click.diet-health-food.com/?t=c&ids=NTU3MjMwNzIw__MTQ4MTc=__NDUzMDA3NDM=__NjYz__828&url=aHR0cHMlM0ElMkYlMkZlbWRsdnIuY29tJTJGb2oyeg==
170.187.185.18301 Moved Permanently 356 B URL HTTP/1.1 click.diet-health-food.com/?t=c&ids=NTU3MjMwNzIw__MTQ4MTc=__NDUzMDA3NDM=__NjYz__828&url=aHR0cHMlM0ElMkYlMkZlbWRsdnIuY29tJTJGb2oyeg==
IP 170.187.185.18:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b2d56fca8a9eddeae1b093d377e80af8
48e17c7628f17d1351cc7328c6bd0a54bfd08606
51dde8b82e5352bb4f9106e9c17822eb18b4ab8c56a2c1228dbc20357cb023b5
GET /?t=c&ids=NTU3MjMwNzIw__MTQ4MTc=__NDUzMDA3NDM=__NjYz__828&url=aHR0cHMlM0ElMkYlMkZlbWRsdnIuY29tJTJGb2oyeg== HTTP/1.1
Host: click.diet-health-food.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 07:02:38 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 356
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Security-Policy: upgrade-insecure-requests
Location: https://click.diet-health-food.com/?t=c&ids=NTU3MjMwNzIw__MTQ4MTc=__NDUzMDA3NDM=__NjYz__828&url=aHR0cHMlM0ElMkYlMkZlbWRsdnIuY29tJTJGb2oyeg==
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21269
Expires: Wed, 25 Jan 2023 12:57:07 GMT
Date: Wed, 25 Jan 2023 07:02:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 04512fea22644dc0d22c3f3a665f6645
0e213646abfc6d9560ba562362fd9e9115be8354
124d9534f75506b8e8c7535ee7295ac4e6cf5a8249a0edac6940839e56043181
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "124D9534F75506B8E8C7535EE7295AC4E6CF5A8249A0EDAC6940839E56043181"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4425
Expires: Wed, 25 Jan 2023 08:16:23 GMT
Date: Wed, 25 Jan 2023 07:02:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 49049f3c92aad686cd7ff28ecd2a5a4f
9cc2bc9c055450dbc4fae93eabe4ef8509b3ff57
02cf421968192286bb174ff0e6c818a843c4eca61a02cd493e6f95bb58a37015
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CF421968192286BB174FF0E6C818A843C4ECA61A02CD493E6F95BB58A37015"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17306
Expires: Wed, 25 Jan 2023 11:51:04 GMT
Date: Wed, 25 Jan 2023 07:02:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 25 Jan 2023 06:35:11 GMT
content-type: application/json
age: 1647
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WfF56uTxeK77qU25psZVZTf6nK6AtDNKHGgufFQdn0qiZqGLoqEfryinzgsqNpAdoYwvYuN+4AY=
x-amz-request-id: YB64E92W96G5F80F
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 25 Jan 2023 06:19:34 GMT
age: 2584
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 07:02:38 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b089233a9ee5cc401346517d75bf331b
e45be30a2b7107b9bf54a0f6c572fb22df806d18
8d8f23a9c9374ea374953ba15de935db677ef6122afb9d42641b3b61ce345636
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8D8F23A9C9374EA374953BA15DE935DB677EF6122AFB9D42641B3B61CE345636"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 25 Jan 2023 13:02:38 GMT
Date: Wed, 25 Jan 2023 07:02:38 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 25 Jan 2023 06:41:40 GMT
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
age: 1259
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c398b6b39d11d25b8ae9bc5cd94a1c98
640aa8c399ced71d0c2a9f5a90fbaf091b01d642
a6f07f7c6a4746acc25457c726701df33120628dfb578bc4982448d8efee5855
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6F07F7C6A4746ACC25457C726701DF33120628DFB578BC4982448D8EFEE5855"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3834
Expires: Wed, 25 Jan 2023 08:06:33 GMT
Date: Wed, 25 Jan 2023 07:02:39 GMT
Connection: keep-alive
push.services.mozilla.com/
54.213.151.148101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.213.151.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: opS5Y4QXwGf7kUt3mIQ0jQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: f+Dn3BRrmjgbIYRSD3prwUNhw/0=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 78ed7b7d814d987601b30851546309b5
12a653dabfd738fef99fad2295eec55e4651bc7c
a55164c954f0255d6d360ac0fac8b4598f8e0e01ec646105eed2e9b0abf5e2bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-5GP5762
142.250.74.168200 OK 48 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5GP5762
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash c45e2038eba00ea360f0a1a0eb8a42fc
2786e599aac2019be46af28ff836cadc3d5c7ffd
09a7a8fc800a645f17d91e437396d1febf605567748eba4fb6c66936066c8c17
GET /gtm.js?id=GTM-5GP5762 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therestolin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 25 Jan 2023 07:02:39 GMT
expires: Wed, 25 Jan 2023 07:02:39 GMT
cache-control: private, max-age=900
last-modified: Wed, 25 Jan 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 48010
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 78ed7b7d814d987601b30851546309b5
12a653dabfd738fef99fad2295eec55e4651bc7c
a55164c954f0255d6d360ac0fac8b4598f8e0e01ec646105eed2e9b0abf5e2bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googleoptimize.com/optimize.js?id=OPT-P7QHBH2
142.250.74.174200 OK 44 kB URL HTTP/2 www.googleoptimize.com/optimize.js?id=OPT-P7QHBH2
IP 142.250.74.174:0
File type ASCII text, with very long lines (1759)
Hash 2330c8f396f26b89be8bf3a3b5ee6726
eca6baf1d99e33e2e0e4eac902ab2c974931459a
e0ec8245269d5058941288a7d76cc60bbc702bf9f5de9862758fc5d933aec6d2
GET /optimize.js?id=OPT-P7QHBH2 HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therestolin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 25 Jan 2023 07:02:39 GMT
expires: Wed, 25 Jan 2023 07:02:39 GMT
cache-control: private, max-age=900
last-modified: Wed, 25 Jan 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44314
