r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 20d267853e48ef7d476459ed67da5d97
06d1bd08efd69c0e93486d3c423fa2640f372d29
24323cd45ca2ed01c63f908233d9b2ad5bb6f63394884c45bf6abb0221d0edd6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "24323CD45CA2ED01C63F908233D9B2AD5BB6F63394884C45BF6ABB0221D0EDD6"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13649
Expires: Sat, 21 Jan 2023 06:14:48 GMT
Date: Sat, 21 Jan 2023 02:27:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b36ef73c20dffb6bc10194bbd2d0dcfa
a67a4023dc8b4944debaeb92f3ba0f1402c079a6
05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4937
Expires: Sat, 21 Jan 2023 03:49:36 GMT
Date: Sat, 21 Jan 2023 02:27:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7afaa97fbfa9baa1485c892eac8e114d
8c17c707c218e28ac14197ce8e5eef873207a732
59db16baacb452453dbf44fc2a24f25ab09c4dbaec3a9271fda84230d8f11925
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59DB16BAACB452453DBF44FC2A24F25AB09C4DBAEC3A9271FDA84230D8F11925"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8443
Expires: Sat, 21 Jan 2023 04:48:02 GMT
Date: Sat, 21 Jan 2023 02:27:19 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 21 Jan 2023 01:49:35 GMT
content-type: application/json
age: 2264
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: wT/9U3RnwW0NOSGra2a/F81r6ZkSimndwdITZFmxLiizC2yFLud9HrDcFl2HmQ2kkxDS+ThcvQw=
x-amz-request-id: H56J61PWQKRVSZFD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 21 Jan 2023 02:17:50 GMT
age: 569
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
smallfriendsnantucket.org/backup/01UJlngrKb9Y6eU39hpcOAB/
192.124.249.175302 Found 227 B URL HTTP/1.1 smallfriendsnantucket.org/backup/01UJlngrKb9Y6eU39hpcOAB/
IP 192.124.249.175:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0a13ead41176796bb817b09457fb09ee
d87cec10ea002a5a6c4ade25c9c0c4f39400024f
78c13043ace1fb010dfa0aa9cce46aae393c98d09eb443732924e5bb5eaa812b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /backup/01UJlngrKb9Y6eU39hpcOAB/ HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: Sucuri/Cloudproxy
Date: Sat, 21 Jan 2023 02:27:19 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 227
Connection: keep-alive
X-Sucuri-ID: 19025
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: https://smallfriendsnantucket.org/index.php
X-Sucuri-Cache: EXPIRED
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:19 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 790fad570a0ad43da9b7f843fb278dc1
c465bc42ff595ec40186628f58c26ba235761c35
b6faba5eb760d0a1f7818e19d567ecd3df496455fb7a6b4490a73dc0d87ced28
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 21 Jan 2023 02:27:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 20 Jan 2023 20:53:35 GMT
Expires: Sat, 21 Jan 2023 20:53:35 GMT
ETag: "c465bc42ff595ec40186628f58c26ba235761c35"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
smallfriendsnantucket.org/index.php
192.124.249.175301 Moved Permanently 0 B URL HTTP/2 smallfriendsnantucket.org/index.php
IP 192.124.249.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /index.php HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 21 Jan 2023 02:27:19 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://smallfriendsnantucket.org/
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
x-redirect-by: WordPress
vary: Accept-Encoding
x-sucuri-cache: HIT
X-Firefox-Spdy: h2
smallfriendsnantucket.org/
192.124.249.175200 OK 5.7 kB URL HTTP/2 smallfriendsnantucket.org/
IP 192.124.249.175:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (9381), with CRLF, LF line terminators
Hash 7d0282378ccbcaa8a838df3844e483c7
4eb695bd2988271dbf64c1cae622c1bd271bf468
7e591c769a6daadbf778baea583aee4d58835a68b27ef9ccfe2c43abc5a9dd47
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:19 GMT
content-type: text/html; charset=UTF-8
content-length: 5675
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
link: <https://smallfriendsnantucket.org/wp-json/>; rel="https://api.w.org/", <https://smallfriendsnantucket.org/wp-json/wp/v2/pages/2>; rel="alternate"; type="application/json", <https://smallfriendsnantucket.org/>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip
x-sucuri-cache: HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5422c49666fc195ae94aa0f5cf837bfc
e0f1dd926cd9328ccf9cc99389337056c62f1043
f639aad2dc85708fa922b793660f13ae597f275a8ebf61e7e72fb2bce257cc76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 21 Jan 2023 01:48:58 GMT
age: 2301
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5422c49666fc195ae94aa0f5cf837bfc
e0f1dd926cd9328ccf9cc99389337056c62f1043
f639aad2dc85708fa922b793660f13ae597f275a8ebf61e7e72fb2bce257cc76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Raleway:400,400i,500,500i,600,600i700,700i
142.250.74.106200 OK 1.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Raleway:400,400i,500,500i,600,600i700,700i
IP 142.250.74.106:0
Hash 8894d34ed7474db07da65596569b2397
100d1ecaa09cacffc61bcc1d1539d73b3b52f038
c996fee4528eea385bd96bd52ef046313c2f18199db5868d40cb6b646ec3894e
GET /css?family=Raleway:400,400i,500,500i,600,600i700,700i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 21 Jan 2023 02:27:19 GMT
date: Sat, 21 Jan 2023 02:27:19 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-includes/css/classic-themes.min.css
192.124.249.175200 OK 145 B URL HTTP/2 smallfriendsnantucket.org/wp-includes/css/classic-themes.min.css
IP 192.124.249.175:0
Hash 2dfb9ddeabe846b150087876ceb22a74
c9e3350631e53855d04d6dce360a675c84b3131d
26ef5cb63a695419cf11c79a759b46c5568df3716e4f1d36e7612b3695d5b554
