quick-exchange.com/
5.181.161.21301 Moved Permanently 235 B IP 5.181.161.21:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b2ee2da5a1f12f2c77c86bdc587b7807
10f89bfafe5f8aed31389bb945c049c9a29c8477
e18e00c93f091b9f97861042c5c298cdaef3f77600e5fa90039ba254cb458531
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: quick-exchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: text/html; charset=iso-8859-1
content-length: 235
location: https://quick-exchange.com/
x-host: quick-exchange.com
x-tilda-server: 13
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4747
Expires: Fri, 11 Nov 2022 19:42:55 GMT
Date: Fri, 11 Nov 2022 18:23:48 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4edf853c470fcec0ab277c78527f3c2d
de93530ce15337e671c488d9fe05e7091d4956f0
b9d7976b398b1243ff8a571ddd3975d3a1317d69101061bdb1a755b3b56620e6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4825
Cache-Control: max-age=149284
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:48 GMT
Etag: "636e247f-1d7"
Expires: Sun, 13 Nov 2022 11:51:52 GMT
Last-Modified: Fri, 11 Nov 2022 10:31:27 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 11 Nov 2022 17:43:54 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2394
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2b57492bf85f4ae6abbd1641b17dc9ab
008e71ec05d47bf025ca64e17da2ea1bd8e71111
17894427c471f7fa02ca274795dc55df1bfc99d7bd83f9ee36249394035110fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17894427C471F7FA02CA274795DC55DF1BFC99D7BD83F9EE36249394035110FD"
Last-Modified: Wed, 09 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3537
Expires: Fri, 11 Nov 2022 19:22:45 GMT
Date: Fri, 11 Nov 2022 18:23:48 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7d1f8ZycjGDO1tVIXG8btyaJXz2H/K+lNRkgYONQYi5a76DKZpb19/UBXDqwovDdFgsMjAvtz30=
x-amz-request-id: TJ1NSCTWYYZXTZ0K
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 11 Nov 2022 18:12:40 GMT
age: 668
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85e01d3c4a6e6d6717d96cbb6b3752e6
6bbc1d44f84882acf1144454b80f3809d955515d
aebfc23e650a5012dd552df2043b9ca706268e3011723ad42a09b8a53094d845
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEBFC23E650A5012DD552DF2043B9CA706268E3011723AD42A09B8A53094D845"
Last-Modified: Fri, 11 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21551
Expires: Sat, 12 Nov 2022 00:22:59 GMT
Date: Fri, 11 Nov 2022 18:23:48 GMT
Connection: keep-alive
quick-exchange.com/
5.181.161.21200 OK 8.7 kB IP 5.181.161.21:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7586)
Hash 87dd0b7aba014e3ec3c8195566986522
e402761e64fb43508f80328b9fc6ef1af71d1f16
9d3b1dcea86d5878c8ee2d8eee6be63f51b94a972ad9a30c83a07972d110c457
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: quick-exchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: text/html; charset=UTF-8
content-length: 8659
last-modified: Fri, 11 Nov 2022 07:42:52 GMT
etag: "cc89-5ed2d098811bf-gzip"
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-host: quick-exchange.com
accept-ranges: bytes
x-tilda-server: 9
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Cache-Control, Pragma, Last-Modified, ETag, Alert, Backoff, Content-Type, Retry-After, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 11 Nov 2022 17:44:48 GMT
cache-control: public,max-age=3600
age: 2340
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
quick-exchange.com/tilda-blocks-page29969007.min.css?t=1668152572
5.181.161.21200 OK 2.8 kB URL HTTP/2 quick-exchange.com/tilda-blocks-page29969007.min.css?t=1668152572
IP 5.181.161.21:0
File type ASCII text, with very long lines (11731), with no line terminators
Hash 803fc13a2f3c0060c2ee1afb7eb6a9de
ea83880c173fdeeaa4913cf652907db0416d586f
b5754423a777a6188c1a0efaa5f374332bb59f32f83ce22fa4d33ebc15004728
Analyzer Verdict Alert fortinet Phishing
GET /tilda-blocks-page29969007.min.css?t=1668152572 HTTP/1.1
Host: quick-exchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: text/css
content-length: 2812
last-modified: Fri, 11 Nov 2022 07:42:52 GMT
etag: "2dd3-5ed2d0989d61d-gzip"
vary: Accept-Encoding
content-encoding: gzip
x-host: quick-exchange.com
accept-ranges: bytes
x-tilda-server: 9
X-Firefox-Spdy: h2
quick-exchange.com/tilda-blocks-page29969007.min.js?t=1668152572
5.181.161.21200 OK 2.3 kB URL HTTP/2 quick-exchange.com/tilda-blocks-page29969007.min.js?t=1668152572
IP 5.181.161.21:0
File type ASCII text, with very long lines (1343)
Hash 2877bd4730445506faac9e7ec07c1fe4
f0e55c8aa0acc9229d0720e215a3f3e55845cc5d
672fea34526cd569d63d0e29a4ebe327301243be192760c5d77dab3650a31461
Analyzer Verdict Alert fortinet Phishing
GET /tilda-blocks-page29969007.min.js?t=1668152572 HTTP/1.1
Host: quick-exchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: application/javascript
content-length: 2349
last-modified: Fri, 11 Nov 2022 07:42:52 GMT
etag: "20d8-5ed2d098a46cd-gzip"
vary: Accept-Encoding
content-encoding: gzip
x-host: quick-exchange.com
accept-ranges: bytes
x-tilda-server: 9
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 06d7d61a20669050493c3fd5d2b9798e
5d2d51f23582ef785072cdd0ca9ccf859b563b2d
653662665ea3298734fa313f693216a3932a64ac2903986d7415f60f97bcf27f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 17fb6d512cdcfdb54013f12928631063
8509d7e3e505f01b26c1aaa240649c1192e540a2