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 47d71bf163265666c21e2410fb568043
54a4b0f241af261f878967ce058f5885be476cc4
8b7ce4c8269941cf55ca12415b1abfd7d4ae7bf5823657f3afe5e8dd34bed80b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/oembed?url=http://www.youtube.com/watch?v=n_ztCR7TT6s&format=json
142.250.74.46200 OK 25 kB URL HTTP/2 www.youtube.com/oembed?url=http://www.youtube.com/watch?v=n_ztCR7TT6s&format=json
IP 142.250.74.46:0
Hash 25850ff548d6ca61e98a8002c5b3fe24
76582e04ad6a090ab609edc8735692b14b12bb63
f42e697631fceeb18e8f37a87875dbcf100bc623399a9852c3557d5a17650319
GET /oembed?url=http://www.youtube.com/watch?v=n_ztCR7TT6s&format=json HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://therestolin.com
Connection: keep-alive
Referer: https://therestolin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Wed, 25 Jan 2023 07:02:40 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 406
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://therestolin.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 47d71bf163265666c21e2410fb568043
54a4b0f241af261f878967ce058f5885be476cc4
8b7ce4c8269941cf55ca12415b1abfd7d4ae7bf5823657f3afe5e8dd34bed80b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 34c6c87358e04f2487a4fcb466d2ad17
2e99bb20b81b80930471f736676e4dd3a093a9cd
db58d2601ad2308da96f8998b9b5e39c3c48b910c0f141230a757b9985b536fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 34c6c87358e04f2487a4fcb466d2ad17
2e99bb20b81b80930471f736676e4dd3a093a9cd
db58d2601ad2308da96f8998b9b5e39c3c48b910c0f141230a757b9985b536fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-165628114-6&cid=594553705.1674630158&jid=1645431751&gjid=1538066719&_gid=86665955.1674630159&_u=YADAAEAAQAAAACAAI~&z=1591667129
209.85.233.154200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-165628114-6&cid=594553705.1674630158&jid=1645431751&gjid=1538066719&_gid=86665955.1674630159&_u=YADAAEAAQAAAACAAI~&z=1591667129
IP 209.85.233.154:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-165628114-6&cid=594553705.1674630158&jid=1645431751&gjid=1538066719&_gid=86665955.1674630159&_u=YADAAEAAQAAAACAAI~&z=1591667129 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://therestolin.com
Connection: keep-alive
Referer: https://therestolin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://therestolin.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 25 Jan 2023 07:02:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-9KZM1E116M>m=2oe1n0&_p=1697292394&cid=594553705.1674630158&ul=en-us&sr=1280x1024&_s=1&sid=1674630158&sct=1&seg=0&dl=https%3A%2F%2Ftherestolin.com%2Fvideo.php%3Faff_id%3D5154%26subid%3Dmw1gia0124restolin&dr=https%3A%2F%2Femdlvr.com%2F&dt=Restolin%20-%20Video%20Presentation&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-9KZM1E116M>m=2oe1n0&_p=1697292394&cid=594553705.1674630158&ul=en-us&sr=1280x1024&_s=1&sid=1674630158&sct=1&seg=0&dl=https%3A%2F%2Ftherestolin.com%2Fvideo.php%3Faff_id%3D5154%26subid%3Dmw1gia0124restolin&dr=https%3A%2F%2Femdlvr.com%2F&dt=Restolin%20-%20Video%20Presentation&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-9KZM1E116M>m=2oe1n0&_p=1697292394&cid=594553705.1674630158&ul=en-us&sr=1280x1024&_s=1&sid=1674630158&sct=1&seg=0&dl=https%3A%2F%2Ftherestolin.com%2Fvideo.php%3Faff_id%3D5154%26subid%3Dmw1gia0124restolin&dr=https%3A%2F%2Femdlvr.com%2F&dt=Restolin%20-%20Video%20Presentation&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://therestolin.com
Connection: keep-alive
Referer: https://therestolin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://therestolin.com
date: Wed, 25 Jan 2023 07:02:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-194057059-2&cid=594553705.1674630158&jid=116222825&gjid=971302872&_gid=86665955.1674630159&_u=aADAAEABQAAAACAAI~&z=274213680
209.85.233.154200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-194057059-2&cid=594553705.1674630158&jid=116222825&gjid=971302872&_gid=86665955.1674630159&_u=aADAAEABQAAAACAAI~&z=274213680
IP 209.85.233.154:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-194057059-2&cid=594553705.1674630158&jid=116222825&gjid=971302872&_gid=86665955.1674630159&_u=aADAAEABQAAAACAAI~&z=274213680 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://therestolin.com
Connection: keep-alive
Referer: https://therestolin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://therestolin.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 25 Jan 2023 07:02:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11129
Expires: Wed, 25 Jan 2023 10:08:09 GMT
Date: Wed, 25 Jan 2023 07:02:40 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11129
Expires: Wed, 25 Jan 2023 10:08:09 GMT
Date: Wed, 25 Jan 2023 07:02:40 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11129
Expires: Wed, 25 Jan 2023 10:08:09 GMT
Date: Wed, 25 Jan 2023 07:02:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2130ca0-4287-4def-9d97-00fdb518ced4.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2130ca0-4287-4def-9d97-00fdb518ced4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6254fc1aaa5fbb1d87114b5b28d52c40
8d7bd3af0b9bfc3d3eb2751cb1ba211169eaefe8
866e0b364026754b2a88d73da5ccabf5b5df59fb75bc60b3aa5c66e8322ee764
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2130ca0-4287-4def-9d97-00fdb518ced4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7691
x-amzn-requestid: ee5858ec-ae6b-4a83-81f0-84903bea9786
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLP5HGwRIAMF2Lw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdf9d3-1b9f899e1d9e9ba67adbeeac;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:06:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 59rOv8-DhAIGQx240tISV3X6FskvU33S-4LVzv8fP45qQilEpp2VwQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 05:10:17 GMT
