72cc7
3b11a98ba9563f7f266e7a935e3b78bd0c0712aa
7b25e66e4383cdb29228d0451a4810eeab7d194ca81045e066c00c9467f29312
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.170200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 12:45:16 GMT
expires: Wed, 06 Dec 2023 12:45:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 137490
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.163.1.35101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.1.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9hOIgXPgQee9iE/WY6v4kg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: s0zoVYljcg98CI0FsOq3QUmwGnU=
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-N3HNC48
142.250.74.168200 OK 99 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-N3HNC48
IP 142.250.74.168:0
File type ASCII text, with very long lines (38953)
Hash 50c72188085f3d37b0c58665b2e9d55f
19f6c022b1600e5e1567593a681b968176775caa
8ba51f4de91404f984cae5a5126cb7f71fea97d95b65e36111407f6f2274d084
GET /gtm.js?id=GTM-N3HNC48 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Dec 2022 02:56:46 GMT
expires: Thu, 08 Dec 2022 02:56:46 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Dec 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 99379
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 5ed975be717b34860ee8c2fe2a3fb4b5
1957c8dcb9393bff988e1a5c975b5fed5b2872e8
b299d249045e1148542ffbb7a569219eec4cee7b63b5cd04b2cafd8aeac73d62
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:46 GMT
Etag: "6390d357-117"
Server: ECS (amb/6BA6)
Content-Length: 279
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 30aec170d58f580f2ed4da4b92d72cc7
3b11a98ba9563f7f266e7a935e3b78bd0c0712aa
7b25e66e4383cdb29228d0451a4810eeab7d194ca81045e066c00c9467f29312
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 935 B IP 93.184.220.29:0
File type gzip compressed data, from Unix\012- data
Hash 95d5ffb7307452b504c406c0ec0a2051
d0ccc776816f7601fb3992dc0a6a7341b156137a
9d944613ca95b4919c1cfac3e94f21518ee44cea59b323375c7b498969bbd2ec
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:46 GMT
Server: ECS (amb/6BA7)
Content-Length: 280
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5358
Expires: Thu, 08 Dec 2022 04:26:04 GMT
Date: Thu, 08 Dec 2022 02:56:46 GMT
Connection: keep-alive
d39ldsmboekjvi.cloudfront.net/js/no_right_click_protection.js
143.204.42.114200 OK 2.9 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/js/no_right_click_protection.js
IP 143.204.42.114:0
Hash 7156d8bc10413c85ad23d80bcfc07ff3
7578a9cecf2f172e27dc8f5b8178b1c73fb0539a
70e36bd4d1ccbfec417dfcfebc2a81192ae39e747b6c241f5c1348866ac0bc0f
GET /js/no_right_click_protection.js HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 12:24:57 GMT
x-amz-version-id: cmSmmvuDsx4yfCKtTZkvyABGalIIFNRP
server: AmazonS3
content-encoding: gzip
date: Thu, 08 Dec 2022 00:31:28 GMT
etag: W/"779b5023129218445bc90c03689bd733"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: n2ZB8FOZYqI2zLM3TMVxotEgJiiHe8QIdgXIr3eO2jGPJRq56T5Mow==
age: 17655
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5358
Expires: Thu, 08 Dec 2022 04:26:04 GMT
Date: Thu, 08 Dec 2022 02:56:46 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5358
Expires: Thu, 08 Dec 2022 04:26:04 GMT
Date: Thu, 08 Dec 2022 02:56:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F377ab47f-a48d-4112-a562-b49a358636f1.png
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F377ab47f-a48d-4112-a562-b49a358636f1.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2f5ce4070e5050733be6bded399afe53
77cf1dd30e86f5568a8e64cb42f536cf2af9301c
7fe19657e1add41e913e9a326023ff484180ca17615175ddc5d2ab57217566bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F377ab47f-a48d-4112-a562-b49a358636f1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4538
x-amzn-requestid: 143f359f-c0fd-4d32-8de5-cc2c2804bb39
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4gIHzXoAMFqmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391079a-27db2e3c6de7216e3c17caea;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CTvoYad2nNPubKimSZrkJXGTDWZK6u3fTli1YnBgrXk7WPAtmvO2rA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:04:30 GMT
age: 17536
etag: "77cf1dd30e86f5568a8e64cb42f536cf2af9301c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95d68d20-ce48-4bc4-a89b-d42a294520bc.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95d68d20-ce48-4bc4-a89b-d42a294520bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 077c8b656d9ac4ecba7aea40ecaa4e0c
84b9d58a1cf4174f1a55b1c3475a09d579094f19
abf13120589f3c11466a6b3f65874565a78b3a25b047b2089dafdae0cdf71c08
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95d68d20-ce48-4bc4-a89b-d42a294520bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6656
x-amzn-requestid: 623488c8-42b4-43d0-a274-f35f4e2695c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4AwH11IAMFfCw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106d1-1226750c2e9dbe517b1211e3;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Wvq8PJEuXz7Yf5QE2phHXPYPCLWzIR1MXWiJKyN84yHINqK6H_ZQrQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:21:33 GMT
etag: "84b9d58a1cf4174f1a55b1c3475a09d579094f19"
content-type: image/jpeg
age: 16513
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e6c8e9d-aef1-4772-8747-82ef7e4ceeb1.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e6c8e9d-aef1-4772-8747-82ef7e4ceeb1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fb1ea0161d261518c99909aff49e6f58
c3b915cb579b651db25442fea0bbedd0d292c0fc
d877a21abfd883a368da0136c4e56d7f590fa9e9ea09dec3675823211fe56385
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e6c8e9d-aef1-4772-8747-82ef7e4ceeb1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6110
x-amzn-requestid: 2ebf542a-dacc-472a-81c0-0c69cb1ec143
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEQAH2doAMFljA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb3ff-7173ff7941b57fa163e3cc6b;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:16:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Bo1JGLLmbH9LRrcXA4i8qVD1ilMqHxNWq1u52RhGMAdAhywK42lMPA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 01:57:38 GMT
age: 3548
etag: "c3b915cb579b651db25442fea0bbedd0d292c0fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
deals.zoomwellness.com/uikit3/js/uikit-icons.min.js
172.66.42.208200 OK 27 kB URL HTTP/2 deals.zoomwellness.com/uikit3/js/uikit-icons.min.js
IP 172.66.42.208:0
File type ASCII text, with very long lines (63910)
Hash 831eb13710c2a3a4f054591ba412ed4c
5af08111ceb028e970d64014005b9cbf47878861
35a3cc0d38a94a0d475ca23aef21df0bc109bf05405a936e4ec0a79679b4333c
GET /uikit3/js/uikit-icons.min.js HTTP/1.1
Host: deals.zoomwellness.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 02:56:46 GMT
content-type: application/javascript
last-modified: Thu, 11 Jul 2019 14:30:49 GMT
vary: Accept-Encoding,User-Agent
cache-control: max-age=14400
cf-cache-status: HIT
age: 419466
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nyPxeWMT7NX7ZS98vtUClPC7T%2Fh4OshSgW4Cgz%2FDgvppen4AD3y%2BP9JIngDYZ9nJx0kWsHqOc1pBc%2FUfEfN%2BRR%2FYmsifi4ZLI%2BIT%2FjvW5emsIUnj2rQWxBdairtDpKf%2FootE16Oyemso"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77623ad34cd50af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d44d17585c9a536c8da0e75ed90d175
9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1
6d14a5b5c43b39244434560a83a2bfea6604a4d072943b6147293b7adfd1b7b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a21d707-1bf7-4b7f-a23b-7e8f38dd40c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10164
x-amzn-requestid: a0cb7259-0a07-44f5-91cd-e96b8d9c9cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cnAPOGSnoAMFUUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c472e-799b6ee425e29fb70ff7e4ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 07:07:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5Q2LRCrEYVZz_KldQARUQ26O1mv0G7rMAPQXGkBzUnERF-WjtZPMJA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 10:23:11 GMT
age: 59615
etag: "9dc35d0f6b251004bc1ddc83aea9ee71c95aedd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg
34.120.237.76200 OK 53 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg
IP 34.120.237.76:0
File type gzip compressed data, from Unix\012- data
Hash 81c4623b1682077fa8977a2f9de87691
30afc9d9f8d8a2a020adb3b280c18f9b5e3db002
f59be309739c02e1d8ec8f85eb01e1bcc668ee866e4b0eef88629c1041233c0d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2019d3bc-b4a4-4afc-ad84-3ab33b8036ec.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10861
x-amzn-requestid: ad568a35-9eba-4c6d-a09d-97e518fbf503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4gIFN4oAMFqrw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391079a-434ca8281e48538e69e72e05;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:37:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4MrxT27cyrFqR70ofprhh4FbJAfVpKb787jT3TsH0l7BxQOf2tWh6g==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 21:51:32 GMT
age: 18314
etag: "2cad45ad8e56699db3457501cf1e488fe85d479a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 88634298e5731eecb7c4d629fc3d7d1d
2703862839fa1d733a8521de1f2699fcf7e26b80
ce75f9ddd940ab29c96f23c0aa23c23115a125cee69706d443527d49bd7d363f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=157208
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:46 GMT
Etag: "63911586-118"
Expires: Fri, 09 Dec 2022 22:36:54 GMT
Last-Modified: Wed, 07 Dec 2022 22:36:54 GMT
Server: nginx
Content-Length: 280
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
142.250.74.35200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 16740, version 1.0\012- data