7cd49466fe4268e24d13e719f4d93dd1e214e28e83768120c200b5f6a97fe7b8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 11 Nov 2022 18:23:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 12:05:10 GMT
Expires: Wed, 16 Nov 2022 12:05:09 GMT
Etag: "8509d7e3e505f01b26c1aaa240649c1192e540a2"
Cache-Control: max-age=408680,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76890faa7e250b06-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 17fb6d512cdcfdb54013f12928631063
8509d7e3e505f01b26c1aaa240649c1192e540a2
7cd49466fe4268e24d13e719f4d93dd1e214e28e83768120c200b5f6a97fe7b8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 11 Nov 2022 18:23:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 12:05:10 GMT
Expires: Wed, 16 Nov 2022 12:05:09 GMT
Etag: "8509d7e3e505f01b26c1aaa240649c1192e540a2"
Cache-Control: max-age=408680,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76890faab89d0b65-OSL
static.tildacdn.com/img/tildacopy.png
92.223.97.97200 OK 819 B URL HTTP/2 static.tildacdn.com/img/tildacopy.png
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type PNG image data, 60 x 60, 8-bit colormap, non-interlaced\012- data
Hash 008f3580b6c16d8902b62bf0982176c8
aed272653b94904393ed90cffa74d1a9177b716a
feaa79fd393600ae251d35df414fc9c5633674b6104a52cdfdfe1b449f2aa15a
GET /img/tildacopy.png HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: image/png
content-length: 819
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control
cache-control: public
etag: "008f3580b6c16d8902b62bf0982176c8"
last-modified: Mon, 05 Feb 2018 10:39:56 GMT
x-timestamp: 1517827195.55446
x-trans-id: 151067cae4967598
age: 253
tserver: 9
cache: HIT, HIT
x-cached-since: 2022-07-22T10:03:23+00:00, 2022-09-20T13:50:02+00:00
x-id: m9-up-gc58, sto5-up-gc14
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f7ff606fbc8634c858bbc04b69f55cf6
2441de2cba649239efd0dae7a878d7ef2245c0b4
95154e0dbb7e827b8f893cc141f986c29634ead618256470d753429aa65a0548
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4076
Cache-Control: max-age=143460
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:48 GMT
Etag: "636e10ac-1d7"
Expires: Sun, 13 Nov 2022 10:14:48 GMT
Last-Modified: Fri, 11 Nov 2022 09:06:52 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 06d7d61a20669050493c3fd5d2b9798e
5d2d51f23582ef785072cdd0ca9ccf859b563b2d
653662665ea3298734fa313f693216a3932a64ac2903986d7415f60f97bcf27f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 17fb6d512cdcfdb54013f12928631063
8509d7e3e505f01b26c1aaa240649c1192e540a2
7cd49466fe4268e24d13e719f4d93dd1e214e28e83768120c200b5f6a97fe7b8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 11 Nov 2022 18:23:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 12:05:10 GMT
Expires: Wed, 16 Nov 2022 12:05:09 GMT
Etag: "8509d7e3e505f01b26c1aaa240649c1192e540a2"
Cache-Control: max-age=408679,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76890faa78730b65-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 17fb6d512cdcfdb54013f12928631063
8509d7e3e505f01b26c1aaa240649c1192e540a2
7cd49466fe4268e24d13e719f4d93dd1e214e28e83768120c200b5f6a97fe7b8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 11 Nov 2022 18:23:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 12:05:10 GMT
Expires: Wed, 16 Nov 2022 12:05:09 GMT
Etag: "8509d7e3e505f01b26c1aaa240649c1192e540a2"
Cache-Control: max-age=408679,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76890faa7a751c0e-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 17fb6d512cdcfdb54013f12928631063
8509d7e3e505f01b26c1aaa240649c1192e540a2
7cd49466fe4268e24d13e719f4d93dd1e214e28e83768120c200b5f6a97fe7b8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 11 Nov 2022 18:23:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 12:05:10 GMT
Expires: Wed, 16 Nov 2022 12:05:09 GMT
Etag: "8509d7e3e505f01b26c1aaa240649c1192e540a2"
Cache-Control: max-age=408679,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76890faa89e4b529-OSL
push.services.mozilla.com/
54.188.211.138101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.188.211.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: s60d8HeQskhMRnnmawN9ag==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7IQbr/g7HcpZ9q9kMAjPLlFkf30=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 024e38c6915f7e2a870ef01283bdb9c3
a192414e4c370a3ccf9c67f7ca05a616bc9ed2de
35535ece2133c75fbe0872811d9536c4284061e94a39614ca25cf7100bae7bdb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35535ECE2133C75FBE0872811D9536C4284061E94A39614CA25CF7100BAE7BDB"
Last-Modified: Fri, 11 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21542
Expires: Sat, 12 Nov 2022 00:22:51 GMT
Date: Fri, 11 Nov 2022 18:23:49 GMT
Connection: keep-alive
www.belursus.com/static/side_script/tracker.js
137.184.3.140200 OK 404 B URL HTTP/1.1 www.belursus.com/static/side_script/tracker.js
IP 137.184.3.140:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (710), with no line terminators
Hash b0428f22ed43e04744a80d3fd506d424
8169325df5f80eb23efcb28c0b06ef6a92299a39
b4ca30a0ec68fc9a82b14d207c4c805631a2ee3a42b6d389bf11c1d51e49829c
GET /static/side_script/tracker.js HTTP/1.1
Host: www.belursus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 11 Nov 2022 18:23:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0