age: 6743
etag: "8d7bd3af0b9bfc3d3eb2751cb1ba211169eaefe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07f8fda5-486e-4c4b-82f2-d763219f4562.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07f8fda5-486e-4c4b-82f2-d763219f4562.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6fa8338e574e2b8272ad3ca7cd9d1d63
298cafecdcac99de25fe5c2c4c993487f73ced6b
f75c20ebc4c0db2df40d958337cd87768714bdf53a48609ad0f97b7129b0b100
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07f8fda5-486e-4c4b-82f2-d763219f4562.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6715
x-amzn-requestid: c808c9d9-bbbb-43ff-ab15-33074a760093
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e4BO5En_oAMFTzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c648c5-67151eb46f5a10b0732fbd09;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 07:05:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0pvebF903zoRPgzBK2gxMlcYQTurylOzzCfOO07hYCG5aD7wX_fl9g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 09:51:11 GMT
age: 76289
etag: "298cafecdcac99de25fe5c2c4c993487f73ced6b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11129
Expires: Wed, 25 Jan 2023 10:08:09 GMT
Date: Wed, 25 Jan 2023 07:02:40 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 34c6c87358e04f2487a4fcb466d2ad17
2e99bb20b81b80930471f736676e4dd3a093a9cd
db58d2601ad2308da96f8998b9b5e39c3c48b910c0f141230a757b9985b536fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f7aba17-803f-412c-8ef7-0959b52f87cc.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f7aba17-803f-412c-8ef7-0959b52f87cc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13891ffe8a0cc240be63b7945e4b7688
958b50e9e7e5e02882d55612a5d6d2402e225390
1570d69731ba13051454a048ac85bde7c1de8e39dea0fd78e7e5c3f2be122cb6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f7aba17-803f-412c-8ef7-0959b52f87cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9650
x-amzn-requestid: 3b968ee5-c941-4305-9f06-01e646deef15
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fH88wEUmoAMFerw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cca851-061f65177f36420a4685f372;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 03:06:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xfiiS5M5j8iYKMyopaVqwYV6KKB1VIWT_yQbEKZ9G1wuq2QUEyDBpA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 03:10:29 GMT
age: 13931
etag: "958b50e9e7e5e02882d55612a5d6d2402e225390"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd57136f3-3a32-4cb9-be6a-29e47e59a6f9.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd57136f3-3a32-4cb9-be6a-29e47e59a6f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24a73392615d623dc852bdab43c9f133
3a5ac9f9831aa4c735d335e7d24e9ccc5e1ee0d4
edc11bdc8b40a513dc62b32f7eff0ba1f80db27208bd80bd16235da3c369157b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd57136f3-3a32-4cb9-be6a-29e47e59a6f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5732
x-amzn-requestid: d59f1165-e5c8-4a43-a7be-32f0d9ef2ff1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fFK9EFNjIAMF5hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb8b86-1f8d46827f84aa3119e4195c;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 06:51:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x0-Cy2E3bQp52z6h4jB6wQ4xAEM5vuuVBPc4A6ZNfv_zbgBsbWDbtA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 15:21:30 GMT
age: 56470
etag: "3a5ac9f9831aa4c735d335e7d24e9ccc5e1ee0d4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c2ede8d-ac50-4d79-98d8-53ba683ea9fe.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c2ede8d-ac50-4d79-98d8-53ba683ea9fe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03ba93e6c29fb268712e33228fa5ee38
2528a659d067ce39b31d5d8a0a9943e313a4caa6
2a3dfcbafd31bfc0cc653f9f43cfa98206334551b8ab76e9ab6d20338c8d6e1c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c2ede8d-ac50-4d79-98d8-53ba683ea9fe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9864
x-amzn-requestid: dd368937-de20-4e2a-82e3-e82bc20a806c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e4AtgGu3oAMFaoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c647ef-7efe789a5411c14a74ec327a;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 07:02:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8MAwoNj7febyP2pH8bDcDTVBP3RLzRKpSqkG_A4L0G9i_-s64YVuJw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 14:55:46 GMT
age: 58014
etag: "2528a659d067ce39b31d5d8a0a9943e313a4caa6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4cb7be12333fa7ea3353901b4b3215af
4b758cc432874384f330568177eef5a328d7e69a
d6f86c0ddbabd5c4fd7cee72ce4da62ccddd9d29139c9ab033bb1ab8425bae22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11918
x-amzn-requestid: df7df0ae-d70e-4b80-9483-2ecd5c8ee4a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fEqvPEXMoAMF5Aw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb57fa-04193e0514c1c1e85d9d023b;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 03:11:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fznabMNG3n9Uo4L1jrrewtL_hJnQv8oR2qggeZtruvOLVzpUpcs7Tw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 03:59:34 GMT
age: 10986
etag: "4b758cc432874384f330568177eef5a328d7e69a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
vdlvry.com/statics/statics.js
188.114.96.1200 OK 123 kB URL HTTP/2 vdlvry.com/statics/statics.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (6377)
Size 123 kB (123371 bytes)
Hash 38174564da975325bb59fa777b9e4142
6a0effd7a63d8c5b7f00f9f8af0f3014a01e7ba8