Hash e43b535855a4ae53bd5b07a6eeb3bf67
6507312d9491156036316484bf8dc41e8b52ddd9
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://m.healthyhairremedy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:52:55 GMT
expires: Tue, 05 Dec 2023 18:52:55 GMT
cache-control: public, max-age=31536000
age: 201831
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
142.250.74.35200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Hash 1c6c65523675abc6fcd78e804325bd77
898d9808304dc157f5dcb18ca169ec6e2b96b3d7
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://m.healthyhairremedy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22504
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 17:14:55 GMT
expires: Wed, 06 Dec 2023 17:14:55 GMT
cache-control: public, max-age=31536000
age: 121311
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d39ldsmboekjvi.cloudfront.net/images/credit-card-icons.png
143.204.42.114200 OK 41 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/credit-card-icons.png
IP 143.204.42.114:0
File type PNG image data, 1000 x 157, 8-bit/color RGBA, non-interlaced\012- data
Hash 181466e4a7ad68649bdb69c7f05e746a
5751e3ac857fccfa96275a0696fed9dc76b477a1
ef887236c76fd7bdc9569ebcb6ef29cdc26665cf434ddbe2f53bd0a951c82e13
GET /images/credit-card-icons.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 40927
last-modified: Tue, 20 Nov 2018 17:38:17 GMT
x-amz-meta-s3b-last-modified: 20181120T173745Z
x-amz-version-id: oQuxlmnU8cmfF0JZpftczL02bDDo2VKK
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Dec 2022 00:31:28 GMT
etag: "181466e4a7ad68649bdb69c7f05e746a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XvlNlc3fpwInqzAZGncnLBNThfDFV6YIkU9dV27T6t1p9m5NH_fAmw==
age: 12295
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/images/badges/d-f.png
143.204.42.114200 OK 9.8 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/badges/d-f.png
IP 143.204.42.114:0
File type PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash f343e39e17123c807aa619b909fdf30d
62b3aa337d39e26f130a702b1190979229109911
882b1fa45cc75cfb64449064f3df638a371f299143c9945c9079f6422d202d5f
GET /images/badges/d-f.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 9832
last-modified: Fri, 10 Jun 2022 16:07:52 GMT
x-amz-version-id: cJoh1SrGbxog2W_25PAtTsADFCFVjreT
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Dec 2022 15:42:28 GMT
etag: "f343e39e17123c807aa619b909fdf30d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: AbWvxghNBy_McpEenGxfITt5HHEeQQqjQpN6fq0Hf03NRqhChd6Meg==
age: 40460
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/images/badges/gp.png
143.204.42.114200 OK 30 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/badges/gp.png
IP 143.204.42.114:0
File type PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash db932faef0f9b4f17895f0242637f204
cb7584c626bd41001f112ea47322bdc124515bec
c605bbc404f97b7cd8de456819115507d89319a844ef984bb38746aba68496b2
GET /images/badges/gp.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 29634
last-modified: Wed, 01 Jun 2022 18:13:48 GMT
x-amz-version-id: msVBPyqQwbPlvdnuU3ADvRN7EfRcpVhs
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Dec 2022 01:00:56 GMT
etag: "db932faef0f9b4f17895f0242637f204"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 54ka6NeAb5f2V8F9lLGauIzD5-Qn4FNM5EgLDDGLpYq7DK4V-9e98g==
age: 8408
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Anton|Lato|Oswald:400,500,600,700|Lora:400,400i,700,700i|Titillium+Web:900|Wendy+One
142.250.74.106200 OK 277 kB URL HTTP/2 fonts.googleapis.com/css?family=Anton|Lato|Oswald:400,500,600,700|Lora:400,400i,700,700i|Titillium+Web:900|Wendy+One
IP 142.250.74.106:0
Size 277 kB (277271 bytes)
Hash e9e9285821b4502beca06bee0487b8b9
52ed1be2f437f7e795a2bd3695391c96a6a1845d
ce418c933f9f0e7569477954938c7b4d014b73c8726cd2495bba57a6a2546d76
GET /css?family=Anton|Lato|Oswald:400,500,600,700|Lora:400,400i,700,700i|Titillium+Web:900|Wendy+One HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://d39ldsmboekjvi.cloudfront.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Dec 2022 02:56:46 GMT
date: Thu, 08 Dec 2022 02:56:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/images/badges/gmp.png
143.204.42.114200 OK 39 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/badges/gmp.png
IP 143.204.42.114:0
File type PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash b7da930c2b9d986c863d88d9a010e7bc
23db9ec69f72ef63b8bc647c8c491704aa999aaa
facde1ec12f6de29c591c513c31f739ca42ddc401def7431cb7f50cbef6f15bc
GET /images/badges/gmp.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 38923
last-modified: Thu, 17 Nov 2022 21:29:37 GMT
x-amz-version-id: GFxBehPBZxzSg8GJk.ZbT78FwR9BLFIZ
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Dec 2022 01:00:56 GMT
etag: "b7da930c2b9d986c863d88d9a010e7bc"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8I7KGNhCcJE-ZEmDiLZVuKqv3H2GlBzHEBIIBB-jl2hjkekv9fQLxw==
age: 9140
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/images/badges/wii.png
143.204.42.114200 OK 11 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/badges/wii.png
IP 143.204.42.114:0
File type PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 383b97625af6456a4c941de066979ff7
b995c77e0ace45c90049a6397590b26389b29cb4
6d1989b0f4a75ee0afc16f0e101e97bbaa8ce86997466900e3fb50f5565e9519
GET /images/badges/wii.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 11329
last-modified: Fri, 10 Jun 2022 16:07:58 GMT
x-amz-version-id: o81g8xRE0bhm43QfTs8_LIfBFNXqYzVT
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Dec 2022 06:54:11 GMT
etag: "383b97625af6456a4c941de066979ff7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: vTvMYHKJ3s-28eAKKGaQUK9FunC1QGgNF67QeSiwhtXdH6A67Letbw==
age: 72157
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/images/badges/ngmo.png
143.204.42.114200 OK 18 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/badges/ngmo.png
IP 143.204.42.114:0
File type PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash e7b7f5606aaa08ee8c8c140ec6e1deb6
c8e40c781712ca70c7b78380218581e291b03658
fadff6c7aa1f4b3e5eb19151a5912132c0ca362fcc969371e1f4b9835080b416
GET /images/badges/ngmo.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 18151
last-modified: Wed, 01 Jun 2022 18:13:49 GMT
x-amz-version-id: 4HeBB4nlCf.pHNts4ns.xVYpPcwOaC1s
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Dec 2022 06:31:33 GMT
etag: "e7b7f5606aaa08ee8c8c140ec6e1deb6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _ucv-t_G1NAuqhx-v_w46xUs_x8uHK8HWiJUyOl6wx3m_XwqZMIjbQ==
age: 73515
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/images/badges/bgf.png
143.204.42.114200 OK 13 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/badges/bgf.png
IP 143.204.42.114:0
Hash 2f004774dd03c389018b0035e67226ad
8f4a7cab73987201b7536f7de450e1ca3fe2c8ac
06e95494c63bc43f0a0cabacd1d52da23994613d6de0dd6484acb57ae0ac3a38
GET /images/badges/bgf.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 10166
last-modified: Fri, 10 Jun 2022 16:07:51 GMT
x-amz-version-id: BP_Rs4AAndKeZGxQBP_YrdM4vRrvNXxd
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Dec 2022 04:47:29 GMT
etag: "1a339f8416769bec76ea59f8dfd8471a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -VB7sfNbzjAreDJxRk9vUgoioQ1yrscOzGmWt4DzSuBiAv4U63cRHA==
age: 79759
X-Firefox-Spdy: h2
d1d9rc24g3osu3.cloudfront.net/All_Sites_Miscellaneous_Resources/cover.png
54.230.245.192200 OK 358 B URL HTTP/1.1 d1d9rc24g3osu3.cloudfront.net/All_Sites_Miscellaneous_Resources/cover.png
IP 54.230.245.192:0
File type PNG image data, 666 x 382, 8-bit colormap, non-interlaced\012- data
Hash 13910ff750192f062b2671e818dc2865
ab8479474ccc63b8900c93ab4686b1fc23e28765
067dcab543a3b7d9e0db0550eb52e7ab79844e89f3de5143920e96c1c4fb7df6
GET /All_Sites_Miscellaneous_Resources/cover.png HTTP/1.1
Host: d1d9rc24g3osu3.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 358
Connection: keep-alive
Last-Modified: Tue, 24 Apr 2018 16:09:16 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Wed, 07 Dec 2022 03:18:07 GMT
ETag: "13910ff750192f062b2671e818dc2865"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: asAVA-9bxB_VfsimUoMKw0MEYZ_5o7wacRZuVem4-2PXboZn8U1wyw==
Age: 85121
d39ldsmboekjvi.cloudfront.net/images/badges/sf.png
143.204.42.114200 OK 19 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/badges/sf.png
IP 143.204.42.114:0
File type PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash cdba5a5c9c8081173eccf3edd1065e5b
b2eeb822fdfc935af35d02938237911224a6992e
28f25590e77a2585a17ed330dae1c07855fce56fb29acf8bdd4efbf4bcf19d78
GET /images/badges/sf.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 19000
last-modified: Wed, 01 Jun 2022 18:13:50 GMT
x-amz-version-id: 6XhFonKBChxnYJwQHhXYGQ0vknIlhPth
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Dec 2022 07:44:33 GMT
etag: "cdba5a5c9c8081173eccf3edd1065e5b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: WdKHqmdrVw-WrtNm7vcDTQ8lf-YXaYLjABBmGH7UxM6TQAbjpEhCqg==
age: 69135
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/images/badges/df.png
143.204.42.114200 OK 15 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/badges/df.png
IP 143.204.42.114:0
File type PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 5b53eb8acf8f445447247b2e432ecaeb
e125613554a91699aab8c133331986f2b6c3e302
cad11d9b87d5ef82eef6ada674cb0cd929b6e0e825a851a501644bd60deb98ae
GET /images/badges/df.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 15014
last-modified: Wed, 01 Jun 2022 18:13:44 GMT
x-amz-version-id: 2ZeRxXaq.h2W2FnYOljIyXli7E1u_Iy0
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Dec 2022 06:54:11 GMT