Last-Modified: Sat, 05 Nov 2022 16:53:38 GMT
ETag: W/"2c6-18448b64f15"
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 50b7ad7d0cb47a73140b0c340b5b72b4
5b7fd8d7d4a5fb963c33d52675ef3be152f4e7e3
494e1c3410c113871960bd9b35b3d89c0d404ecb836c03669a8522d159391cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 50b7ad7d0cb47a73140b0c340b5b72b4
5b7fd8d7d4a5fb963c33d52675ef3be152f4e7e3
494e1c3410c113871960bd9b35b3d89c0d404ecb836c03669a8522d159391cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://quick-exchange.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Nov 2022 19:34:08 GMT
expires: Thu, 09 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 168581
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.tildacdn.com/js/tilda-phone-mask-1.1.min.js
92.223.97.97200 OK 25 kB URL HTTP/2 static.tildacdn.com/js/tilda-phone-mask-1.1.min.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type Unicode text, UTF-8 text, with very long lines (29482), with no line terminators
Hash d647168106f058be4fb2e0b852b9a52f
07c3099ea89b349425cd952220f7a551bd99c51f
f4b8fde03c59eb15162697ade564248c6841f9e542680862b86adedbfa7f15b3
GET /js/tilda-phone-mask-1.1.min.js HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:49 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 11 Nov 2022 09:13:42 GMT
etag: W/"636e1246-751e"
tserver: 9
content-encoding: br
cache: HIT, HIT
x-cached-since: 2022-11-11T09:13:50+00:00, 2022-11-11T09:13:52+00:00
x-id: m9-up-gc46, sto5-up-gc14
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 05bb9af901ca5b651e88fcbe236711f5
18412da7fc2d868fc74bc3e7c44b4add4bbbdef9
9b87e90e4f5356da47fd562f7d06c8fbdef90d011e8c20e5687afbeaf6e7d29b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.tildacdn.com/img/tildafavicon.ico
92.223.97.97200 OK 2.2 kB URL HTTP/2 static.tildacdn.com/img/tildafavicon.ico
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type PNG image data, 32 x 32, 16-bit/color RGBA, non-interlaced\012- data
Hash d907a5025d4b2052dcc840cf3a1b051d
7673cf03fbc1948310d3f839dfec7662988dea5a
28597d2ee76f58aff78d5236916ff1fef75f247ccb635fa49bb53d1eec9d3c82
GET /img/tildafavicon.ico HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:49 GMT
content-type: image/x-icon
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma, Etag, X-Timestamp, X-Trans-Id, X-Openstack-Request-Id, Content-Length, Accept-Ranges, Expires, Cache-Control
cache-control: public
etag: W/"539cb98730871486358e58b899ac739e"
last-modified: Tue, 08 Nov 2016 15:22:15 GMT
x-timestamp: 1478618534.90060
age: 199663
tserver: 10
content-encoding: br
cache: HIT, HIT
x-cached-since: 2022-08-18T20:41:50+00:00, 2022-10-17T09:17:12+00:00
x-id: m9-up-gc52, sto5-up-gc10
X-Firefox-Spdy: h2
static.tildacdn.com/css/tilda-grid-3.0.min.css
92.223.97.97200 OK 16 kB URL HTTP/2 static.tildacdn.com/css/tilda-grid-3.0.min.css
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (4112), with no line terminators
Hash c5999eb842e80f1ee849601b0e276bd1
3bd39171e8acb849355d6f10b945a5b71d1803b2
338b8d09cb89d4da04e0ae4a3e4cd76256bf3c08b7c9616a86ddc60e82740068
GET /css/tilda-grid-3.0.min.css HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 18 Mar 2021 12:08:37 GMT
etag: W/"605342c5-1010"
tserver: 11
content-encoding: br
cache: HIT, HIT
x-cached-since: 2022-08-03T14:02:23+00:00, 2022-09-13T16:14:36+00:00
x-id: m9-up-gc58, sto5-up-gc12
X-Firefox-Spdy: h2
www.youtube.com/s/player/c4225c42/www-player.css
142.250.74.142200 OK 50 kB URL HTTP/2 www.youtube.com/s/player/c4225c42/www-player.css
IP 142.250.74.142:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 37393b2e4e70f3fac5dfa2c993352c39
541dad400eda83451bf1806bc750f9f3354d5330
feabbcd01808e9c02f35851ed15aa5edd605a6e69c855229633360775bc21325
GET /s/player/c4225c42/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/2D_waOuMUho?
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 49779
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 15:44:34 GMT
expires: Fri, 10 Nov 2023 15:44:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 07 Nov 2022 01:22:49 GMT
content-type: text/css
age: 95955
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.tildacdn.com/js/tilda-popup-1.0.min.js
92.223.97.97200 OK 16 kB URL HTTP/2 static.tildacdn.com/js/tilda-popup-1.0.min.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (2329)
Hash 9c8726b0a325220f615c8c5bc736b85e
a3a4f4e8fbb8aca1f2ea7d81953dbea8963a7188
fa973e728119369da7486e0f48dc5282e7bc9a410b01e25953715778c159c44d
GET /js/tilda-popup-1.0.min.js HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 14 Oct 2022 12:38:44 GMT
etag: W/"63495854-91a"
tserver: 11
content-encoding: br
cache: HIT, HIT
x-cached-since: 2022-10-14T12:38:51+00:00, 2022-10-26T15:42:33+00:00
x-id: m9-up-gc58, sto5-up-gc13
X-Firefox-Spdy: h2
www.youtube.com/s/player/c4225c42/www-embed-player.vflset/www-embed-player.js
142.250.74.142200 OK 98 kB URL HTTP/2 www.youtube.com/s/player/c4225c42/www-embed-player.vflset/www-embed-player.js
IP 142.250.74.142:0
File type ASCII text, with very long lines (679)
Hash 26abdee2f7fda61acfbceef73f936a78
58ddf48c21798f2dc309ba38d8432949be2f837b
8a340b331b69b7fff9df67bea03c42248219e5928cb5a662a58da0c4a0df0fd1
GET /s/player/c4225c42/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/2D_waOuMUho?