adac4bc9e364c195759af50373190e4babb73a13da106ecaabf94d7c6cb00996
GET /statics/statics.js HTTP/1.1
Host: vdlvry.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therestolin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 07:02:39 GMT
content-type: text/javascript
cf-bgj: minify
cf-polished: origSize=42271
etag: W/"c37445f495a5a241209082d3c834d24b"
last-modified: Fri, 20 Jan 2023 14:14:37 GMT
x-amz-id-2: 3qhgFqT1Qpvowrz6icVrQZIDk+zWuf2aaGo8aHGW1bMFcMNeNhlynw1cwG/d+BV+twwdZttLjxE=
x-amz-request-id: KCKWMC4M4866GP7E
cache-control: max-age=14400
cf-cache-status: HIT
age: 406053
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9iQZikfgFyi86sN%2ByrLMVEsgECgF3g4N8PsU%2BOQnJHZi5LN8e0u3JvFhRNKmp7H3DkZeaxolLko2TdB%2BFqBmtNn83nF6z6M%2FtmNBIm3Az6p9Ld3YcB9x0ICcDmIL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ef250289acb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3e7fdf1ab4be9ee80518d0400683f0d3
dd2ec6511ba05e7fb89d32a1ad407db5eaa1520b
eb789178a0b528aad87a5bf0d05aecd45e7623ebaf198820f9310887757e1d5f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
click.diet-health-food.com/?t=c&ids=NTU3MjMwNzIw__MTQ4MTc=__NDUzMDA3NDM=__NjYz__828&url=aHR0cHMlM0ElMkYlMkZlbWRsdnIuY29tJTJGb2oyeg==
170.187.185.18200 OK 611 kB URL HTTP/2 click.diet-health-food.com/?t=c&ids=NTU3MjMwNzIw__MTQ4MTc=__NDUzMDA3NDM=__NjYz__828&url=aHR0cHMlM0ElMkYlMkZlbWRsdnIuY29tJTJGb2oyeg==
IP 170.187.185.18:0
Size 611 kB (611332 bytes)
Hash aff05154f03297a273aa5f6cad4d6350
742c628abf6f84b4fde98c684cb377be90db9792
b9572e60bc5a54967ec99488a4a25a5e04ae8c4266dc2a5a6ad235a5523dba0f
GET /?t=c&ids=NTU3MjMwNzIw__MTQ4MTc=__NDUzMDA3NDM=__NjYz__828&url=aHR0cHMlM0ElMkYlMkZlbWRsdnIuY29tJTJGb2oyeg== HTTP/1.1
Host: click.diet-health-food.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 07:02:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3e7fdf1ab4be9ee80518d0400683f0d3
dd2ec6511ba05e7fb89d32a1ad407db5eaa1520b
eb789178a0b528aad87a5bf0d05aecd45e7623ebaf198820f9310887757e1d5f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Jan 2023 21:48:03 GMT
expires: Fri, 19 Jan 2024 21:48:03 GMT
cache-control: public, max-age=31536000
age: 465278
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Jan 2023 16:40:43 GMT
expires: Fri, 19 Jan 2024 16:40:43 GMT
cache-control: public, max-age=31536000
age: 483718
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e42c4bc3eb1dde3e47013119de155096
ee735e961b5844018da0625bfd2476ab70500926
689f2b20a0cac8f0b3ad9fcc34ffb152ab8e935a0fb322d8e9fcb21f1a0ae151
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/id
142.250.74.162302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Wed, 25 Jan 2023 07:02:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.doubleclick.net/instream/ad_status.js
142.250.74.102200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.102:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 06:51:35 GMT
expires: Wed, 25 Jan 2023 07:06:35 GMT
cache-control: public, max-age=900
age: 666
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e42c4bc3eb1dde3e47013119de155096
ee735e961b5844018da0625bfd2476ab70500926
689f2b20a0cac8f0b3ad9fcc34ffb152ab8e935a0fb322d8e9fcb21f1a0ae151
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1005c9e99dc8d4390861d6730c7a403b
0e3858ae26a1c01e0160e3b60e400bea202ebd05
4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1005c9e99dc8d4390861d6730c7a403b
0e3858ae26a1c01e0160e3b60e400bea202ebd05
4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tracking.buygoods.com/track/?a=6681&firstcookie=0&referrer=https%3A%2F%2Femdlvr.com%2F&product=1,2,3&sessid2=&caller_url=https%3A%2F%2Ftherestolin.com%2Fvideo.php%3Faff_id%3D5154%26subid%3Dmw1gia0124restolin
172.66.43.22200 OK 38 kB URL HTTP/2 tracking.buygoods.com/track/?a=6681&firstcookie=0&referrer=https%3A%2F%2Femdlvr.com%2F&product=1,2,3&sessid2=&caller_url=https%3A%2F%2Ftherestolin.com%2Fvideo.php%3Faff_id%3D5154%26subid%3Dmw1gia0124restolin
IP 172.66.43.22:0
File type ASCII text, with very long lines (572), with CRLF line terminators
Hash ee4567107d417dc8a9a22c152929d23f
a0043dbb1d4451188f0e18bc5bb81588c89b4977
6ea1c780f55aca0ede0cae4389e14b99a6aa571ed6f89d1246acb0178d832282
GET /track/?a=6681&firstcookie=0&referrer=https%3A%2F%2Femdlvr.com%2F&product=1,2,3&sessid2=&caller_url=https%3A%2F%2Ftherestolin.com%2Fvideo.php%3Faff_id%3D5154%26subid%3Dmw1gia0124restolin HTTP/1.1
Host: tracking.buygoods.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therestolin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 07:02:40 GMT
content-type: application/javascript
p3p: CP="CAO COR CURa ADMa DEVa OUR IND ONL COM DEM PRE"
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Tue, Jan 12 1999 01:01:01 GMT
set-cookie: spiaffid_6681=5154; expires=Tue, 25-Apr-2023 07:02:40 GMT; Max-Age=7776000; path=/; domain=.buygoods.com
spisubid_6681=mw1gia0124restolin; expires=Tue, 25-Apr-2023 07:02:40 GMT; Max-Age=7776000; path=/; domain=.buygoods.com
spicampaign_id_6681=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.buygoods.com
spireferrer_6681=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.buygoods.com
spireferrer_6681=91.90.42.154:emdlvr.com:therestolin.com%2Fvideo; expires=Tue, 25-Apr-2023 07:02:40 GMT; Max-Age=7776000; path=/; domain=.buygoods.com
spisessid2_6681=sessid20230125070212495; expires=Tue, 25-Apr-2023 07:02:40 GMT; Max-Age=7776000; path=/; domain=.buygoods.com
spi_funnel_codename_6681=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.buygoods.com