etag: "5b53eb8acf8f445447247b2e432ecaeb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5_3Sf3E4OGOOWItSOtroJTwhGiXFK44ofn_bTBYgsRDE-NYX9BKS9A==
age: 72157
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/images/badges/nf.png
143.204.42.114200 OK 15 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/badges/nf.png
IP 143.204.42.114:0
File type PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 428a86ca4a94c3d724eadc3d98e672ce
40198c262ffd91eacf7b5eb3fbbb1f97ffea3da3
8ab0f11fbeb343ffe1b5e199c6b1941239f33d551f82aac838983c1b2bf32f6e
GET /images/badges/nf.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 15219
last-modified: Wed, 01 Jun 2022 18:13:48 GMT
x-amz-version-id: fZ8EbMs6OE0Iun4oDVfKqV8w_AM2Epwd
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Dec 2022 00:31:28 GMT
etag: "428a86ca4a94c3d724eadc3d98e672ce"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: I-7ctVjLk_DCVsDoC4dot9em1Htb2xfgdcjM36n29axupr-WjBYEDw==
age: 17111
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/images/badges/cf.png
143.204.42.114200 OK 26 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/badges/cf.png
IP 143.204.42.114:0
File type PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 7c5748cdfeb6bb7e40daeea7e7552316
e00a55b67885b974da413cc5de4cd02ed45d5fc3
b719676b2cc2533311552d341001487a87926dc37d5172deb649feae2e268dbc
GET /images/badges/cf.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 25482
last-modified: Wed, 01 Jun 2022 18:19:19 GMT
x-amz-version-id: 8YACreWI.8NTmZh21cfHnjSbIWqmhAO0
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Dec 2022 05:28:46 GMT
etag: "7c5748cdfeb6bb7e40daeea7e7552316"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DyRIJD3p3YyX8i1PJ2OjtUgsG7_p4G0K-6QpHkbtO4dua5mTXn-Npw==
age: 77282
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3041a0828d1aeb289bac655852c04bbb
e7ac7db3b4861c0c269170a4b9f9cfcc07f30647
07600c5e37975e1e64911afe5150beb53526a4c552295fec54cda73347ebd833
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5713
Cache-Control: max-age=93415
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:47 GMT
Etag: "63900605-1d7"
Expires: Fri, 09 Dec 2022 04:53:42 GMT
Last-Modified: Wed, 07 Dec 2022 03:18:29 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
d39ldsmboekjvi.cloudfront.net/images/badges/ef.png
143.204.42.114200 OK 19 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/badges/ef.png
IP 143.204.42.114:0
File type PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash e1c9a64811b4fddcc2bf795f96191e22
21d761ca6eda27c107c6273f113be080769d6cb3
0416762a5050872c5e86a140ca3d6520a2c0f7f791f23bb26e0751e7446d9d62
GET /images/badges/ef.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 19276
last-modified: Wed, 01 Jun 2022 18:13:45 GMT
x-amz-version-id: 5r.Nxfj0rQ09ps.mZhfhBmV9d2_JwDGH
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Dec 2022 02:55:22 GMT
etag: "e1c9a64811b4fddcc2bf795f96191e22"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: L8nn8vcHrgVKDwr-rRgMn86nfhzXHqk5GVyCzfS6gFVSNi9ss2jbwQ==
age: 2903
X-Firefox-Spdy: h2
amplify.outbrain.com/cp/obtp.js
2.18.173.74200 OK 5.3 kB URL HTTP/1.1 amplify.outbrain.com/cp/obtp.js
IP 2.18.173.74:0
File type ASCII text, with very long lines (16574), with no line terminators
Hash 5cdda5ed80a4ee13f700ae502f7cd4ec
0e6aa932abf3c56561a686aa3e8d069aaa3ca228
d54fc3e1792330cc768902f861f0a79ecffbfd23b8db14f354e8fcefd1c831c1
GET /cp/obtp.js HTTP/1.1
Host: amplify.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "fe80c55f1e1387116ff9765261ed192c:1669645506.686439"
Last-Modified: Mon, 28 Nov 2022 14:22:05 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=1200
Expires: Thu, 08 Dec 2022 03:16:47 GMT
Date: Thu, 08 Dec 2022 02:56:47 GMT
Content-Length: 5269
Connection: keep-alive
d39ldsmboekjvi.cloudfront.net/images/badges/bpa.png
143.204.42.114200 OK 22 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/badges/bpa.png
IP 143.204.42.114:0
File type PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 5b03d03de1fe40ad35a499ebb04bde80
1a3955e79982e828fdd3223261e462498061c214
3ef33394d38388702b5243ee6283bb8926f60f8a05ce5c8e4425360103a1dfe3
GET /images/badges/bpa.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 21977
last-modified: Wed, 01 Jun 2022 18:13:42 GMT
x-amz-version-id: 0azimArKYcCNV_S3nSzrlv1t8z9P2L9L
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Dec 2022 06:54:11 GMT
etag: "5b03d03de1fe40ad35a499ebb04bde80"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: AygXU5b6NG2D2Ks7oMNqcbr3aQzOMsKmYRVj3A9ZWp-CWP97QpTmvg==
age: 72157
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/images/logo_vitamin_angels.png
143.204.42.114200 OK 13 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/logo_vitamin_angels.png
IP 143.204.42.114:0
File type PNG image data, 519 x 518, 8-bit/color RGBA, non-interlaced\012- data
Hash 267abba3ee756561fc089a385784366c
9d442cd197817822f6589474492188a600abf978
8b4394abaeaee8b62be442b567fd9cf0759d17af0a90353962fe9e50c72daf51
GET /images/logo_vitamin_angels.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 12686
last-modified: Tue, 03 Mar 2020 18:35:37 GMT
x-amz-version-id: OuKUrtD6HwXd0PmjkmylxPJLJBcyapi.
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Dec 2022 03:39:51 GMT
etag: "267abba3ee756561fc089a385784366c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dljqYtqgaPWDZW6LhHK1zk5C2KnmBrgOqDcp3kx4NNFtAHO322CBOw==
age: 83817
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/images/vitamin-angels-vsl-lfsl.jpg
143.204.42.114200 OK 368 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/vitamin-angels-vsl-lfsl.jpg
IP 143.204.42.114:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 600x600, components 3\012- data
Size 368 kB (367952 bytes)
Hash 0d6852179e829463aa3d4f0f118e5f53
7b0098a4bd87c3c1067eddff5218ac815b933219
d28c0dd1d6d509daf8e3333f4ae83e732d9a95ee1986bed993cbed2a18e370cd
GET /images/vitamin-angels-vsl-lfsl.jpg HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 367952
last-modified: Wed, 04 Mar 2020 18:14:10 GMT
x-amz-version-id: oc2xwqc8xIVaaxoh4kVHs4xY1OdBLDGp
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Dec 2022 05:15:43 GMT
etag: "0d6852179e829463aa3d4f0f118e5f53"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 13JJ8W0USe-j0BNNGV_bRPKTJJIYyyNUw58nnGvPheo_H6dUdl2Q2Q==
age: 78065
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/unip/1270828/tfa.js
151.101.1.44200 OK 18 kB URL HTTP/2 cdn.taboola.com/libtrc/unip/1270828/tfa.js
IP 151.101.1.44:0
File type ASCII text, with very long lines (58962)
Hash 09b286ef32eaee2dfc8a97551f592a86
1462ed1d4887caaba395972c546e9d2a4733d257
bffde9306a289717d845b4a922745823c85a316c8d1070ab9ca17f07d662c870
GET /libtrc/unip/1270828/tfa.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: wOL/Jr9nS2BA7bnw9hX9iHGMrfSIkyGwqOFaNxRclPTSKpiawkCwW9HYkNyP9mck0heVkOrJSrc=
x-amz-request-id: QMWT7GYYHQZG6A2K
x-amz-replication-status: COMPLETED
last-modified: Tue, 06 Dec 2022 13:05:34 GMT
etag: "c7aaf0ab8dce43306d108f41f7e6c122"
x-amz-version-id: gzGlrDy6wiGyz6q9cuuzy4v2_tTnZEYh
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Thu, 08 Dec 2022 02:56:47 GMT
via: 1.1 varnish
age: 84
x-served-by: cache-bma1648-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670468207.172435,VS0,VE1
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 80
content-length: 18119
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash cd6dabd083ee1c237c8ea3ba38cc48d5
bbe4420bf1c0fe0d5621336865563418d2f16f39
c9314cdac13bc2ea94505f473538ab4d5c0a940dfbc2f5447e6f22a5af580572
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d39ldsmboekjvi.cloudfront.net/images/favicon.png
143.204.42.114200 OK 4.7 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/favicon.png
IP 143.204.42.114:0
File type PNG image data, 512 x 512, 8-bit colormap, non-interlaced\012- data
Hash 0ab1f879b41d8b6d06e9501c93ff5384
5a138a6cddefbfcb9c7a7dcd1e6d1a65933b3732
ed63764e0e7ad6ce136d6a42eb45061ea119225620b3bbe74e3ff531fe7672b0
GET /images/favicon.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 4650
last-modified: Mon, 18 Mar 2019 17:53:36 GMT
x-amz-version-id: OMawaqXsfXN5qFt1g7WYqGHKV0D8edsA
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Dec 2022 05:37:51 GMT
etag: "0ab1f879b41d8b6d06e9501c93ff5384"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XmIHjvKUB0CC2wbUCzXTzu4cVRL49cj7zhWHFzpxjHHHYKiDrj_Zsg==
age: 76737
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/images/testimonials_real_people_real_results.png
143.204.42.114200 OK 90 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/testimonials_real_people_real_results.png
IP 143.204.42.114:0
File type PNG image data, 774 x 70, 8-bit/color RGB, non-interlaced\012- data
Hash 56b78c68a45c2bd964a2e2df7bfaa493
024d51e8160b4bdebf7467ccd353d0bab1aafa72
b6aff7810136271105ab2c807f1e6d624a49904dee9206c41ad07ae5c5fe4f44
GET /images/testimonials_real_people_real_results.png HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 89998
last-modified: Mon, 03 May 2021 16:15:52 GMT
x-amz-version-id: Svrofxew.CxAJZiIXYwYP0EvIWvxTEWX
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Dec 2022 02:55:22 GMT
etag: "56b78c68a45c2bd964a2e2df7bfaa493"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Pu1DjIBG-vAng8z33O0N58e80kcgUrV4mojpNwdst_6ceEM9BlIk3Q==
age: 6524
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: qJfOO3I6HVbZpeEbynfWLQuewqGCe/fZUrGrHElHzmqna7g0YCJQ+RNVVsR+hqwTntI0hT+po2zcHX+uLAr4lQ==
priority: u=3,i
content-length: 27340
x-fb-trip-id: 1904183273
date: Thu, 08 Dec 2022 02:56:47 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
bat.bing.com/bat.js