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 98145
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 07 Nov 2022 17:54:12 GMT
expires: Tue, 07 Nov 2023 17:54:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 07 Nov 2022 01:22:49 GMT
content-type: text/javascript
age: 347377
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.tildacdn.com/js/tilda-forms-1.0.min.js
92.223.97.97200 OK 15 kB URL HTTP/2 static.tildacdn.com/js/tilda-forms-1.0.min.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type Unicode text, UTF-8 text, with very long lines (58660)
Hash e0521d2741afb80b6ddd2b12cf84907a
eae536aff1e23b067bd47c556cddca5386c6834d
72066a43d7fcdaeeb33d7584ad440a8ee041bb7d8f1c657aed6913a755680b2e
GET /js/tilda-forms-1.0.min.js HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 20 Sep 2022 18:31:49 GMT
etag: W/"632a0715-ef31"
tserver: 8
content-encoding: br
cache: HIT, HIT
x-cached-since: 2022-09-20T18:38:29+00:00, 2022-09-26T09:31:19+00:00
x-id: m9-up-gc52, sto5-up-gc14
X-Firefox-Spdy: h2
neo.tildacdn.com/js/tilda-fallback-1.0.min.js
162.55.188.142200 OK 3.6 kB URL HTTP/2 neo.tildacdn.com/js/tilda-fallback-1.0.min.js
IP 162.55.188.142:0
ASN #24940 Hetzner Online GmbH
Hash 80ae30d3584ead44702de740d09b5bdf
cf03bdc620c50fbb35db78082c378eed3b7ffc2b
0982f1bd535acc857ce505c364ebb6cd0762e0dbb6927868ef1f22dd91ac9aa6
GET /js/tilda-fallback-1.0.min.js HTTP/1.1
Host: neo.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: application/javascript
last-modified: Tue, 13 Sep 2022 15:15:31 GMT
etag: W/"63209e93-77e"
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
X-Firefox-Spdy: h2
static.tildacdn.com/js/tilda-events-1.0.min.js
92.223.97.97200 OK 17 kB URL HTTP/2 static.tildacdn.com/js/tilda-events-1.0.min.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (13712), with no line terminators
Hash eb1881795295f325911ee6898fa6a798
d784fd90a1df902f292998a1b0dcbd1b07db70a7
49f2ca680aab67b8c789ccb9fa1fb59347b629ae40215e1a553e3e68f7b9613a
GET /js/tilda-events-1.0.min.js HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 07 Oct 2022 16:20:46 GMT
etag: W/"634051de-3590"
tserver: 10
content-encoding: br
cache: HIT, HIT
x-cached-since: 2022-10-07T16:20:53+00:00, 2022-10-07T16:20:53+00:00
x-id: m9-up-gc66, sto5-up-gc15
X-Firefox-Spdy: h2
thumb.tildacdn.com/tild3337-3832-4336-b263-633838306534/-/resize/686x/-/format/webp/1a.jpg
92.223.97.97200 OK 7.7 kB URL HTTP/2 thumb.tildacdn.com/tild3337-3832-4336-b263-633838306534/-/resize/686x/-/format/webp/1a.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 636x96, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash be7cd2168562956290ffcf5e33e9bfbb
9421c5eca5d4e073f048c880b8bcdb7c62677d61
eb7524bb01bdea5213b3d3c2f74f4f6f2c134740b83a64c285233fd33bad2188
GET /tild3337-3832-4336-b263-633838306534/-/resize/686x/-/format/webp/1a.jpg HTTP/1.1
Host: thumb.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:50 GMT
content-type: image/jpeg
content-length: 7664
last-modified: Fri, 11 Nov 2022 05:32:04 GMT
etag: "636dde54-1df0"
x-tilda-server: 2
access-control-allow-origin: *
cache: MISS, MISS
x-id: m9-up-gc46, sto5-up-gc11
accept-ranges: bytes
X-Firefox-Spdy: h2
static.tildacdn.com/js/tilda-zero-video-1.0.min.js
92.223.97.97200 OK 3.6 kB URL HTTP/2 static.tildacdn.com/js/tilda-zero-video-1.0.min.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (2891), with no line terminators
Hash c0216844d810759ef739c5f94cfab2cd
7a471f8b3d50a46550338e61c80b1e41883659d5
555f38e6671c93fa6334b6433bc894e2a78feb133ac1f4bf0fcfb0e8d66e477d
GET /js/tilda-zero-video-1.0.min.js HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 07 Sep 2022 08:23:37 GMT
etag: W/"63185509-b4b"
tserver: 11
content-encoding: br
cache: HIT, HIT
x-cached-since: 2022-09-08T08:51:54+00:00, 2022-09-14T13:06:25+00:00
x-id: m9-up-gc52, sto5-up-gc12
X-Firefox-Spdy: h2
thumb.tildacdn.com/tild3331-3663-4330-b333-666133323038/-/resize/301x/-/format/webp/photo-c.jpg
92.223.97.97200 OK 21 kB URL HTTP/2 thumb.tildacdn.com/tild3331-3663-4330-b333-666133323038/-/resize/301x/-/format/webp/photo-c.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 301x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9086ddc0627cd714e7b07096bd1a4df7
46c62ca3361c48e9e161ba2d74e537885c118235
1fc5e5d2237579edeb1278f0149cd356dee6269cf607da6fcc00697e59901abf
GET /tild3331-3663-4330-b333-666133323038/-/resize/301x/-/format/webp/photo-c.jpg HTTP/1.1
Host: thumb.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:50 GMT
content-type: image/jpeg
content-length: 20816
last-modified: Fri, 11 Nov 2022 05:32:04 GMT
etag: "636dde54-5150"
x-tilda-server: 2
access-control-allow-origin: *
cache: MISS, MISS
x-id: m9p-up-gc37, sto5-up-gc11
accept-ranges: bytes
X-Firefox-Spdy: h2
thumb.tildacdn.com/tild3934-6239-4438-a139-373135656230/-/format/webp/22222.png
92.223.97.97200 OK 25 kB URL HTTP/2 thumb.tildacdn.com/tild3934-6239-4438-a139-373135656230/-/format/webp/22222.png
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1091x124, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e2d980f313c1a704d3381db293abde76
5b0de834695359264fae4d7f66d5d9443a1667b1
ad7634f515d4aef73e87ab6791ed84e17fbdccb4c2e1934b289cda0e32ee83bb
GET /tild3934-6239-4438-a139-373135656230/-/format/webp/22222.png HTTP/1.1
Host: thumb.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:50 GMT
content-type: image/png
content-length: 25226
last-modified: Fri, 11 Nov 2022 05:31:18 GMT
etag: "636dde26-628a"
x-tilda-server: 1
access-control-allow-origin: *
cache: MISS, MISS
x-id: m9-up-gc46, sto5-up-gc13
accept-ranges: bytes
X-Firefox-Spdy: h2
thumb.tildacdn.com/tild6133-6566-4837-b932-656264383865/-/resize/297x/-/format/webp/photo-r.jpg
92.223.97.97200 OK 20 kB URL HTTP/2 thumb.tildacdn.com/tild6133-6566-4837-b932-656264383865/-/resize/297x/-/format/webp/photo-r.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 297x237, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f7c67b55db9c792a623910282b5a1cfa