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 78ef2504af8db505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.211.10200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.211.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Wed, 25 Jan 2023 07:02:41 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cc2b9a26cf016c0cf9e73531f6004051
408990c14ea8af4c979a277da755c89771672356
36e955bd017c3febc7623ad388bb260757294ca612b94ae5417de6cc04073a82
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/hMfiIRZZaMzaAz5FYaI1FR-xuNlC9MpkqGZdkT5mV6Q.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/hMfiIRZZaMzaAz5FYaI1FR-xuNlC9MpkqGZdkT5mV6Q.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (36392)
Hash 224f0c569b57002328a0d93922ad4f85
49f653f477e53d804034c7daf3f6ff850693ea48
367eb30e42b960d0cf60b3bd0f2dd41b61101f15285358dffeb2309b428533a0
GET /js/th/hMfiIRZZaMzaAz5FYaI1FR-xuNlC9MpkqGZdkT5mV6Q.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14417
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Jan 2023 08:00:10 GMT
expires: Mon, 22 Jan 2024 08:00:10 GMT
cache-control: public, max-age=31536000
age: 255751
last-modified: Tue, 03 Jan 2023 15:00:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 93af086c11908f25c43c0bd730ca1fd1
75f2cbb9c6d8aeb54145293cafa5404cc3489389
7169b0c49ea8e410f5ec7fb0fd01d0df35251e52057612bfcdff4b88e81b12f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.211.10200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.211.10:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 7b73e1f219fe522448ccde733a776e5e
d0d0be56c05f6080cfc20dbc53df99db23f1ce35
13903b9ab003222b6ff1a41a2d88ee8c296b9aa982f440b740e615b661f3c2e3
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Wed, 25 Jan 2023 07:02:41 GMT
server: ESF
cache-control: private
content-length: 31201
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
yt3.ggpht.com/ytc/AL5GRJUQaGIFDLqUCTWsUaCtWArd4K6vIjtriB9TIcE39KPdnist9X2H8HGs_qpcsdBK=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 967 B URL HTTP/2 yt3.ggpht.com/ytc/AL5GRJUQaGIFDLqUCTWsUaCtWArd4K6vIjtriB9TIcE39KPdnist9X2H8HGs_qpcsdBK=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, components 3\012- data
Hash d5669edf5537eeaa798657e7501c6d34
2515f16dd1a62ee0f8801b0336084c9bbbafe4b6
286a81d27bf48d4a5ff7cb36b8d80e2062c2d8c6be67ebb8fc012826dc804c29
GET /ytc/AL5GRJUQaGIFDLqUCTWsUaCtWArd4K6vIjtriB9TIcE39KPdnist9X2H8HGs_qpcsdBK=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 967
x-xss-protection: 0
date: Wed, 25 Jan 2023 06:13:35 GMT
expires: Thu, 26 Jan 2023 06:13:35 GMT
cache-control: public, max-age=86400, no-transform
content-type: image/jpeg
age: 2946
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1005c9e99dc8d4390861d6730c7a403b
0e3858ae26a1c01e0160e3b60e400bea202ebd05
4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 93af086c11908f25c43c0bd730ca1fd1
75f2cbb9c6d8aeb54145293cafa5404cc3489389
7169b0c49ea8e410f5ec7fb0fd01d0df35251e52057612bfcdff4b88e81b12f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.211.10200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.211.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Wed, 25 Jan 2023 07:02:41 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.211.10200 OK 110 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.211.10:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 3430a225e98c2ecac0851b031ec300fc
fca0e9ac62034405e3a13a43e4ce5c963dcb2ca1
285758e41aa5bceab629c4faf98793c85aa450a349a7a5bfdac95ef09f98a8fc
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1159
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Wed, 25 Jan 2023 07:02:41 GMT
server: ESF
cache-control: private
content-length: 110
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 90a16761cdfd9164f6c03bf9af507b33
ee0545b7aaa0a1b6b080cc23809b7e849982a664
5dd9e75ceeb43db70a47d43e769dc91527e1082eb5a28c127b26fc2253dc0dd3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 90a16761cdfd9164f6c03bf9af507b33
ee0545b7aaa0a1b6b080cc23809b7e849982a664
5dd9e75ceeb43db70a47d43e769dc91527e1082eb5a28c127b26fc2253dc0dd3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1674651761&ei=EdTQY5fgK6OIyAX4mamIDw&ip=91.90.42.154&id=o-ABGSg7LxTCAATu4FNMIUekDGbyBFJzpDT0qoVmC_z0an&itag=244&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&mh=Du&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynld&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1322500&spc=H3gIhnZufJQpZ8Nu9S64BP4fzeymOig&vprv=1&mime=video%2Fwebm&ns=U3xxM7rO9ZH8MJFhOsMiq8AL&gir=yes&clen=171309397&dur=3767.137&lmt=1622994084330396&mt=1674629819&fvip=3&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5432434&n=niSXW4gdJ_rb2Q&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAOtu6owYtcH98FpWAN1hgS3vX0S3pYrFgzVkK6OKuiIMAiA4nILloAB4QzivuvKom0ZMe8kt4tMYUL9Pz78ewpmXeQ%3D%3D&alr=yes&sig=AOq0QJ8wRgIhAPaafdnKaSdvJGcp7FYstJ6dotg2Y9Nn0HCkP3oIWxVnAiEA7faf38DlS-rqxDaohGpmdIw02IKfJ3NemNu-z09PDn0%3D&cpn=IHTybt55LJQYXzRL&cver=1.20230111.01.00&range=0-203842&rn=1&rbuf=0
91.90.45.173200 OK 1.1 kB URL HTTP/1.1 rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1674651761&ei=EdTQY5fgK6OIyAX4mamIDw&ip=91.90.42.154&id=o-ABGSg7LxTCAATu4FNMIUekDGbyBFJzpDT0qoVmC_z0an&itag=244&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&mh=Du&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynld&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1322500&spc=H3gIhnZufJQpZ8Nu9S64BP4fzeymOig&vprv=1&mime=video%2Fwebm&ns=U3xxM7rO9ZH8MJFhOsMiq8AL&gir=yes&clen=171309397&dur=3767.137&lmt=1622994084330396&mt=1674629819&fvip=3&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5432434&n=niSXW4gdJ_rb2Q&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAOtu6owYtcH98FpWAN1hgS3vX0S3pYrFgzVkK6OKuiIMAiA4nILloAB4QzivuvKom0ZMe8kt4tMYUL9Pz78ewpmXeQ%3D%3D&alr=yes&sig=AOq0QJ8wRgIhAPaafdnKaSdvJGcp7FYstJ6dotg2Y9Nn0HCkP3oIWxVnAiEA7faf38DlS-rqxDaohGpmdIw02IKfJ3NemNu-z09PDn0%3D&cpn=IHTybt55LJQYXzRL&cver=1.20230111.01.00&range=0-203842&rn=1&rbuf=0