204.79.197.200200 OK 12 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (39124), with no line terminators
Hash b77f77f4f821a11c0a501be8d6a19659
7bba3d65db27d7c0e050bbf2294021433221de5d
e80b6b1a2f792de4681310088abf8d9172a81ee10a54965c8eb602fae2d92319
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11472
content-type: application/javascript
content-encoding: gzip
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ranges: bytes
etag: "027e538cd8d91:0"
vary: Accept-Encoding
set-cookie: MUID=2C23ECC1892867D604B8FEB5887F665A; domain=.bing.com; expires=Tue, 02-Jan-2024 02:56:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 803A1A2FB67C435A812F53FD45F36E14 Ref B: OSL30EDGE0309 Ref C: 2022-12-08T02:56:47Z
date: Thu, 08 Dec 2022 02:56:46 GMT
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 08 Dec 2022 02:46:55 GMT
expires: Thu, 08 Dec 2022 04:46:55 GMT
cache-control: public, max-age=7200
age: 592
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3041a0828d1aeb289bac655852c04bbb
e7ac7db3b4861c0c269170a4b9f9cfcc07f30647
07600c5e37975e1e64911afe5150beb53526a4c552295fec54cda73347ebd833
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5488
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:47 GMT
Last-Modified: Thu, 08 Dec 2022 01:25:19 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash cd6dabd083ee1c237c8ea3ba38cc48d5
bbe4420bf1c0fe0d5621336865563418d2f16f39
c9314cdac13bc2ea94505f473538ab4d5c0a940dfbc2f5447e6f22a5af580572
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 505738c055c9280767cc46abf5fedef0
19d722fc6e9a6a6b2b50e94d0bef1a89d688fc9d
09a8beea9928bdc8cfe458961001aecff3da82981895fe95e6c509d3c3eb7d64
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 08 Dec 2022 02:56:46 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 20:42:57 GMT
Expires: Thu, 08 Dec 2022 20:42:57 GMT
ETag: "19d722fc6e9a6a6b2b50e94d0bef1a89d688fc9d"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
d39ldsmboekjvi.cloudfront.net/images/verified-buyer.svg
143.204.42.114200 OK 55 kB URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/verified-buyer.svg
IP 143.204.42.114:0
Hash 2bc8450d553682b4d841f5849693bcd7
6741b48e4ee3a37e50393c5088f0e857cac6cade
8eeadd8ec0cc28219a21caf6f2269cd9500b09adc4ba403348b1162ec9fe4051
GET /images/verified-buyer.svg HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Thu, 15 Apr 2021 17:56:43 GMT
x-amz-version-id: p_xHlXAtcWZ3rqhR0u8jpfTwEazkXjVf
server: AmazonS3
content-encoding: gzip
date: Wed, 07 Dec 2022 04:59:58 GMT
etag: W/"e77287b71241ba8e06b56ed233bbc0cf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: y6vn9IOa77SziRQXILMHlev_RbC-HYsoaTTh3tfk7eKkCfAvjaCDpg==
age: 79010
X-Firefox-Spdy: h2
script.hotjar.com/modules.bc0a4c72d88d266f15af.js
143.204.55.96200 OK 69 kB URL HTTP/2 script.hotjar.com/modules.bc0a4c72d88d266f15af.js
IP 143.204.55.96:0
File type Unicode text, UTF-8 text, with very long lines (48638)
Hash 2375e31c5dc0ca09d740bee5c1486c2b
d68ad5ffd79e99af40377945f2f41db8b6f00ad0
2197593e6c85391abbb9c0cba866862dc84bad91aedbe5d90d374e413504f5cb
GET /modules.bc0a4c72d88d266f15af.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 68590
date: Wed, 07 Dec 2022 14:35:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "2375e31c5dc0ca09d740bee5c1486c2b"
last-modified: Wed, 07 Dec 2022 14:34:24 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UzgKTVYK8wEWbELNO-0aNfAwiB6kt-IBXG1sCfThJ3MG4vLn5xzkkw==
age: 44501
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 391082b1c464964939852e09b07266f3
9c895dbeb1ea275054dfb440ad03ca9cc86adf8a
47547f995dbacb38330c70a127f2eaf08dc1a5ccb8e8fb331c3187823dc75fab
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:56:47 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 10:39:18 GMT
Expires: Wed, 14 Dec 2022 10:39:17 GMT
Etag: "9c895dbeb1ea275054dfb440ad03ca9cc86adf8a"
Cache-Control: max-age=545549,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77623ad72b4bb509-OSL
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 505738c055c9280767cc46abf5fedef0
19d722fc6e9a6a6b2b50e94d0bef1a89d688fc9d
09a8beea9928bdc8cfe458961001aecff3da82981895fe95e6c509d3c3eb7d64
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 08 Dec 2022 02:56:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Dec 2022 20:42:57 GMT
Expires: Thu, 08 Dec 2022 20:42:57 GMT
ETag: "19d722fc6e9a6a6b2b50e94d0bef1a89d688fc9d"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
dev.visualwebsiteoptimizer.com/7.0/va-89005e590c0ebf15682032cbfc0ab566.js
34.96.102.137200 OK 66 kB URL HTTP/2 dev.visualwebsiteoptimizer.com/7.0/va-89005e590c0ebf15682032cbfc0ab566.js
IP 34.96.102.137:0
File type ASCII text, with very long lines (62897)
Hash d4b56c09a77b4bd8656ae7bc8b9007e7
21178e6d27149c391799b9c2154cd930f00b1870
61688a5b3230493ed3cc6357f3b4404c547cdcefa5f37f422d7ba758a8ed96b2
GET /7.0/va-89005e590c0ebf15682032cbfc0ab566.js HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://m.healthyhairremedy.com
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 02:56:46 GMT
content-type: text/javascript; charset=UTF-8
content-length: 65767
last-modified: Wed, 07 Dec 2022 13:13:22 GMT
content-encoding: br
etag: "63909172-100e7"
server: gams1
vary: Accept-Encoding
cache-control: public, max-age=604800
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pro.ip-api.com/json/?fields=status,message,countryCode,regionName&key=5vWn1Ta5eS1fVrD
51.77.64.70200 OK 66 B URL HTTP/1.1 pro.ip-api.com/json/?fields=status,message,countryCode,regionName&key=5vWn1Ta5eS1fVrD
IP 51.77.64.70:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 187b25317d9dc668ae1b3791df28e465
bfa44d2b55fcf75ef4bd88559fda297ee45e2312
0b6cd5b7c92567d4117e8eaac50933cc01ffdfeaf20457fa89623c653fe8c132
GET /json/?fields=status,message,countryCode,regionName&key=5vWn1Ta5eS1fVrD HTTP/1.1
Host: pro.ip-api.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://m.healthyhairremedy.com
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
Date: Thu, 08 Dec 2022 02:56:47 GMT
Content-Length: 66
www.youtube.com/iframe_api
142.250.74.46200 OK 558 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.46:0
File type ASCII text, with very long lines (509)
Hash c7ccca6678c7279458693bb9d463947a
bae6dc1e84b5339d6b603d78c5789d6b267bee4f
015989b2f1776f82690e9791aa30c0d3b5fa392ee8e5c701c14c86278a859043
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Thu, 08 Dec 2022 02:56:47 GMT
date: Thu, 08 Dec 2022 02:56:47 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=6NcJCEUzzbM; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=Y6UgtmEfhF8; Domain=.youtube.com; Expires=Tue, 06-Jun-2023 02:56:47 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+933; expires=Sat, 07-Dec-2024 02:56:47 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 463bcaef421199f7ea4216405d409f3a
51a32bdb4a049502cc7154910c257acc5b748292
66560b89ac85ab969d7e5b602f460b18f44de66574668faed3da61dcbd12858c
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6284
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:47 GMT
Last-Modified: Thu, 08 Dec 2022 01:12:03 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 463bcaef421199f7ea4216405d409f3a
51a32bdb4a049502cc7154910c257acc5b748292
66560b89ac85ab969d7e5b602f460b18f44de66574668faed3da61dcbd12858c
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6274
Cache-Control: max-age=158463
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:47 GMT
Etag: "639101ec-1d7"
Expires: Fri, 09 Dec 2022 22:57:50 GMT
Last-Modified: Wed, 07 Dec 2022 21:13:16 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 21:48:03 GMT
expires: Fri, 01 Dec 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 536924
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 16:40:43 GMT
expires: Fri, 01 Dec 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 555364
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tr.outbrain.com/cachedClickId?marketerId=006a8dc9da81ab08022e55b61fb875da32
64.202.112.255200 OK 56 B URL HTTP/1.1 tr.outbrain.com/cachedClickId?marketerId=006a8dc9da81ab08022e55b61fb875da32
IP 64.202.112.255:0
File type ASCII text, with no line terminators
Hash 77fbe8ab311fa20557d95906363035ed
5806df80f09a37e070d5f37c49f19797c2763fd0
4fa9f4ca5bfa56b9f8467324e3654f4a717dcd40b70c05b538092d8a101b0599
GET /cachedClickId?marketerId=006a8dc9da81ab08022e55b61fb875da32 HTTP/1.1
Host: tr.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:56:47 GMT
Content-Type: application/javascript
Content-Length: 56
X-TraceId: c590d55759587cf657a90b0421e3fce3
content-encoding: gzip
tr.outbrain.com/unifiedPixel?marketerId=006a8dc9da81ab08022e55b61fb875da32&apiObjVersion=1.1&obtpVersion=2.0.5&name=PAGE_VIEW&dl=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6&optOut=false&bust=010836746774384365&referrer=
64.202.112.255200 OK 60 B URL HTTP/1.1 tr.outbrain.com/unifiedPixel?marketerId=006a8dc9da81ab08022e55b61fb875da32&apiObjVersion=1.1&obtpVersion=2.0.5&name=PAGE_VIEW&dl=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6&optOut=false&bust=010836746774384365&referrer=
IP 64.202.112.255:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash fb0fc5c090282e372b8bf8ff13ae3ee2
2de3834253ece606ce4d2a6f10a59654b6fa378b
90a8ffa59ad6227daafa10083d4cff2e9b295c9c82135b5f5cedd65b2e7c8ceb
GET /unifiedPixel?marketerId=006a8dc9da81ab08022e55b61fb875da32&apiObjVersion=1.1&obtpVersion=2.0.5&name=PAGE_VIEW&dl=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6&optOut=false&bust=010836746774384365&referrer= HTTP/1.1
Host: tr.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 02:56:47 GMT
Content-Type: image/gif;
Content-Length: 60
Cache-Control: no-cache
X-TraceId: 505eb9c0e73ccd8fb72a1166b6f8a07a