1b1c88ea1929e84ea95a9b790edc00ac72c14cfa
aa9ef9aa3104b92eb67747c74c6bcc26777beaa01ba3d78e8d952a139b11170a
GET /tild6133-6566-4837-b932-656264383865/-/resize/297x/-/format/webp/photo-r.jpg HTTP/1.1
Host: thumb.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:50 GMT
content-type: image/jpeg
content-length: 19934
last-modified: Fri, 11 Nov 2022 05:31:20 GMT
etag: "636dde28-4dde"
x-tilda-server: 1
access-control-allow-origin: *
cache: MISS, MISS
x-id: m9p-up-gc37, sto5-up-gc11
accept-ranges: bytes
X-Firefox-Spdy: h2
thumb.tildacdn.com/tild3437-6664-4366-a535-363735383566/-/resize/160x/-/format/webp/3photo_2022-07-28_13.jpg
92.223.97.97200 OK 5.2 kB URL HTTP/2 thumb.tildacdn.com/tild3437-6664-4366-a535-363735383566/-/resize/160x/-/format/webp/3photo_2022-07-28_13.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 160x88, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d54909408a0b545b462665c45fc354e9
c3869af9105c22730473c04cf2ffb2d2aa6d51e8
8c3e8ccc8a438451f218a3955fa082860d426dd3392bd2d28ceff94317cf1786
GET /tild3437-6664-4366-a535-363735383566/-/resize/160x/-/format/webp/3photo_2022-07-28_13.jpg HTTP/1.1
Host: thumb.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:50 GMT
content-type: image/jpeg
content-length: 5154
last-modified: Fri, 11 Nov 2022 05:30:09 GMT
etag: "636ddde1-1422"
x-tilda-server: 2
access-control-allow-origin: *
cache: MISS, MISS
x-id: m9-up-gc46, sto5-up-gc14
accept-ranges: bytes
X-Firefox-Spdy: h2
thumb.tildacdn.com/tild3839-6135-4636-b135-623934626336/-/resize/304x/-/format/webp/photo-f.jpg
92.223.97.97200 OK 15 kB URL HTTP/2 thumb.tildacdn.com/tild3839-6135-4636-b135-623934626336/-/resize/304x/-/format/webp/photo-f.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 304x243, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c86868f6df976a90f7b8697c73f5f476
81f568a3b5419f3d26d90913d911d10cf581014b
66285a72db3e211853c797a38c343ad5d834dd5034dc432d48e4020789d7ff0b
GET /tild3839-6135-4636-b135-623934626336/-/resize/304x/-/format/webp/photo-f.jpg HTTP/1.1
Host: thumb.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:50 GMT
content-type: image/jpeg
content-length: 15442
last-modified: Fri, 11 Nov 2022 05:31:20 GMT
etag: "636dde28-3c52"
x-tilda-server: 3
access-control-allow-origin: *
cache: MISS, MISS
x-id: m9p-up-gc37, sto5-up-gc12
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&subset=latin,cyrillic
142.250.74.10200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&subset=latin,cyrillic
IP 142.250.74.10:0
Hash 419aba4479918b5e94c32b5a8a088559
b5b4100b3cfb0f8c3a70f19625b001367a6611a8
c02aaaf075f25b3a1c335bb85016364b9c0994bf4f75831f65670561c545f6e3
GET /css2?family=Roboto:wght@300;400;500;700&subset=latin,cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 11 Nov 2022 18:23:48 GMT
date: Fri, 11 Nov 2022 18:23:48 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash b5c02423b4932343467a4395820d995b
385483671c21d4a37ee28e7c26e8cc198342c7bc
6bd8edc328d729a185f6d4e8fdc03e00bba73c92f941c232ffaeeb5a180c9c16
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.166200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.166:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 11 Nov 2022 18:14:05 GMT
expires: Fri, 11 Nov 2022 18:29:05 GMT
cache-control: public, max-age=900
age: 585
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.66302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Fri, 11 Nov 2022 18:23:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7474
Expires: Fri, 11 Nov 2022 20:28:24 GMT
Date: Fri, 11 Nov 2022 18:23:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7474
Expires: Fri, 11 Nov 2022 20:28:24 GMT
Date: Fri, 11 Nov 2022 18:23:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7474
Expires: Fri, 11 Nov 2022 20:28:24 GMT
Date: Fri, 11 Nov 2022 18:23:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7474
Expires: Fri, 11 Nov 2022 20:28:24 GMT
Date: Fri, 11 Nov 2022 18:23:50 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50b47142-be82-4ddc-85e8-45dc7102abe9.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50b47142-be82-4ddc-85e8-45dc7102abe9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 90a78b0f806c0c5ef5e7128cc37b2edf
7339ad7b4f37cc37cb712207a7b3a5ac9355d9dc
770a2247a0f8d6b44c61cecc8a11e9882e4dd39269e181eef52cf6816407022b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50b47142-be82-4ddc-85e8-45dc7102abe9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6696
x-amzn-requestid: 19f91da1-beeb-400a-b4c0-059851ca839f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNeQ_F3doAMFr6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687739-2ef73e121ff2c3cf0e95b450;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:10:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: skH-uMPMGVOwM2RoMjuNh3YaYVIYhfytSdJ5-YFcH4GhUXyOKehfFA==
via: 1.1 27f6faf9790b5a2877fb528fa31f7922.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 04:30:07 GMT
age: 50023
etag: "7339ad7b4f37cc37cb712207a7b3a5ac9355d9dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5530631-4859-4685-8ab3-a5b1013cd2cb.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5530631-4859-4685-8ab3-a5b1013cd2cb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1ae1fe42d639643009ccee5a7ef770fd
d43bb27911013930ed09d9609a71d737e0838556
d5fc8515f49a0b90e083f6a6025c3dc71dba286e15d5b3f841772d60d2e68fb2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5530631-4859-4685-8ab3-a5b1013cd2cb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11527
x-amzn-requestid: a2a00c3d-12f7-412b-ba02-6bda7aa60586