IP 91.90.45.173:0
ASN #50304 Blix Solutions AS
File type ASCII text, with very long lines (1104), with no line terminators
Hash 54286862bf1cd252ff642914afb07025
6afc3c781381cb5d6899bcb0a265f4a986131eda
97d59efe5e6b5079fa9e150044016f86a804799fb148b339c8036ea89724649b
POST /videoplayback?expire=1674651761&ei=EdTQY5fgK6OIyAX4mamIDw&ip=91.90.42.154&id=o-ABGSg7LxTCAATu4FNMIUekDGbyBFJzpDT0qoVmC_z0an&itag=244&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&mh=Du&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynld&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1322500&spc=H3gIhnZufJQpZ8Nu9S64BP4fzeymOig&vprv=1&mime=video%2Fwebm&ns=U3xxM7rO9ZH8MJFhOsMiq8AL&gir=yes&clen=171309397&dur=3767.137&lmt=1622994084330396&mt=1674629819&fvip=3&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5432434&n=niSXW4gdJ_rb2Q&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAOtu6owYtcH98FpWAN1hgS3vX0S3pYrFgzVkK6OKuiIMAiA4nILloAB4QzivuvKom0ZMe8kt4tMYUL9Pz78ewpmXeQ%3D%3D&alr=yes&sig=AOq0QJ8wRgIhAPaafdnKaSdvJGcp7FYstJ6dotg2Y9Nn0HCkP3oIWxVnAiEA7faf38DlS-rqxDaohGpmdIw02IKfJ3NemNu-z09PDn0%3D&cpn=IHTybt55LJQYXzRL&cver=1.20230111.01.00&range=0-203842&rn=1&rbuf=0 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Wed, 25 Jan 2023 07:02:42 GMT
Expires: Wed, 25 Jan 2023 07:02:42 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 1104
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1674651761&ei=EdTQY5fgK6OIyAX4mamIDw&ip=91.90.42.154&id=o-ABGSg7LxTCAATu4FNMIUekDGbyBFJzpDT0qoVmC_z0an&itag=251&source=youtube&requiressl=yes&mh=Du&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynld&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1322500&spc=H3gIhnZufJQpZ8Nu9S64BP4fzeymOig&vprv=1&mime=audio%2Fwebm&ns=U3xxM7rO9ZH8MJFhOsMiq8AL&gir=yes&clen=69283349&dur=3767.161&lmt=1622994040313449&mt=1674629819&fvip=3&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5432434&n=niSXW4gdJ_rb2Q&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIgPuCFKphELTtO44NOVaWKryD642y4z17XohiXEmRVRPUCIQD72CCVvBrxXqJoXyj9UFjaxTh6BHs-ami5XINZ5I0hsA%3D%3D&alr=yes&sig=AOq0QJ8wRQIgYjBhSOl8LbHfY8YsMODi-P1fq-ilkqJbPN5mGzgAB9YCIQDg1IfuiYjMZSAbSCbZ97gaL-H_DwnMRSRWUnnUto_VYg%3D%3D&cpn=IHTybt55LJQYXzRL&cver=1.20230111.01.00&range=0-72492&rn=2&rbuf=0
91.90.45.173200 OK 1.0 kB URL HTTP/1.1 rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1674651761&ei=EdTQY5fgK6OIyAX4mamIDw&ip=91.90.42.154&id=o-ABGSg7LxTCAATu4FNMIUekDGbyBFJzpDT0qoVmC_z0an&itag=251&source=youtube&requiressl=yes&mh=Du&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynld&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1322500&spc=H3gIhnZufJQpZ8Nu9S64BP4fzeymOig&vprv=1&mime=audio%2Fwebm&ns=U3xxM7rO9ZH8MJFhOsMiq8AL&gir=yes&clen=69283349&dur=3767.161&lmt=1622994040313449&mt=1674629819&fvip=3&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5432434&n=niSXW4gdJ_rb2Q&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIgPuCFKphELTtO44NOVaWKryD642y4z17XohiXEmRVRPUCIQD72CCVvBrxXqJoXyj9UFjaxTh6BHs-ami5XINZ5I0hsA%3D%3D&alr=yes&sig=AOq0QJ8wRQIgYjBhSOl8LbHfY8YsMODi-P1fq-ilkqJbPN5mGzgAB9YCIQDg1IfuiYjMZSAbSCbZ97gaL-H_DwnMRSRWUnnUto_VYg%3D%3D&cpn=IHTybt55LJQYXzRL&cver=1.20230111.01.00&range=0-72492&rn=2&rbuf=0
IP 91.90.45.173:0
ASN #50304 Blix Solutions AS
File type ASCII text, with very long lines (1023), with no line terminators
Hash 61773c5aae0a2a719b7c8f7159cd61a0
faa1bc9de00063a7154a004834f07513785ab9e1
4e7876a849747f6d6551e26d91c2a548295820ee6bf5b4bfe3d48665f63771fa
POST /videoplayback?expire=1674651761&ei=EdTQY5fgK6OIyAX4mamIDw&ip=91.90.42.154&id=o-ABGSg7LxTCAATu4FNMIUekDGbyBFJzpDT0qoVmC_z0an&itag=251&source=youtube&requiressl=yes&mh=Du&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynld&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1322500&spc=H3gIhnZufJQpZ8Nu9S64BP4fzeymOig&vprv=1&mime=audio%2Fwebm&ns=U3xxM7rO9ZH8MJFhOsMiq8AL&gir=yes&clen=69283349&dur=3767.161&lmt=1622994040313449&mt=1674629819&fvip=3&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5432434&n=niSXW4gdJ_rb2Q&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIgPuCFKphELTtO44NOVaWKryD642y4z17XohiXEmRVRPUCIQD72CCVvBrxXqJoXyj9UFjaxTh6BHs-ami5XINZ5I0hsA%3D%3D&alr=yes&sig=AOq0QJ8wRQIgYjBhSOl8LbHfY8YsMODi-P1fq-ilkqJbPN5mGzgAB9YCIQDg1IfuiYjMZSAbSCbZ97gaL-H_DwnMRSRWUnnUto_VYg%3D%3D&cpn=IHTybt55LJQYXzRL&cver=1.20230111.01.00&range=0-72492&rn=2&rbuf=0 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Wed, 25 Jan 2023 07:02:42 GMT
Expires: Wed, 25 Jan 2023 07:02:42 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 1023
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 90a16761cdfd9164f6c03bf9af507b33
ee0545b7aaa0a1b6b080cc23809b7e849982a664
5dd9e75ceeb43db70a47d43e769dc91527e1082eb5a28c127b26fc2253dc0dd3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6c548b859c03eb6b16820da8b5ac46f6
d650d43bef2a3b2c9d9d70eaa0d2921fef7141e4
686978b332353db565f316ecd476cf99fcdf953eea374ecb51ee4cefad96f0b4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6c548b859c03eb6b16820da8b5ac46f6
d650d43bef2a3b2c9d9d70eaa0d2921fef7141e4