content-encoding: gzip
bat.bing.com/action/0?ti=56323860&tm=gtm002&Ver=2&mid=de4015f7-2f02-4380-9dc9-bde54908d900&sid=f4801e3076a311ed9a5329d42b6067cc&vid=f4803f3076a311ed9dbea93233215cae&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Hair%20Revital%20X%20-%20Official%20Website&p=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6&r=<=1793&evt=pageLoad&sv=1&rn=276742
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=56323860&tm=gtm002&Ver=2&mid=de4015f7-2f02-4380-9dc9-bde54908d900&sid=f4801e3076a311ed9a5329d42b6067cc&vid=f4803f3076a311ed9dbea93233215cae&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Hair%20Revital%20X%20-%20Official%20Website&p=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6&r=<=1793&evt=pageLoad&sv=1&rn=276742
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=56323860&tm=gtm002&Ver=2&mid=de4015f7-2f02-4380-9dc9-bde54908d900&sid=f4801e3076a311ed9a5329d42b6067cc&vid=f4803f3076a311ed9dbea93233215cae&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Hair%20Revital%20X%20-%20Official%20Website&p=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6&r=<=1793&evt=pageLoad&sv=1&rn=276742 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=025DEF9F5A5D6195325AFDEB5B0A6025; domain=.bing.com; expires=Tue, 02-Jan-2024 02:56:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9A642729258944DB99C44B816EC1C95D Ref B: OSL30EDGE0309 Ref C: 2022-12-08T02:56:47Z
date: Thu, 08 Dec 2022 02:56:47 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=2933385093392789&ev=PageView&dl=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6&rl=&if=false&ts=1670468207234&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670468207233.1540230663&it=1670468206773&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=2933385093392789&ev=PageView&dl=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6&rl=&if=false&ts=1670468207234&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670468207233.1540230663&it=1670468206773&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=2933385093392789&ev=PageView&dl=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6&rl=&if=false&ts=1670468207234&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670468207233.1540230663&it=1670468206773&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 08 Dec 2022 02:56:47 GMT
X-Firefox-Spdy: h2
vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
143.204.55.20200 OK 1.0 kB URL HTTP/2 vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
IP 143.204.55.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2368), with no line terminators
Hash e0652b84b7b3b650769c759fc520c3f8
0b55d6e28613350c7f41b88f19e726e6751ad03b
94b4c240f83065223dcacdd3f8b69cb229d0616edc3e2041eef3e270d859fc3d
GET /box-5e66f98b4ee957db209dc6f63e3d59dd.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1035
date: Wed, 23 Nov 2022 13:10:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "e0652b84b7b3b650769c759fc520c3f8"
last-modified: Wed, 23 Nov 2022 13:09:18 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7M-HO-KLzlsbzvtDaToBCWAGLx6uM8PpDc3Hjr99tjoXa-2jfBJ7LQ==
age: 1259201
X-Firefox-Spdy: h2
bat.bing.com/p/action/56323860.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/56323860.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/56323860.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=04AD73DB5E966B113FFE61AF5FC16ACD; domain=.bing.com; expires=Tue, 02-Jan-2024 02:56:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0918F98BDB4B41D696834499CA7BF644 Ref B: OSL30EDGE0309 Ref C: 2022-12-08T02:56:47Z
date: Thu, 08 Dec 2022 02:56:47 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-156185630-1&cid=484412214.1670468207&jid=1091345950&gjid=1233688001&_gid=1083919268.1670468207&_u=YGBACEAABAAAACABI~&z=1488927870
173.194.222.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-156185630-1&cid=484412214.1670468207&jid=1091345950&gjid=1233688001&_gid=1083919268.1670468207&_u=YGBACEAABAAAACABI~&z=1488927870
IP 173.194.222.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-156185630-1&cid=484412214.1670468207&jid=1091345950&gjid=1233688001&_gid=1083919268.1670468207&_u=YGBACEAABAAAACABI~&z=1488927870 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://m.healthyhairremedy.com
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://m.healthyhairremedy.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 08 Dec 2022 02:56:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 42bdfac4b74435a3d8add640fc703403
e1a183562d91f7cec147112026b6d9d904533ed1
4366d9c119721babbd7188548e8885917a1c011f1cf828dceef088140e8fe8c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 6d7737802f93eeb14503d61c77c137bc
fa6861c298d00f879b9f16af4f05470cecfc80af
6b1b9763bcfaeb92a63ad6020651b3745e8279c634eb3505fc9fa875e772af42
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.134200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.134:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 02:51:04 GMT
expires: Thu, 08 Dec 2022 03:06:04 GMT
cache-control: public, max-age=900
age: 344
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash f9b53af7334f7b8007c7f9fa01509e72
a657e6d9aae73ec69e35b8a91f8519ee89ec8c68
edbe2840f6fb666f01a071939662ef84b2d65c6ed85f62f65736830e51a5d687
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 08 Dec 2022 02:56:48 GMT
Etag: "6390b060-1d7"
Last-Modified: Thu, 08 Dec 2022 01:14:02 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nwhVC-Mbc8uxcEPfnnS89MAuWOS2AlYU6z_umHWrGsaI3PtK3qyUVQ==
Age: 6166
googleads.g.doubleclick.net/pagead/id
142.250.74.130302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Thu, 08 Dec 2022 02:56:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 42bdfac4b74435a3d8add640fc703403
e1a183562d91f7cec147112026b6d9d904533ed1
4366d9c119721babbd7188548e8885917a1c011f1cf828dceef088140e8fe8c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 6d7737802f93eeb14503d61c77c137bc
fa6861c298d00f879b9f16af4f05470cecfc80af
6b1b9763bcfaeb92a63ad6020651b3745e8279c634eb3505fc9fa875e772af42
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.170200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Thu, 08 Dec 2022 02:56:48 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9084a518c70ad57bb3226fb519b648fd
79348ebe6f5900a035d4d65e08a7409fd9708f15
f0c6b0f66c31aa7cb2d2808eb4c04c3681d48e731efc8cbba0f3fef1d218ce7b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.170200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.170:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 6cd26949e6da75756607a76ea0f1c9ca
148ea7fa2a20bf8cf06154825087508fed2fd150
b2248846f8c0359125e49517e522e101c8310efbc1221abeb49cf63901f2a9de
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 08 Dec 2022 02:56:48 GMT
server: ESF
cache-control: private
content-length: 31159
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/js/th/YkfklCtf3s5-_1quWHAnTHHVaBZ-i7ToAeXFpu3i2Ro.js
216.58.207.228200 OK 14 kB URL HTTP/2 www.google.com/js/th/YkfklCtf3s5-_1quWHAnTHHVaBZ-i7ToAeXFpu3i2Ro.js
IP 216.58.207.228:0
File type ASCII text, with very long lines (36162)
Hash e9bf756aa2fac02f3307febffa242635
d0da1ab271c03a49fe6499a38e6f3c34d396c5d4
12655f58f30c13fae1942aae99ace0d8e450ead33ec120b89d78fd98a279e0bb
GET /js/th/YkfklCtf3s5-_1quWHAnTHHVaBZ-i7ToAeXFpu3i2Ro.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14349
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 19:26:54 GMT
expires: Thu, 07 Dec 2023 19:26:54 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 03 Nov 2022 10:00:00 GMT
content-type: text/javascript
age: 26994
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9e83e23c9303fc167d2b23bceba4f304
cc712e67770a00bcc9901a6881f5b1cd343cf054
16378fd60ce4fb8ead3bbc313e6ae0166f68d532d40c586f8c71cb6cd1a91f50
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AMLnZu-vcx524WirtTVGLiqUQeB_Egv4bbdKjey8m3X1=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 1.9 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu-vcx524WirtTVGLiqUQeB_Egv4bbdKjey8m3X1=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 6e17d5a956e8d6fb8f2828639a152691
ca4c4c3a4bcbc10d29b213bd5302dbc0d4ad3a90
d5c741dfb91d5bf68f60d95e096b5c169eb9bed03007cb4e7fbc0cf2714b9085
GET /ytc/AMLnZu-vcx524WirtTVGLiqUQeB_Egv4bbdKjey8m3X1=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 1925
x-xss-protection: 0
date: Thu, 08 Dec 2022 00:31:35 GMT
expires: Wed, 02 Nov 2022 16:45:19 GMT
cache-control: public, max-age=86400, no-transform
age: 8713
etag: "v10"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9e83e23c9303fc167d2b23bceba4f304
cc712e67770a00bcc9901a6881f5b1cd343cf054
16378fd60ce4fb8ead3bbc313e6ae0166f68d532d40c586f8c71cb6cd1a91f50
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0fa282ae07239f0cf04503485877d681
631aa2fff49d29c46341db6540d25917b3626ef5
9020928ea0c9addf3e0a04d78db4158b54b4f29577785b5adb4cf7f2949ced17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-156185630-1&cid=484412214.1670468207&jid=1091345950&_u=YGBACEAABAAAACABI~&z=480209492
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-156185630-1&cid=484412214.1670468207&jid=1091345950&_u=YGBACEAABAAAACABI~&z=480209492
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-156185630-1&cid=484412214.1670468207&jid=1091345950&_u=YGBACEAABAAAACABI~&z=480209492 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 02:56:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0fa282ae07239f0cf04503485877d681
631aa2fff49d29c46341db6540d25917b3626ef5