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNfYZHXhIAMFVYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687902-593d2a380bac7a567af893d3;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:18:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: -4aHIcRGJA05uxZs2HkLI5SBdino1x_a5dIH9soWfxKe1mVNhwpglA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 09:59:00 GMT
age: 30290
etag: "d43bb27911013930ed09d9609a71d737e0838556"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash b5c02423b4932343467a4395820d995b
385483671c21d4a37ee28e7c26e8cc198342c7bc
6bd8edc328d729a185f6d4e8fdc03e00bba73c92f941c232ffaeeb5a180c9c16
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash cc6bc0328a0b47b32c004162363f93e7
ea2e2e8dc44f9f53d1329b44683455b8cb95113b
0d8a3c793b15d06d3ad4d4d1b4a637711cda1aaf113443fa9137077ba5edf1b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad1abae5-6437-44bf-8428-756b825e5be6.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad1abae5-6437-44bf-8428-756b825e5be6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 88c9931a009690991e73c5b37a1aa085
815a4a1eb8c8e2a138fb3d65ba777b0c18fa15d0
74e70391889e4b46742033b1d5daccfec415ba2ee999e429d1013fd4a1ebc61a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad1abae5-6437-44bf-8428-756b825e5be6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8294
x-amzn-requestid: 233f9724-1c36-426d-8299-1f6577a6e5e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bZ4lmE60IAMF1Lw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636d6e23-4b2763b42d8a57044dfa8144;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 21:33:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QaMTrn0ZUptFLGY0x7bytPsJZHnLvdpMnU0XGCBU2pkmiA4MO8DIUw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 21:46:56 GMT
etag: "815a4a1eb8c8e2a138fb3d65ba777b0c18fa15d0"
content-type: image/jpeg
age: 74214
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4094512-9a5a-47aa-9796-9f630fb1c13f.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4094512-9a5a-47aa-9796-9f630fb1c13f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13f7b6eea163326da8c58ae5c09efccd
e0d1ebb35a16c686eae3d31eb85ac72278459b05
13f2f428acb7806808d957a8167ab2c139a5d0f59798671465717f2b39b914a9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4094512-9a5a-47aa-9796-9f630fb1c13f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8581
x-amzn-requestid: 385174fe-153f-448f-be5e-9ea3b5757ff9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bZ4u1EYOIAMFncA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636d6e5e-6084a34f58df22037275e676;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 21:34:22 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xSnHWpFlXeyf08gYjPn02H88Hta9fhiDjDOukoKtt6PPVBl_gNTfgw==
via: 1.1 dfc972676b24a6d23251d4f298dfa08c.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 21:46:56 GMT
age: 74214
etag: "e0d1ebb35a16c686eae3d31eb85ac72278459b05"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85c6f450b38f41a2fb924d6d9a9cbff8
691f59b65ca9fde4f59bbf96b37071e07351f190
c8f877488a2cf65f0d9829384fd4113847722a1b4df94b6b1d5788699689722c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5583
x-amzn-requestid: e844f42a-e87e-4e61-8c97-137c07c5ae28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNeQ9Ho7IAMF5_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687739-62c44d2f7d23632e74895bd8;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:10:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uHlIN1IVGCFUVl5lx5pFSux0YncseT2HQjiwFDL9eaEaBa9CdnCl8g==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 07:47:38 GMT
age: 38172
etag: "691f59b65ca9fde4f59bbf96b37071e07351f190"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c9847f2-3b5e-4950-9792-a512af36da58.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c9847f2-3b5e-4950-9792-a512af36da58.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f29164fb4dd64d9ce60566fbebd40f0a
96de8f2627e1103c5e6beb5d64cdbc09f97fce82
8eba6095edfed1ee1402c050727f81b8a9942625fd1c9cbb3bac4e51ee178577
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c9847f2-3b5e-4950-9792-a512af36da58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6517
x-amzn-requestid: 78eb1490-4afb-497e-9dbd-afd6ddf9cc48
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bG23pFPLoAMFxcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6365d1ca-4c9caca164576bfe07c9c05c;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 03:00:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: zllrXRZmtjHqA98lS_q0Wtx5TeEh2cEy3tr_eGkozM_jWxTIA5d60g==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 21:48:34 GMT
age: 74116
etag: "96de8f2627e1103c5e6beb5d64cdbc09f97fce82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.202200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.202:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Fri, 11 Nov 2022 18:23:50 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.202200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.202:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash a158d920b2df709f144c06791fca253d
1d4e6f701f51f735ae498b83f790a0ba3b1e80bd
4af94ff04264c1e379f8ff9f8ca00aa780a169217df8a2d8f3baef859f4132fb
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 11 Nov 2022 18:23:50 GMT
server: ESF
cache-control: private
content-length: 30985
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash a7d7a5379a732fc5eadab78de886cc31
6df8c63644e97bf57262415f24e270c718e1758b
c355159cc937a19485f62cc446530f319749237e147adbb2c5784d1d2c20ed64
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 7171d02d216ac649ab6e73f5337dfde4
e04e06ab17746f29d9135b7de044f18f0010058e
2ac7b22ebfeec974205fae0f553476fa49e4cbfb812212918490e937faf71250
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/4SYq0xIO-MK2Jr4OcNDxUBrGM44TY0h05pr7aY6Tf6c.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/4SYq0xIO-MK2Jr4OcNDxUBrGM44TY0h05pr7aY6Tf6c.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (35997)