686978b332353db565f316ecd476cf99fcdf953eea374ecb51ee4cefad96f0b4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr3---sn-5go7ynld.googlevideo.com/videoplayback?expire=1674651761&ei=EdTQY5fgK6OIyAX4mamIDw&ip=91.90.42.154&id=o-ABGSg7LxTCAATu4FNMIUekDGbyBFJzpDT0qoVmC_z0an&itag=251&source=youtube&requiressl=yes&spc=H3gIhnZufJQpZ8Nu9S64BP4fzeymOig&vprv=1&mime=audio%2Fwebm&ns=U3xxM7rO9ZH8MJFhOsMiq8AL&gir=yes&clen=69283349&dur=3767.161&lmt=1622994040313449&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5432434&n=niSXW4gdJ_rb2Q&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRQIgYjBhSOl8LbHfY8YsMODi-P1fq-ilkqJbPN5mGzgAB9YCIQDg1IfuiYjMZSAbSCbZ97gaL-H_DwnMRSRWUnnUto_VYg%3D%3D&cpn=IHTybt55LJQYXzRL&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Du&mm=29&mn=sn-5go7ynld&ms=rdu&mt=1674630069&mv=m&mvi=3&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAKQBFD2q2YdluJcH11VyJWv9x3basyPVBo_jPeh0knjjAiEAiksHFbWyE060FKhuJAENvd6V1rxO1wwHFn_Juv8mtSE%3D&range=0-72492&rn=3&rbuf=0&pot=Dz60dXOqP3UrPozIv4PkWEjg78QSXHKcMWofhk4Lz2i-aRdiTLyeUPNTRFk0ZD6pJj_oqkg9R7Kfy6XNvVsNuzpgocwsoE9YxXsNDVrrg24Bml4A94KMO0tWHDW8mow5tXZQr8o=
74.125.111.72200 OK 72 kB URL HTTP/1.1 rr3---sn-5go7ynld.googlevideo.com/videoplayback?expire=1674651761&ei=EdTQY5fgK6OIyAX4mamIDw&ip=91.90.42.154&id=o-ABGSg7LxTCAATu4FNMIUekDGbyBFJzpDT0qoVmC_z0an&itag=251&source=youtube&requiressl=yes&spc=H3gIhnZufJQpZ8Nu9S64BP4fzeymOig&vprv=1&mime=audio%2Fwebm&ns=U3xxM7rO9ZH8MJFhOsMiq8AL&gir=yes&clen=69283349&dur=3767.161&lmt=1622994040313449&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5432434&n=niSXW4gdJ_rb2Q&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRQIgYjBhSOl8LbHfY8YsMODi-P1fq-ilkqJbPN5mGzgAB9YCIQDg1IfuiYjMZSAbSCbZ97gaL-H_DwnMRSRWUnnUto_VYg%3D%3D&cpn=IHTybt55LJQYXzRL&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Du&mm=29&mn=sn-5go7ynld&ms=rdu&mt=1674630069&mv=m&mvi=3&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAKQBFD2q2YdluJcH11VyJWv9x3basyPVBo_jPeh0knjjAiEAiksHFbWyE060FKhuJAENvd6V1rxO1wwHFn_Juv8mtSE%3D&range=0-72492&rn=3&rbuf=0&pot=Dz60dXOqP3UrPozIv4PkWEjg78QSXHKcMWofhk4Lz2i-aRdiTLyeUPNTRFk0ZD6pJj_oqkg9R7Kfy6XNvVsNuzpgocwsoE9YxXsNDVrrg24Bml4A94KMO0tWHDW8mow5tXZQr8o=
IP 74.125.111.72:0
File type WebM\012- EBML file, creator webmB\20\012- data
Hash cf92b4d6b598fb9df411ec3a23b0905e
b61bb793d6ef38ac7292a8ce490c717521ccd0ff
faad5f0dc4b6e10781112100ccfe026be4b61ca4c19f405aab292c13c84be19c
POST /videoplayback?expire=1674651761&ei=EdTQY5fgK6OIyAX4mamIDw&ip=91.90.42.154&id=o-ABGSg7LxTCAATu4FNMIUekDGbyBFJzpDT0qoVmC_z0an&itag=251&source=youtube&requiressl=yes&spc=H3gIhnZufJQpZ8Nu9S64BP4fzeymOig&vprv=1&mime=audio%2Fwebm&ns=U3xxM7rO9ZH8MJFhOsMiq8AL&gir=yes&clen=69283349&dur=3767.161&lmt=1622994040313449&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5432434&n=niSXW4gdJ_rb2Q&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRQIgYjBhSOl8LbHfY8YsMODi-P1fq-ilkqJbPN5mGzgAB9YCIQDg1IfuiYjMZSAbSCbZ97gaL-H_DwnMRSRWUnnUto_VYg%3D%3D&cpn=IHTybt55LJQYXzRL&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Du&mm=29&mn=sn-5go7ynld&ms=rdu&mt=1674630069&mv=m&mvi=3&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAKQBFD2q2YdluJcH11VyJWv9x3basyPVBo_jPeh0knjjAiEAiksHFbWyE060FKhuJAENvd6V1rxO1wwHFn_Juv8mtSE%3D&range=0-72492&rn=3&rbuf=0&pot=Dz60dXOqP3UrPozIv4PkWEjg78QSXHKcMWofhk4Lz2i-aRdiTLyeUPNTRFk0ZD6pJj_oqkg9R7Kfy6XNvVsNuzpgocwsoE9YxXsNDVrrg24Bml4A94KMO0tWHDW8mow5tXZQr8o= HTTP/1.1
Host: rr3---sn-5go7ynld.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Sun, 06 Jun 2021 15:40:40 GMT
Content-Type: audio/webm
Date: Wed, 25 Jan 2023 07:02:42 GMT
Expires: Wed, 25 Jan 2023 07:02:42 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 72493
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6c548b859c03eb6b16820da8b5ac46f6
d650d43bef2a3b2c9d9d70eaa0d2921fef7141e4
686978b332353db565f316ecd476cf99fcdf953eea374ecb51ee4cefad96f0b4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 07:02:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr3---sn-5go7ynld.googlevideo.com/videoplayback?expire=1674651761&ei=EdTQY5fgK6OIyAX4mamIDw&ip=91.90.42.154&id=o-ABGSg7LxTCAATu4FNMIUekDGbyBFJzpDT0qoVmC_z0an&itag=244&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=H3gIhnZufJQpZ8Nu9S64BP4fzeymOig&vprv=1&mime=video%2Fwebm&ns=U3xxM7rO9ZH8MJFhOsMiq8AL&gir=yes&clen=171309397&dur=3767.137&lmt=1622994084330396&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5432434&n=niSXW4gdJ_rb2Q&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAPaafdnKaSdvJGcp7FYstJ6dotg2Y9Nn0HCkP3oIWxVnAiEA7faf38DlS-rqxDaohGpmdIw02IKfJ3NemNu-z09PDn0%3D&cpn=IHTybt55LJQYXzRL&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Du&mm=29&mn=sn-5go7ynld&ms=rdu&mt=1674630069&mv=m&mvi=3&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgKJcSIDMWhaT-iW4c0q-F0FJMEDWIXKBotL6wPKE5MTYCIQCQpNefrfXk-jg0Ldu0bCznXllRvP0tzwqXTqQ3cHkhVw%3D%3D&range=0-203842&rn=4&rbuf=0&pot=Dz60dXOqP3UrPozIv4PkWEjg78QSXHKcMWofhk4Lz2i-aRdiTLyeUPNTRFk0ZD6pJj_oqkg9R7Kfy6XNvVsNuzpgocwsoE9YxXsNDVrrg24Bml4A94KMO0tWHDW8mow5tXZQr8o=
74.125.111.72200 OK 204 kB URL HTTP/1.1 rr3---sn-5go7ynld.googlevideo.com/videoplayback?expire=1674651761&ei=EdTQY5fgK6OIyAX4mamIDw&ip=91.90.42.154&id=o-ABGSg7LxTCAATu4FNMIUekDGbyBFJzpDT0qoVmC_z0an&itag=244&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=H3gIhnZufJQpZ8Nu9S64BP4fzeymOig&vprv=1&mime=video%2Fwebm&ns=U3xxM7rO9ZH8MJFhOsMiq8AL&gir=yes&clen=171309397&dur=3767.137&lmt=1622994084330396&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5432434&n=niSXW4gdJ_rb2Q&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAPaafdnKaSdvJGcp7FYstJ6dotg2Y9Nn0HCkP3oIWxVnAiEA7faf38DlS-rqxDaohGpmdIw02IKfJ3NemNu-z09PDn0%3D&cpn=IHTybt55LJQYXzRL&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Du&mm=29&mn=sn-5go7ynld&ms=rdu&mt=1674630069&mv=m&mvi=3&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgKJcSIDMWhaT-iW4c0q-F0FJMEDWIXKBotL6wPKE5MTYCIQCQpNefrfXk-jg0Ldu0bCznXllRvP0tzwqXTqQ3cHkhVw%3D%3D&range=0-203842&rn=4&rbuf=0&pot=Dz60dXOqP3UrPozIv4PkWEjg78QSXHKcMWofhk4Lz2i-aRdiTLyeUPNTRFk0ZD6pJj_oqkg9R7Kfy6XNvVsNuzpgocwsoE9YxXsNDVrrg24Bml4A94KMO0tWHDW8mow5tXZQr8o=