9020928ea0c9addf3e0a04d78db4158b54b4f29577785b5adb4cf7f2949ced17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.170200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Thu, 08 Dec 2022 02:56:48 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.170200 OK 114 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.170:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 4fac5bd9037449aac08300fc1e486bf2
743fb754d9d5b96d11fa580a2fed67c2844ff2c0
668a45e01e94478cc1fb5f6590388feb52b097b35be005878e8016db2d9e07f8
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 892
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 08 Dec 2022 02:56:48 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 7d804c1e7c1345f1b5f4d62f7b860e2f
2fa50124c57a0d57282dd5c119a5aa8779a9882c
6243c5248752abc82c023cb2b2b46f085bbd6ec8bb3cb8a878a34aff7c6baaae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 7d804c1e7c1345f1b5f4d62f7b860e2f
2fa50124c57a0d57282dd5c119a5aa8779a9882c
6243c5248752abc82c023cb2b2b46f085bbd6ec8bb3cb8a878a34aff7c6baaae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&mh=mL&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1568750&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=video%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=70684169&dur=3420.000&lmt=1661262192672153&mt=1670467757&fvip=3&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRAIgMeniN4dR4xrue_ffs8FOHkmtc5gZv5iHmpIgb62nktMCIE8ZoY5BkrBa-Ij8Io65AG7S9FPxmAXwFGLZQOrsPf7L&alr=yes&sig=AOq0QJ8wRgIhAMWxzhB0rrNk-xw6OHEkMt59gFDzGQjvKzSkmlXPt3evAiEA3czEdAguXFl6gwFdbZlF94KjupYPpMcSflO5fzEl2a0%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&range=0-126128&rn=1&rbuf=0
91.90.45.173200 OK 1.1 kB URL HTTP/1.1 rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&mh=mL&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1568750&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=video%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=70684169&dur=3420.000&lmt=1661262192672153&mt=1670467757&fvip=3&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRAIgMeniN4dR4xrue_ffs8FOHkmtc5gZv5iHmpIgb62nktMCIE8ZoY5BkrBa-Ij8Io65AG7S9FPxmAXwFGLZQOrsPf7L&alr=yes&sig=AOq0QJ8wRgIhAMWxzhB0rrNk-xw6OHEkMt59gFDzGQjvKzSkmlXPt3evAiEA3czEdAguXFl6gwFdbZlF94KjupYPpMcSflO5fzEl2a0%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&range=0-126128&rn=1&rbuf=0
IP 91.90.45.173:0
ASN #50304 Blix Solutions AS
File type ASCII text, with very long lines (1112), with no line terminators
Hash 966e86d74fdde5af9c8584de1bf00123
489bd2838523a2cc1f2b2992832140808027b932
11fbfafee17d1eb528e9e52ff3dece849750a1357684cf38060198aa40062b3b
POST /videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&mh=mL&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1568750&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=video%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=70684169&dur=3420.000&lmt=1661262192672153&mt=1670467757&fvip=3&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRAIgMeniN4dR4xrue_ffs8FOHkmtc5gZv5iHmpIgb62nktMCIE8ZoY5BkrBa-Ij8Io65AG7S9FPxmAXwFGLZQOrsPf7L&alr=yes&sig=AOq0QJ8wRgIhAMWxzhB0rrNk-xw6OHEkMt59gFDzGQjvKzSkmlXPt3evAiEA3czEdAguXFl6gwFdbZlF94KjupYPpMcSflO5fzEl2a0%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&range=0-126128&rn=1&rbuf=0 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Thu, 08 Dec 2022 02:56:48 GMT
Expires: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 1112
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=251&source=youtube&requiressl=yes&mh=mL&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1568750&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=audio%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=59011881&dur=3420.021&lmt=1661262226909981&mt=1670467757&fvip=3&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5318224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhAN4wgpigIgPs1KJ-R-SwZvAiR3-VuwWYE7PTbL9Zmsf5AiEAqNSyjUPCAZ7PJEgEsf4DlaP3U_kL1Uu4HmF2yuyPnow%3D&alr=yes&sig=AOq0QJ8wRgIhAMAqzuK2qwD0zjQ3PT3UDg7GsOxAJ0A2jjUKSq2k15xKAiEAgoHfoKXwqYSBwGDh_3gPKV8kp3ihvYk-r6WndEjqwNo%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&range=0-71874&rn=2&rbuf=0
91.90.45.173200 OK 1.0 kB URL HTTP/1.1 rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=251&source=youtube&requiressl=yes&mh=mL&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1568750&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=audio%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=59011881&dur=3420.021&lmt=1661262226909981&mt=1670467757&fvip=3&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5318224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhAN4wgpigIgPs1KJ-R-SwZvAiR3-VuwWYE7PTbL9Zmsf5AiEAqNSyjUPCAZ7PJEgEsf4DlaP3U_kL1Uu4HmF2yuyPnow%3D&alr=yes&sig=AOq0QJ8wRgIhAMAqzuK2qwD0zjQ3PT3UDg7GsOxAJ0A2jjUKSq2k15xKAiEAgoHfoKXwqYSBwGDh_3gPKV8kp3ihvYk-r6WndEjqwNo%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&range=0-71874&rn=2&rbuf=0
IP 91.90.45.173:0
ASN #50304 Blix Solutions AS
File type ASCII text, with very long lines (1030), with no line terminators
Hash eb106e5a34711df64093085ad78b74f9
ea992d5fff364afc9bdb38848e58d38d62b32e41
cac37667c1963637127a70030160b1abad18e0ad2cc0beea13f5f8f62e279b77
POST /videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=251&source=youtube&requiressl=yes&mh=mL&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1568750&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=audio%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=59011881&dur=3420.021&lmt=1661262226909981&mt=1670467757&fvip=3&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5318224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhAN4wgpigIgPs1KJ-R-SwZvAiR3-VuwWYE7PTbL9Zmsf5AiEAqNSyjUPCAZ7PJEgEsf4DlaP3U_kL1Uu4HmF2yuyPnow%3D&alr=yes&sig=AOq0QJ8wRgIhAMAqzuK2qwD0zjQ3PT3UDg7GsOxAJ0A2jjUKSq2k15xKAiEAgoHfoKXwqYSBwGDh_3gPKV8kp3ihvYk-r6WndEjqwNo%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&range=0-71874&rn=2&rbuf=0 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Thu, 08 Dec 2022 02:56:48 GMT
Expires: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 1030
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 7d804c1e7c1345f1b5f4d62f7b860e2f
2fa50124c57a0d57282dd5c119a5aa8779a9882c
6243c5248752abc82c023cb2b2b46f085bbd6ec8bb3cb8a878a34aff7c6baaae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 2e85bb840dddc518b096b076dc7c7a0c
0df63cdf100b337c786baaa44bd096dd3d89cb94
b12fd81d3812a25c20634c1ea91e3f343f5030a561a4cb30e6348f9565e0b0f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 2e85bb840dddc518b096b076dc7c7a0c
0df63cdf100b337c786baaa44bd096dd3d89cb94
b12fd81d3812a25c20634c1ea91e3f343f5030a561a4cb30e6348f9565e0b0f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr3---sn-5go7ynl6.googlevideo.com/videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=video%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=70684169&dur=3420.000&lmt=1661262192672153&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAMWxzhB0rrNk-xw6OHEkMt59gFDzGQjvKzSkmlXPt3evAiEA3czEdAguXFl6gwFdbZlF94KjupYPpMcSflO5fzEl2a0%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=mL&mm=29&mn=sn-5go7ynl6&ms=rdu&mt=1670467998&mv=m&mvi=3&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhALiUsRYgFb2F1AIBA-rZD3TfxLg-9oe6TZYocX-eLZvkAiA89IWB7hG0Vxg8u1IH0EpWCludMg1V4rlFVhJi9JJJ9Q%3D%3D&range=0-126128&rn=3&rbuf=0&pot=D3C8ag3tUvdccIc5BL1sR_5_Md0r62lZ7z93JHj3AlNiYom_fYu7vZyurnvY-WhWrJXWd4i-rSQXy_LkB5cFLJkoPJaCtlmO43yTwzKbSM6j1ivrolgqu_hpgv_nyTma7B1YrG3-H_Q=
74.125.111.40200 OK 126 kB URL HTTP/1.1 rr3---sn-5go7ynl6.googlevideo.com/videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=video%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=70684169&dur=3420.000&lmt=1661262192672153&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAMWxzhB0rrNk-xw6OHEkMt59gFDzGQjvKzSkmlXPt3evAiEA3czEdAguXFl6gwFdbZlF94KjupYPpMcSflO5fzEl2a0%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=mL&mm=29&mn=sn-5go7ynl6&ms=rdu&mt=1670467998&mv=m&mvi=3&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhALiUsRYgFb2F1AIBA-rZD3TfxLg-9oe6TZYocX-eLZvkAiA89IWB7hG0Vxg8u1IH0EpWCludMg1V4rlFVhJi9JJJ9Q%3D%3D&range=0-126128&rn=3&rbuf=0&pot=D3C8ag3tUvdccIc5BL1sR_5_Md0r62lZ7z93JHj3AlNiYom_fYu7vZyurnvY-WhWrJXWd4i-rSQXy_LkB5cFLJkoPJaCtlmO43yTwzKbSM6j1ivrolgqu_hpgv_nyTma7B1YrG3-H_Q=
IP 74.125.111.40:0
File type WebM\012- EBML file, creator webmB\20\012- data
Size 126 kB (126129 bytes)
Hash b5485f37aaf64b507d2e81c57e36790a
725376a59b6248b8c26cf014950b26f57058d737
daaee9ac09737f8325501a0a1a22768fb43f2eb7ea6822a2bc5a64326de17aff
POST /videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=video%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=70684169&dur=3420.000&lmt=1661262192672153&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAMWxzhB0rrNk-xw6OHEkMt59gFDzGQjvKzSkmlXPt3evAiEA3czEdAguXFl6gwFdbZlF94KjupYPpMcSflO5fzEl2a0%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=mL&mm=29&mn=sn-5go7ynl6&ms=rdu&mt=1670467998&mv=m&mvi=3&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhALiUsRYgFb2F1AIBA-rZD3TfxLg-9oe6TZYocX-eLZvkAiA89IWB7hG0Vxg8u1IH0EpWCludMg1V4rlFVhJi9JJJ9Q%3D%3D&range=0-126128&rn=3&rbuf=0&pot=D3C8ag3tUvdccIc5BL1sR_5_Md0r62lZ7z93JHj3AlNiYom_fYu7vZyurnvY-WhWrJXWd4i-rSQXy_LkB5cFLJkoPJaCtlmO43yTwzKbSM6j1ivrolgqu_hpgv_nyTma7B1YrG3-H_Q= HTTP/1.1
Host: rr3---sn-5go7ynl6.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Tue, 23 Aug 2022 13:43:12 GMT
Content-Type: video/webm
Date: Thu, 08 Dec 2022 02:56:48 GMT
Expires: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 126129
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