Hash 0d39fb7048438d673bf4164bb65fbbcc
8be882770bc26b2ed49ef59322b82fe23cd8c6c2
edc6ea4d9294c971c4541d7b04425c364c75cd5a94b7a68203a63ac96b13ddf4
GET /js/th/4SYq0xIO-MK2Jr4OcNDxUBrGM44TY0h05pr7aY6Tf6c.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14246
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 07 Nov 2022 16:22:42 GMT
expires: Tue, 07 Nov 2023 16:22:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 20 Oct 2022 10:30:00 GMT
content-type: text/javascript
age: 352868
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.ytimg.com/vi/2D_waOuMUho/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-BIAC6AKKAgwIABABGGUgTChGMA8=&rs=AOn4CLDWbQfHUV7Uc9Uk1aZAOVLe1Cs9gg
216.58.207.214200 OK 41 kB URL HTTP/2 i.ytimg.com/vi/2D_waOuMUho/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-BIAC6AKKAgwIABABGGUgTChGMA8=&rs=AOn4CLDWbQfHUV7Uc9Uk1aZAOVLe1Cs9gg
IP 216.58.207.214:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x480, components 3\012- data
Hash 945b6b64acd07a4102ebc30fd15dc77c
0058113bd5724ed2e8f3d07d7cb253fdbb64767d
ac5057171cd20776f216020275364e2cd4f9c9faccb984f650cfa66c2949af6b
GET /vi/2D_waOuMUho/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-BIAC6AKKAgwIABABGGUgTChGMA8=&rs=AOn4CLDWbQfHUV7Uc9Uk1aZAOVLe1Cs9gg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 40640
date: Fri, 11 Nov 2022 18:23:50 GMT
expires: Fri, 11 Nov 2022 18:28:50 GMT
cache-control: public, max-age=300
etag: "0"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 2b484dd308df8e6db63c8a4756196a74
67e9033dc689e7e2d85a42a8e2be90d61603e5d5
d577a50be0e13828691959a8704e414cef6fb8aa8636a1aaccf95e9165f9e788
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 7171d02d216ac649ab6e73f5337dfde4
e04e06ab17746f29d9135b7de044f18f0010058e
2ac7b22ebfeec974205fae0f553476fa49e4cbfb812212918490e937faf71250
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/H44RitbmTEpHjozpAX0NyuMbase3r7aarPdEeQfsaygQaTXqJu5WU8fnIeDa6EISViBl8PXB=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 3.7 kB URL HTTP/2 yt3.ggpht.com/H44RitbmTEpHjozpAX0NyuMbase3r7aarPdEeQfsaygQaTXqJu5WU8fnIeDa6EISViBl8PXB=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash b3300cbc42140580c0d2b137bc6aef74
8e511020da0abd0f2ee36bf9ba4996680094aa1e
e252e830e49624517b049c38ebd9052936c390f5ad778499fe6f74762e593b91
GET /H44RitbmTEpHjozpAX0NyuMbase3r7aarPdEeQfsaygQaTXqJu5WU8fnIeDa6EISViBl8PXB=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Sat, 12 Nov 2022 18:23:50 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="channels4_profile.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Fri, 11 Nov 2022 18:23:50 GMT
server: fife
content-length: 3716
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 2b484dd308df8e6db63c8a4756196a74
67e9033dc689e7e2d85a42a8e2be90d61603e5d5
d577a50be0e13828691959a8704e414cef6fb8aa8636a1aaccf95e9165f9e788
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 11 Nov 2022 18:23:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.207.202200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.207.202:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Fri, 11 Nov 2022 18:23:51 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.207.202200 OK 114 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.207.202:0
File type JSON data\012- , ASCII text, with no line terminators
Hash fdba03a17794df0844b330fa9b2f60a2
83bdd2b6999ff75ba99b7af94925b8550c4925d7
47fff7535e7a0f30efbed15ec1aa9c6c1246c75c4601187e93d3d0c077ceb38a
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 878
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 11 Nov 2022 18:23:51 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.tildacdn.com/js/tilda-stat-1.0.min.js
92.223.97.97200 OK 4.2 kB URL HTTP/2 static.tildacdn.com/js/tilda-stat-1.0.min.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (8721), with no line terminators
Hash 24cd84a34ccc03fd9e1fc1f01159c483
ef3dd8b14ac8590f2f4e29e90c5ff55a3257f506
e81e8ea4d95348f25ea6a57af9150cb5c8286769b3cceb7dc67320b47e9d760b
GET /js/tilda-stat-1.0.min.js HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:51 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 07 Sep 2022 13:40:09 GMT
etag: W/"63189f39-2211"
tserver: 13
content-encoding: br
cache: HIT, HIT
x-cached-since: 2022-09-07T13:40:14+00:00, 2022-10-04T20:41:58+00:00
x-id: m9p-up-gc10, sto5-up-gc12
X-Firefox-Spdy: h2
sysstat.tildacdn.com/api/img/speed/?img_d=[{%22time%22:30,%22th%22:%22y%22},{%22time%22:60,%22th%22:%22y%22},{%22time%22:65,%22th%22:%22y%22},{%22time%22:67,%22th%22:%22y%22},{%22time%22:69,%22th%22:%22y%22},{%22time%22:74,%22th%22:%22y%22},{%22time%22:96,%22th%22:%22y%22},{%22time%22:94,%22th%22:%22y%22}]
5.188.159.120200 OK 2 B URL HTTP/1.1 sysstat.tildacdn.com/api/img/speed/?img_d=[{%22time%22:30,%22th%22:%22y%22},{%22time%22:60,%22th%22:%22y%22},{%22time%22:65,%22th%22:%22y%22},{%22time%22:67,%22th%22:%22y%22},{%22time%22:69,%22th%22:%22y%22},{%22time%22:74,%22th%22:%22y%22},{%22time%22:96,%22th%22:%22y%22},{%22time%22:94,%22th%22:%22y%22}]
IP 5.188.159.120:0
ASN #49505 OOO Network of data-centers Selectel
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /api/img/speed/?img_d=[{%22time%22:30,%22th%22:%22y%22},{%22time%22:60,%22th%22:%22y%22},{%22time%22:65,%22th%22:%22y%22},{%22time%22:67,%22th%22:%22y%22},{%22time%22:69,%22th%22:%22y%22},{%22time%22:74,%22th%22:%22y%22},{%22time%22:96,%22th%22:%22y%22},{%22time%22:94,%22th%22:%22y%22}] HTTP/1.1
Host: sysstat.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://quick-exchange.com
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:23:57 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: *
sysstat.tildacdn.com/api/performance/?{%22FP%22:2170,%22domInteractive%22:1618,%22DOMloaded%22:1715,%22isMob%22:%22n%22,%22hasZB%22:%22y%22,%22hasCCode%22:%22y%22,%22url%22:%22https://quick-exchange.com/%22}