IP 74.125.111.72:0
File type WebM\012- EBML file, creator webmB\20\012- data
Size 204 kB (203843 bytes)
Hash 4f55422b592a555098c95e7876e8e26d
384fc4111025eda1f98e2e0caf06d37f7215cb8e
0f963141965c1966144e2a5267273d2deea1345065914846286249f31babde8e
POST /videoplayback?expire=1674651761&ei=EdTQY5fgK6OIyAX4mamIDw&ip=91.90.42.154&id=o-ABGSg7LxTCAATu4FNMIUekDGbyBFJzpDT0qoVmC_z0an&itag=244&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=H3gIhnZufJQpZ8Nu9S64BP4fzeymOig&vprv=1&mime=video%2Fwebm&ns=U3xxM7rO9ZH8MJFhOsMiq8AL&gir=yes&clen=171309397&dur=3767.137&lmt=1622994084330396&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5432434&n=niSXW4gdJ_rb2Q&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&alr=yes&sig=AOq0QJ8wRgIhAPaafdnKaSdvJGcp7FYstJ6dotg2Y9Nn0HCkP3oIWxVnAiEA7faf38DlS-rqxDaohGpmdIw02IKfJ3NemNu-z09PDn0%3D&cpn=IHTybt55LJQYXzRL&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Du&mm=29&mn=sn-5go7ynld&ms=rdu&mt=1674630069&mv=m&mvi=3&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgKJcSIDMWhaT-iW4c0q-F0FJMEDWIXKBotL6wPKE5MTYCIQCQpNefrfXk-jg0Ldu0bCznXllRvP0tzwqXTqQ3cHkhVw%3D%3D&range=0-203842&rn=4&rbuf=0&pot=Dz60dXOqP3UrPozIv4PkWEjg78QSXHKcMWofhk4Lz2i-aRdiTLyeUPNTRFk0ZD6pJj_oqkg9R7Kfy6XNvVsNuzpgocwsoE9YxXsNDVrrg24Bml4A94KMO0tWHDW8mow5tXZQr8o= HTTP/1.1
Host: rr3---sn-5go7ynld.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Sun, 06 Jun 2021 15:41:24 GMT
Content-Type: video/webm
Date: Wed, 25 Jan 2023 07:02:42 GMT
Expires: Wed, 25 Jan 2023 07:02:42 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 203843
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
therestolin.com/video.php?aff_id=5154&subid=mw1gia0124restolin
188.114.97.1200 OK 0 B URL HTTP/2 therestolin.com/video.php?aff_id=5154&subid=mw1gia0124restolin
IP 188.114.97.1:0
GET /video.php?aff_id=5154&subid=mw1gia0124restolin HTTP/1.1
Host: therestolin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://emdlvr.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 07:02:39 GMT
content-type: text/html
x-amz-id-2: 28TSPc73PjSf6ukxuN2TiUkxotNezG3w8GJeSgkZ39Z6SBoOFSpI50JuA4hvnfuv+zIMe3zdcKs=
x-amz-request-id: 8MQXQWYTTZP93SGB
last-modified: Thu, 17 Nov 2022 07:51:53 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DhwpN37Fqbgv8Zh7jNPqKSovRqrZs0%2FhhSALVwBk3kSc77OC5QZsEXor%2FBzCgrrDo%2B9idNp7kgCgV8xSPj3OQmqdxJAu7nb2%2BUKmF%2Fv24wAGZbx5sOZse9XCULCJU4aM1I0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ef24ffeb130b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
vdlvry.com/videoboxes/universal_player/player.js
188.114.96.1200 OK 0 B URL HTTP/2 vdlvry.com/videoboxes/universal_player/player.js
IP 188.114.96.1:0
GET /videoboxes/universal_player/player.js HTTP/1.1
Host: vdlvry.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://therestolin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 07:02:39 GMT
content-type: text/javascript
cf-bgj: minify
cf-polished: origSize=28382
etag: W/"61f557d4f0aef449f8f99268be0fc926"
last-modified: Fri, 20 Jan 2023 14:14:37 GMT
x-amz-id-2: tUxDcpVmOWcTJJIduB1QsQ0gQl4SFEOnHAncY9YJNhWF0lBljyCz7E652UYzC8tr4H5iBIZdBwA=
x-amz-request-id: 0V5A1KSM75YFXBP7
cache-control: max-age=14400
cf-cache-status: HIT
age: 405877
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WzO715dy0eleX1Uv2myadDzU6xOtywI00PGk%2Fi0fdrI8KcrWgbtjnF3MoaG%2BgoaN5%2FZj700YXG7QiOA8eNYzi00Fn7WtrMkq%2BTghNw4l3djOqme7hNu18%2BF5Yore"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ef2502799cb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
vdlvry.com/setups/RES/main.json
188.114.96.1200 OK 0 B URL HTTP/2 vdlvry.com/setups/RES/main.json
IP 188.114.96.1:0
GET /setups/RES/main.json HTTP/1.1
Host: vdlvry.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://therestolin.com
Connection: keep-alive
Referer: https://therestolin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 07:02:40 GMT
content-type: application/json
x-amz-id-2: UFYaRi/f0gsbq0MePOIEzmE4tX3wurqCYfRvSWHen0bYnNnc3OHhtTDgZ+fl1WW2DKO0NwwLVWc=
x-amz-request-id: E15JWAVRV8K75G0F
access-control-allow-origin: *
access-control-allow-methods: GET, POST
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Fri, 20 Jan 2023 14:14:30 GMT
etag: W/"a027043e14c2b5eaf084c49719a64a28"
cache-control: max-age=14400
cf-cache-status: HIT
age: 35151
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dJ4cOjwaZrIZ4FiWIlsBZasrgx2iavf7ZC7N9HjexS6hvm4iuQIW4AeT54lBKnV9xeahyhw3mMyLVu%2FhwvQmF2Ro9crPHrJWjmcycOJJu0QpuC9N4YCMrrW548d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ef25040ac0b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
emdlvr.com/oj2z
172.67.187.198200 OK 0 B IP 172.67.187.198:0
Analyzer Verdict Alert fortinet Phishing
GET /oj2z HTTP/1.1
Host: emdlvr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 07:02:39 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
x-robots-tag: noindex, nofollow
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: Mon, 07 Jul 1777 07:07:07 GMT
x-redirect-powered-by: Pretty Link Executive 3.2.6 http://prettylink.com
set-cookie: prli_click_139=oj2z; expires=Fri, 24-Feb-2023 07:02:39 GMT; Max-Age=2592000; path=/
prli_visitor=63d0d40f1f1c7; expires=Thu, 25-Jan-2024 07:02:39 GMT; Max-Age=31536000; path=/
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FnFxmIkx7oZXH8Y0JY6stn7%2F4Yx%2B47ThPYBMlGT%2FqyCGRKjgQFjmiNyZghDj1PgRlJr%2BvLBVpDNPyIwZ4MxGZ2bkJW8g0jY9yzqIf5aRkDyCxdrmU7ykBdx%2FYYKI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ef24fdca18b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2