rr3---sn-5go7ynl6.googlevideo.com/videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=251&source=youtube&requiressl=yes&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=audio%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=59011881&dur=3420.021&lmt=1661262226909981&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=5318224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAMAqzuK2qwD0zjQ3PT3UDg7GsOxAJ0A2jjUKSq2k15xKAiEAgoHfoKXwqYSBwGDh_3gPKV8kp3ihvYk-r6WndEjqwNo%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=mL&mm=29&mn=sn-5go7ynl6&ms=rdu&mt=1670467998&mv=m&mvi=3&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAK24P1fzwPPT8EcnTiWmMSBjD-2VXGpD2NNNsfFGgGMvAiEA0YGpWHTklxXBHhJeQXtOFlAZoFDa0LBoYhAdB0wjLQo%3D&range=0-71874&rn=4&rbuf=0&pot=D3C8ag3tUvdccIc5BL1sR_5_Md0r62lZ7z93JHj3AlNiYom_fYu7vZyurnvY-WhWrJXWd4i-rSQXy_LkB5cFLJkoPJaCtlmO43yTwzKbSM6j1ivrolgqu_hpgv_nyTma7B1YrG3-H_Q=
74.125.111.40200 OK 72 kB URL HTTP/1.1 rr3---sn-5go7ynl6.googlevideo.com/videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=251&source=youtube&requiressl=yes&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=audio%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=59011881&dur=3420.021&lmt=1661262226909981&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=5318224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAMAqzuK2qwD0zjQ3PT3UDg7GsOxAJ0A2jjUKSq2k15xKAiEAgoHfoKXwqYSBwGDh_3gPKV8kp3ihvYk-r6WndEjqwNo%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=mL&mm=29&mn=sn-5go7ynl6&ms=rdu&mt=1670467998&mv=m&mvi=3&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAK24P1fzwPPT8EcnTiWmMSBjD-2VXGpD2NNNsfFGgGMvAiEA0YGpWHTklxXBHhJeQXtOFlAZoFDa0LBoYhAdB0wjLQo%3D&range=0-71874&rn=4&rbuf=0&pot=D3C8ag3tUvdccIc5BL1sR_5_Md0r62lZ7z93JHj3AlNiYom_fYu7vZyurnvY-WhWrJXWd4i-rSQXy_LkB5cFLJkoPJaCtlmO43yTwzKbSM6j1ivrolgqu_hpgv_nyTma7B1YrG3-H_Q=
IP 74.125.111.40:0
File type WebM\012- EBML file, creator webmB\20\012- data
Hash 0fc3a42b95d7929e991f9ba4d981fba8
53f554169472e380b37a61e4c8c9a9461bbb85c3
5464edb8bb89e93f040e4b740fdaddc2105cf4d7dbab7ed756a763387b72b841
POST /videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=251&source=youtube&requiressl=yes&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=audio%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=59011881&dur=3420.021&lmt=1661262226909981&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=5318224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAMAqzuK2qwD0zjQ3PT3UDg7GsOxAJ0A2jjUKSq2k15xKAiEAgoHfoKXwqYSBwGDh_3gPKV8kp3ihvYk-r6WndEjqwNo%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=mL&mm=29&mn=sn-5go7ynl6&ms=rdu&mt=1670467998&mv=m&mvi=3&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAK24P1fzwPPT8EcnTiWmMSBjD-2VXGpD2NNNsfFGgGMvAiEA0YGpWHTklxXBHhJeQXtOFlAZoFDa0LBoYhAdB0wjLQo%3D&range=0-71874&rn=4&rbuf=0&pot=D3C8ag3tUvdccIc5BL1sR_5_Md0r62lZ7z93JHj3AlNiYom_fYu7vZyurnvY-WhWrJXWd4i-rSQXy_LkB5cFLJkoPJaCtlmO43yTwzKbSM6j1ivrolgqu_hpgv_nyTma7B1YrG3-H_Q= HTTP/1.1
Host: rr3---sn-5go7ynl6.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Tue, 23 Aug 2022 13:43:46 GMT
Content-Type: audio/webm
Date: Thu, 08 Dec 2022 02:56:48 GMT
Expires: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 71875
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 2e85bb840dddc518b096b076dc7c7a0c
0df63cdf100b337c786baaa44bd096dd3d89cb94
b12fd81d3812a25c20634c1ea91e3f343f5030a561a4cb30e6348f9565e0b0f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 02:56:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr2---sn-5hnekn7k.googlevideo.com/videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=247&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=video%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=190140871&dur=3420.000&lmt=1661262487759546&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAN_zz_Nu7Nx0lioTMu5NumQegAPYlI4ufrz7E_5eezkpAiEA6dzUJwmiA1pm2hheUVibGXY9gUrsqISW7MpymfAloKY%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&cm2rm=sn-capm-vnae7l,sn-5golr7s&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=mL&mm=34&mn=sn-5hnekn7k&ms=ltu&mt=1670467969&mv=m&mvi=2&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgWLqLM8axy_JpoEdCVWaQoPCTFykRuuTpU8M_H1nDZN4CIQDQGv9xB-PHdPCPwpbb5cUWYE8iAP27jFpyu0n3hPmncg%3D%3D&range=0-11717&rn=9&rbuf=0&pot=D3C8ag3tUvdccIc5BL1sR_5_Md0r62lZ7z93JHj3AlNiYom_fYu7vZyurnvY-WhWrJXWd4i-rSQXy_LkB5cFLJkoPJaCtlmO43yTwzKbSM6j1ivrolgqu_hpgv_nyTma7B1YrG3-H_Q=
209.85.226.71200 OK 12 kB URL HTTP/1.1 rr2---sn-5hnekn7k.googlevideo.com/videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=247&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=video%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=190140871&dur=3420.000&lmt=1661262487759546&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAN_zz_Nu7Nx0lioTMu5NumQegAPYlI4ufrz7E_5eezkpAiEA6dzUJwmiA1pm2hheUVibGXY9gUrsqISW7MpymfAloKY%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&cm2rm=sn-capm-vnae7l,sn-5golr7s&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=mL&mm=34&mn=sn-5hnekn7k&ms=ltu&mt=1670467969&mv=m&mvi=2&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgWLqLM8axy_JpoEdCVWaQoPCTFykRuuTpU8M_H1nDZN4CIQDQGv9xB-PHdPCPwpbb5cUWYE8iAP27jFpyu0n3hPmncg%3D%3D&range=0-11717&rn=9&rbuf=0&pot=D3C8ag3tUvdccIc5BL1sR_5_Md0r62lZ7z93JHj3AlNiYom_fYu7vZyurnvY-WhWrJXWd4i-rSQXy_LkB5cFLJkoPJaCtlmO43yTwzKbSM6j1ivrolgqu_hpgv_nyTma7B1YrG3-H_Q=
IP 209.85.226.71:0
File type WebM\012- EBML file, creator webmB\20\012- data
Hash c4812c811decb3a79eb668e5cc0e4fa3
12e72162f55c8c70a4079c5c1e5ebbd85adaecfa
9afb2df89276913f980dba3071cac8ab185571ee4a8bc0b271129aad3b41fbb6
POST /videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=247&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=video%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=190140871&dur=3420.000&lmt=1661262487759546&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAN_zz_Nu7Nx0lioTMu5NumQegAPYlI4ufrz7E_5eezkpAiEA6dzUJwmiA1pm2hheUVibGXY9gUrsqISW7MpymfAloKY%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&cm2rm=sn-capm-vnae7l,sn-5golr7s&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=mL&mm=34&mn=sn-5hnekn7k&ms=ltu&mt=1670467969&mv=m&mvi=2&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgWLqLM8axy_JpoEdCVWaQoPCTFykRuuTpU8M_H1nDZN4CIQDQGv9xB-PHdPCPwpbb5cUWYE8iAP27jFpyu0n3hPmncg%3D%3D&range=0-11717&rn=9&rbuf=0&pot=D3C8ag3tUvdccIc5BL1sR_5_Md0r62lZ7z93JHj3AlNiYom_fYu7vZyurnvY-WhWrJXWd4i-rSQXy_LkB5cFLJkoPJaCtlmO43yTwzKbSM6j1ivrolgqu_hpgv_nyTma7B1YrG3-H_Q= HTTP/1.1
Host: rr2---sn-5hnekn7k.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Tue, 23 Aug 2022 13:48:07 GMT
Content-Type: video/webm
Date: Thu, 08 Dec 2022 02:56:49 GMT
Expires: Thu, 08 Dec 2022 02:56:49 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 11718
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
rr2---sn-5hnekn7k.googlevideo.com/videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=247&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=video%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=190140871&dur=3420.000&lmt=1661262487759546&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAN_zz_Nu7Nx0lioTMu5NumQegAPYlI4ufrz7E_5eezkpAiEA6dzUJwmiA1pm2hheUVibGXY9gUrsqISW7MpymfAloKY%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&cm2rm=sn-capm-vnae7l,sn-5golr7s&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=mL&mm=34&mn=sn-5hnekn7k&ms=ltu&mt=1670467969&mv=m&mvi=2&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgWLqLM8axy_JpoEdCVWaQoPCTFykRuuTpU8M_H1nDZN4CIQDQGv9xB-PHdPCPwpbb5cUWYE8iAP27jFpyu0n3hPmncg%3D%3D&range=725361-2670632&rn=13&rbuf=10634&pot=D3C8ag3tUvdccIc5BL1sR_5_Md0r62lZ7z93JHj3AlNiYom_fYu7vZyurnvY-WhWrJXWd4i-rSQXy_LkB5cFLJkoPJaCtlmO43yTwzKbSM6j1ivrolgqu_hpgv_nyTma7B1YrG3-H_Q=
209.85.226.71200 OK 1.9 MB URL HTTP/1.1 rr2---sn-5hnekn7k.googlevideo.com/videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=247&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=video%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=190140871&dur=3420.000&lmt=1661262487759546&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAN_zz_Nu7Nx0lioTMu5NumQegAPYlI4ufrz7E_5eezkpAiEA6dzUJwmiA1pm2hheUVibGXY9gUrsqISW7MpymfAloKY%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&cm2rm=sn-capm-vnae7l,sn-5golr7s&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=mL&mm=34&mn=sn-5hnekn7k&ms=ltu&mt=1670467969&mv=m&mvi=2&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgWLqLM8axy_JpoEdCVWaQoPCTFykRuuTpU8M_H1nDZN4CIQDQGv9xB-PHdPCPwpbb5cUWYE8iAP27jFpyu0n3hPmncg%3D%3D&range=725361-2670632&rn=13&rbuf=10634&pot=D3C8ag3tUvdccIc5BL1sR_5_Md0r62lZ7z93JHj3AlNiYom_fYu7vZyurnvY-WhWrJXWd4i-rSQXy_LkB5cFLJkoPJaCtlmO43yTwzKbSM6j1ivrolgqu_hpgv_nyTma7B1YrG3-H_Q=
IP 209.85.226.71:0
Size 1.9 MB (1945272 bytes)
Hash c9e180f8babf98f05447aeb901f3c478
b674401a4944c58cbbedacedf496210524052f8c
28d26b689378809351385e5475798c434fdedd3bdca2a19c7fb0c42414a0f061
POST /videoplayback?expire=1670489808&ei=cFKRY47NCpr5yQXVmJmwDw&ip=91.90.42.154&id=o-AKzem_p6C8do8APSxCQei8Q3BW2O7D-_6e3RsIWsLq4k&itag=247&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=SFxXNuBQDUnvvcyyWff9lwsNDGrhwG4&vprv=1&mime=video%2Fwebm&ns=C4UFwWz6OdtxJtwNqcBBI8QJ&gir=yes&clen=190140871&dur=3420.000&lmt=1661262487759546&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=5319224&n=ebPbnc_LwikqGQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAN_zz_Nu7Nx0lioTMu5NumQegAPYlI4ufrz7E_5eezkpAiEA6dzUJwmiA1pm2hheUVibGXY9gUrsqISW7MpymfAloKY%3D&cpn=hfhGI0ZloAsW2gVK&cver=1.20221204.00.00&cm2rm=sn-capm-vnae7l,sn-5golr7s&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=mL&mm=34&mn=sn-5hnekn7k&ms=ltu&mt=1670467969&mv=m&mvi=2&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgWLqLM8axy_JpoEdCVWaQoPCTFykRuuTpU8M_H1nDZN4CIQDQGv9xB-PHdPCPwpbb5cUWYE8iAP27jFpyu0n3hPmncg%3D%3D&range=725361-2670632&rn=13&rbuf=10634&pot=D3C8ag3tUvdccIc5BL1sR_5_Md0r62lZ7z93JHj3AlNiYom_fYu7vZyurnvY-WhWrJXWd4i-rSQXy_LkB5cFLJkoPJaCtlmO43yTwzKbSM6j1ivrolgqu_hpgv_nyTma7B1YrG3-H_Q= HTTP/1.1