5.188.159.120200 OK 2 B URL HTTP/1.1 sysstat.tildacdn.com/api/performance/?{%22FP%22:2170,%22domInteractive%22:1618,%22DOMloaded%22:1715,%22isMob%22:%22n%22,%22hasZB%22:%22y%22,%22hasCCode%22:%22y%22,%22url%22:%22https://quick-exchange.com/%22}
IP 5.188.159.120:0
ASN #49505 OOO Network of data-centers Selectel
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /api/performance/?{%22FP%22:2170,%22domInteractive%22:1618,%22DOMloaded%22:1715,%22isMob%22:%22n%22,%22hasZB%22:%22y%22,%22hasCCode%22:%22y%22,%22url%22:%22https://quick-exchange.com/%22} HTTP/1.1
Host: sysstat.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://quick-exchange.com
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Nov 2022 18:23:57 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: *
static.tildacdn.com/css/tilda-popup-1.1.min.css
92.223.97.97200 OK 0 B URL HTTP/2 static.tildacdn.com/css/tilda-popup-1.1.min.css
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /css/tilda-popup-1.1.min.css HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:49 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 25 Aug 2022 11:04:30 GMT
etag: W/"6307573e-941"
tserver: 8
content-encoding: br
cache: HIT, HIT
x-cached-since: 2022-08-25T11:54:05+00:00, 2022-10-05T09:39:12+00:00
x-id: m9p-up-gc10, sto5-up-gc11
X-Firefox-Spdy: h2
geo.tildacdn.com/geo/country/
193.3.17.195200 OK 0 B URL HTTP/2 geo.tildacdn.com/geo/country/
IP 193.3.17.195:0
ASN #210753 Tilda Publishing LLC
GET /geo/country/ HTTP/1.1
Host: geo.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://quick-exchange.com
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 11 Nov 2022 18:23:49 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: gzip
x-tilda-server: 9
X-Firefox-Spdy: h2
www.youtube.com/s/player/c4225c42/player_ias.vflset/en_US/base.js
142.250.74.142200 OK 0 B URL HTTP/2 www.youtube.com/s/player/c4225c42/player_ias.vflset/en_US/base.js
IP 142.250.74.142:0
GET /s/player/c4225c42/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/2D_waOuMUho?
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding, Origin
content-encoding: br
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 588928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Nov 2022 18:54:47 GMT
expires: Thu, 09 Nov 2023 18:54:47 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 07 Nov 2022 01:22:49 GMT
content-type: text/javascript
age: 170942
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.tildacdn.com/js/jquery-1.10.2.min.js
92.223.97.97200 OK 0 B URL HTTP/2 static.tildacdn.com/js/jquery-1.10.2.min.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /js/jquery-1.10.2.min.js HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Sun, 25 Apr 2021 08:11:36 GMT
etag: W/"60852438-16b88"
tserver: 13
content-encoding: br
cache: HIT, HIT
x-cached-since: 2022-08-15T13:49:29+00:00, 2022-10-06T02:13:09+00:00
x-id: m9-up-gc52, sto5-up-gc10
X-Firefox-Spdy: h2
static.tildacdn.com/css/tilda-forms-1.0.min.css
92.223.97.97200 OK 0 B URL HTTP/2 static.tildacdn.com/css/tilda-forms-1.0.min.css
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /css/tilda-forms-1.0.min.css HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:49 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 18 Oct 2022 08:51:25 GMT
etag: W/"634e690d-19eb"
tserver: 10
content-encoding: br
cache: HIT, HIT
x-cached-since: 2022-11-06T12:59:52+00:00, 2022-11-10T14:28:40+00:00
x-id: m9p-up-gc37, sto5-up-gc15
X-Firefox-Spdy: h2
static.tildacdn.com/js/lazyload-1.3.min.js
92.223.97.97200 OK 0 B URL HTTP/2 static.tildacdn.com/js/lazyload-1.3.min.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /js/lazyload-1.3.min.js HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:49 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 09 Nov 2022 13:47:45 GMT
etag: W/"636baf81-4d91"
tserver: 13
content-encoding: br
cache: BYPASS, HIT
x-cached-since: 2022-11-04T10:55:52+00:00, 2022-11-09T13:47:52+00:00
x-id: m9-up-gc46, sto5-up-gc11
X-Firefox-Spdy: h2
www.youtube.com/embed/2D_waOuMUho?
142.250.74.142200 OK 0 B URL HTTP/2 www.youtube.com/embed/2D_waOuMUho?
IP 142.250.74.142:0
GET /embed/2D_waOuMUho? HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 11 Nov 2022 18:23:49 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=jg0oWpY4yAk; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=Ek-t_1q4tcc; Domain=.youtube.com; Expires=Wed, 10-May-2023 18:23:49 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+175; expires=Sun, 10-Nov-2024 18:23:49 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.tildacdn.com/js/tilda-scripts-3.0.min.js
92.223.97.97200 OK 0 B URL HTTP/2 static.tildacdn.com/js/tilda-scripts-3.0.min.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /js/tilda-scripts-3.0.min.js HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:48 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 21 Sep 2022 11:45:44 GMT
etag: W/"632af968-3618"
tserver: 13
content-encoding: br
cache: HIT, HIT
x-cached-since: 2022-09-21T11:45:55+00:00, 2022-09-21T11:45:57+00:00
x-id: m9-up-gc66, sto5-up-gc10
X-Firefox-Spdy: h2
static.tildacdn.com/js/tilda-zero-1.1.min.js
92.223.97.97200 OK 0 B URL HTTP/2 static.tildacdn.com/js/tilda-zero-1.1.min.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /js/tilda-zero-1.1.min.js HTTP/1.1
Host: static.tildacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quick-exchange.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 11 Nov 2022 18:23:49 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 08 Nov 2022 08:30:21 GMT
etag: W/"636a139d-5506"
tserver: 10
content-encoding: br
cache: HIT, HIT
x-cached-since: 2022-11-08T08:30:29+00:00, 2022-11-08T08:30:29+00:00
x-id: m9p-up-gc37, sto5-up-gc14
X-Firefox-Spdy: h2