Host: rr2---sn-5hnekn7k.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Tue, 23 Aug 2022 13:48:07 GMT
Content-Type: video/webm
Date: Thu, 08 Dec 2022 02:56:49 GMT
Expires: Thu, 08 Dec 2022 02:56:49 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 1945272
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
trc-events.taboola.com/1270828/log/3/unip?en=pre_d_eng_tb&tos=2041&scd=55&ssd=1&est=1670468206739&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1670468208781&vi=1670468206735&ri=92f9cc9cae1634a83e6709eedde131b9&ref=null&cv=20221206-9-RELEASE&item-url=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/1270828/log/3/unip?en=pre_d_eng_tb&tos=2041&scd=55&ssd=1&est=1670468206739&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1670468208781&vi=1670468206735&ri=92f9cc9cae1634a83e6709eedde131b9&ref=null&cv=20221206-9-RELEASE&item-url=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1270828/log/3/unip?en=pre_d_eng_tb&tos=2041&scd=55&ssd=1&est=1670468206739&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1670468208781&vi=1670468206735&ri=92f9cc9cae1634a83e6709eedde131b9&ref=null&cv=20221206-9-RELEASE&item-url=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://m.healthyhairremedy.com
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 08 Dec 2022 02:56:49 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://m.healthyhairremedy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
trc-events.taboola.com/1270828/log/3/unip?en=pre_d_eng_tb&tos=5043&scd=55&ssd=1&est=1670468206739&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1670468211784&vi=1670468206735&ri=92f9cc9cae1634a83e6709eedde131b9&ref=null&cv=20221206-9-RELEASE&item-url=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/1270828/log/3/unip?en=pre_d_eng_tb&tos=5043&scd=55&ssd=1&est=1670468206739&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1670468211784&vi=1670468206735&ri=92f9cc9cae1634a83e6709eedde131b9&ref=null&cv=20221206-9-RELEASE&item-url=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1270828/log/3/unip?en=pre_d_eng_tb&tos=5043&scd=55&ssd=1&est=1670468206739&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1670468211784&vi=1670468206735&ri=92f9cc9cae1634a83e6709eedde131b9&ref=null&cv=20221206-9-RELEASE&item-url=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://m.healthyhairremedy.com
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 08 Dec 2022 02:56:52 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://m.healthyhairremedy.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8011441-85ad-4414-9c3d-7ae1b86acd3f.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8011441-85ad-4414-9c3d-7ae1b86acd3f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dc3cc57336eca8e3d0e307bbd970b90e
cd3fffde0e1ab3cdd48b1fd969dbc7cb77daaf6e
9aae742b419b8b6d2371c3e2082d15a8974f530230367e82b6aa7961e41919c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8011441-85ad-4414-9c3d-7ae1b86acd3f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6926
x-amzn-requestid: ef7f28d4-3d5e-40ad-89f8-77817630530e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctERRH3ToAMFylg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb407-42738f8437edfc5440ae59e7;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:16:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: c_-xjk5YlgjsKQG_Jd-YL3G4bGYCBiOZvg-1IP-0sxbNgtI9ZgHpcg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 03:37:11 GMT
age: 83982
etag: "cd3fffde0e1ab3cdd48b1fd969dbc7cb77daaf6e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
in.hotjar.com/api/v2/client/sites/1423778/visit-data?sv=6
63.35.111.165200 OK 0 B URL HTTP/2 in.hotjar.com/api/v2/client/sites/1423778/visit-data?sv=6
IP 63.35.111.165:0
POST /api/v2/client/sites/1423778/visit-data?sv=6 HTTP/1.1
Host: in.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 112
Origin: https://m.healthyhairremedy.com
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 02:56:48 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/css/tailwind_uikit3.min.css
143.204.42.114200 OK 0 B URL HTTP/2 d39ldsmboekjvi.cloudfront.net/css/tailwind_uikit3.min.css
IP 143.204.42.114:0
GET /css/tailwind_uikit3.min.css HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 21 Apr 2020 16:13:28 GMT
x-amz-version-id: KeDkbqQzvYXdEa66hJuFRoU4QbMmHZ6P
server: AmazonS3
content-encoding: gzip
date: Thu, 08 Dec 2022 02:56:46 GMT
etag: W/"faa719f72d0e066c91662959cd3373dd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -yfJfo5NSH1IAAGdJFpdrVWfa_qtllCa7Gy2fUMSt4XEge599WhwCQ==
age: 6391
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/images/icon_shipping.svg
143.204.42.114200 OK 0 B URL HTTP/2 d39ldsmboekjvi.cloudfront.net/images/icon_shipping.svg
IP 143.204.42.114:0
GET /images/icon_shipping.svg HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Thu, 19 Mar 2020 18:29:29 GMT
x-amz-version-id: X2Q2e70sp3gR3zTR8tiFG1ISgO.1VAGK
server: AmazonS3
content-encoding: gzip
date: Wed, 07 Dec 2022 09:05:00 GMT
etag: W/"15375e040410dcaf82328249fd5de261"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PQtn0VNZjhQvN_FuLhkKX7z91DE380YHr3NAVC5jk7lRhIyD-RuIPQ==
age: 64308
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-1423778.js?sv=6
143.204.55.54200 OK 0 B URL HTTP/2 static.hotjar.com/c/hotjar-1423778.js?sv=6
IP 143.204.55.54:0
GET /c/hotjar-1423778.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 02:56:47 GMT
cache-control: max-age=60
etag: W/932ff27499e177ce9e23e00b4ddc0a53
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KbxEt0EWuhVqa_oH7X8Ez9_lySMH5wNXKOElq7KBPOu-WGd5NvOPPA==
X-Firefox-Spdy: h2
m.healthyhairremedy.com/?tid=1022de546b275ba18331241f2da3d6
172.67.165.138302 Found 0 B URL HTTP/2 m.healthyhairremedy.com/?tid=1022de546b275ba18331241f2da3d6
IP 172.67.165.138:0
Analyzer Verdict Alert fortinet Phishing
GET /?tid=1022de546b275ba18331241f2da3d6 HTTP/1.1
Host: m.healthyhairremedy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Thu, 08 Dec 2022 02:56:46 GMT
content-type: text/html; charset=UTF-8
set-cookie: tid=1022de546b275ba18331241f2da3d6; path=/; secure
PHPSESSID=087779d46391818cf4a14c0911ee24c8; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
location: /v2/?tid=1022de546b275ba18331241f2da3d6
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BAOWIlhz%2F9eaJv8tb1shaAUcaBKTzgc%2Fhw7Pz5llLG2R4PcErbM%2BVRIqczgc2mf3pRuNil8J%2BUvlVD1Nz5dv9HdHPf4gj94%2FTg9xyqOIguld2JRQ72OC%2Fj0d1peYrwb3kYP3f8B93x7tBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77623acdcff10b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
zenithlabs.xyz/_testimonials/js/script.js
172.67.214.64200 OK 0 B URL HTTP/2 zenithlabs.xyz/_testimonials/js/script.js
IP 172.67.214.64:0
GET /_testimonials/js/script.js HTTP/1.1
Host: zenithlabs.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 02:56:46 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Thu, 15 Dec 2022 02:56:46 GMT
last-modified: Mon, 27 Sep 2021 19:23:32 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=keeZ7hurNau%2B8hNgPx%2F7gF2mSCNcyONqH9HSSPTjAPrxvD3bCaRMV5PgEShpRDFZbB1JE1UJQsDDI1iT9E9F4jGdzHgxNg1%2FbQ7Rp7LZ7GeEHd5oIpjjXlMttyX5gH%2BW8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77623ad3281a0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dev.visualwebsiteoptimizer.com/j.php?a=231917&u=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6&f=1&r=0.3979731444091382
34.96.102.137200 OK 0 B URL HTTP/2 dev.visualwebsiteoptimizer.com/j.php?a=231917&u=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6&f=1&r=0.3979731444091382
IP 34.96.102.137:0
GET /j.php?a=231917&u=https%3A%2F%2Fm.healthyhairremedy.com%2Fv2%2F%3Ftid%3D1022de546b275ba18331241f2da3d6&f=1&r=0.3979731444091382 HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 02:56:46 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=0, no-cache, must-revalidate
etag: W/"1670418812"
server: gams1
timing-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
d39ldsmboekjvi.cloudfront.net/css/global.css
143.204.42.114200 OK 0 B URL HTTP/2 d39ldsmboekjvi.cloudfront.net/css/global.css
IP 143.204.42.114:0
GET /css/global.css HTTP/1.1
Host: d39ldsmboekjvi.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.healthyhairremedy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
last-modified: Mon, 21 Nov 2022 23:03:28 GMT
x-amz-version-id: Ryn86_7zx09YjFdUirirwN1FP1FYxPzK
server: AmazonS3
content-encoding: gzip
date: Wed, 07 Dec 2022 06:54:12 GMT
etag: W/"21d28e3976a3784f5ac7900b22857747"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: psmTgGg5qNK4TDmYoriq8AGx33Q4Cl0iG684UbRcjSOoqiEwRrr8iA==
age: 72155
X-Firefox-Spdy: h2
zenithlabs.xyz/_testimonials/view/?site_id=12
172.67.214.64200 OK 0 B URL HTTP/2 zenithlabs.xyz/_testimonials/view/?site_id=12
IP 172.67.214.64:0
GET /_testimonials/view/?site_id=12 HTTP/1.1
Host: zenithlabs.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://m.healthyhairremedy.com/
Origin: https://m.healthyhairremedy.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 02:56:47 GMT
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-max-age: 3600
access-control-allow-headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J7d5xRSHVELEbU6JAxjMTh4RJ7DE5HtRGWwvd5Tt3uUlWiR%2FBnLTJBC4BCKOlOi1UZF9HS%2F%2BH6Bk0NVFj9aC1WS2t32aA4n3%2FLjOhZFQLiob5F82%2FwPDQLiTBvUpfKPamA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77623ad55e8fb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2