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/classic-themes.min.css HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:19 GMT
content-type: text/css
content-length: 145
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 14 Dec 2022 19:33:41 GMT
etag: "57013c8-d9-5efced06072da-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-content/plugins/gravityforms/js/jquery.json.min.js
192.124.249.175200 OK 882 B URL HTTP/2 smallfriendsnantucket.org/wp-content/plugins/gravityforms/js/jquery.json.min.js
IP 192.124.249.175:0
File type ASCII text, with very long lines (1848), with no line terminators
Hash 84967c5e03981c74df2513d63d219523
8044218a6ae4560768e34f8e1f48157ecd53ba85
bb1bad53178bb019a8e8ac68e66a523e3fce8d538fa101f3384064fe47438089
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/gravityforms/js/jquery.json.min.js HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:19 GMT
content-type: application/javascript
content-length: 882
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 24 Oct 2018 21:48:52 GMT
etag: "56e1e07-738-5790073b8b900-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-includes/css/dist/block-library/style.min.css
192.124.249.175200 OK 12 kB URL HTTP/2 smallfriendsnantucket.org/wp-includes/css/dist/block-library/style.min.css
IP 192.124.249.175:0
File type ASCII text, with very long lines (47826)
Hash 5e3752655a7a33c049db06c0edf386e6
573c51b0de413f30a220c9261506635f9daf2b81
d6571c641370e9bb83b25b5a493fca6ae3109ae384f7a8a9507ccdfb9067627d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:19 GMT
content-type: text/css
content-length: 11590
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 14 Dec 2022 19:33:44 GMT
etag: "5701f60-172a9-5efced0865a04-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-includes/js/jquery/jquery-migrate.min.js
192.124.249.175200 OK 4.0 kB URL HTTP/2 smallfriendsnantucket.org/wp-includes/js/jquery/jquery-migrate.min.js
IP 192.124.249.175:0
File type ASCII text, with very long lines (11126)
Hash 1fbb59519536e28eeb7ae7173973c39f
f6542c5d0f96f621eea4f3cb442021dfe33863fa
b1b54befd52c3605721bf8b5a6c0290c572929138358738826873751256b191c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:19 GMT
content-type: application/javascript
content-length: 3998
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 14 Dec 2022 19:35:27 GMT
etag: "57200bd-2bd8-5efced6b054a7-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-content/plugins/gravityforms/js/gravityforms.min.js
192.124.249.175200 OK 8.0 kB URL HTTP/2 smallfriendsnantucket.org/wp-content/plugins/gravityforms/js/gravityforms.min.js
IP 192.124.249.175:0
File type ASCII text, with very long lines (26499), with no line terminators
Hash 9c7d2c3b8dc68bcf6a5b3161b30d5b18
952be3188610a8b7d7ab824858906a9aaa3e313f
bee2e75fb22770b2e7cc58d62afb382c69651c1754f3b3698051f176d29b56b6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/gravityforms/js/gravityforms.min.js HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:19 GMT
content-type: application/javascript
content-length: 7989
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 24 Oct 2018 21:48:52 GMT
etag: "56e1df9-6783-5790073b8b900-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-includes/js/jquery/jquery.min.js
192.124.249.175200 OK 30 kB URL HTTP/2 smallfriendsnantucket.org/wp-includes/js/jquery/jquery.min.js
IP 192.124.249.175:0
File type ASCII text, with very long lines (65447)
Hash fb1aea2f7ce09f9d2e290d73d57defdf
62d40e64c8aeff20834868816d20d6a645fd2565
367cc15d582c7056695a307c1ef9b32a9e4810c16e33f27eac05909a1f57d4b4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:19 GMT
content-type: application/javascript
content-length: 30350
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 14 Dec 2022 19:35:28 GMT
etag: "57200c8-15e54-5efced6b91ea9-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/styles/main-e0f78736e9.css
192.124.249.175200 OK 56 kB URL HTTP/2 smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/styles/main-e0f78736e9.css
IP 192.124.249.175:0
File type ASCII text, with very long lines (34434)
Hash 8560b8a7990ee3bdc6f826e23c4588c4
fbecbf8d6cb231ea846dd8da99c99affee31dc90
60a7271fa1ad3e53a21dd025a00df185611ea3a94ae11ccc81357a0cfd894267
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/smallfriends/dist/styles/main-e0f78736e9.css HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:19 GMT
content-type: text/css
content-length: 56111
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 12 Feb 2019 05:33:50 GMT
etag: "56612b4-7eaef-581abc51dab80-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/scripts/main-7ae8fc595e.js
192.124.249.175200 OK 48 kB URL HTTP/2 smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/scripts/main-7ae8fc595e.js
IP 192.124.249.175:0
File type ASCII text, with very long lines (31994)
Hash e5d1eee10ade7857085ddb2904aaf5eb
7ade9ca8076ed620ce4f683d8832660d75686d1a
c4d989653f1f27668b804d41ed0221f8a60d88c1bacc10ac8ef47325a2a0d58c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/smallfriends/dist/scripts/main-7ae8fc595e.js HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:19 GMT
content-type: application/javascript
content-length: 48140
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 12 Feb 2019 05:33:58 GMT
etag: "56612af-2fb70-581abc597bd80-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.163.38.240101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.38.240:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UkRKihpMcBP70GJJC3vhOw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7gfwXrenLTwZ8njbySTY4mC9NwM=
smallfriendsnantucket.org/wp-content/uploads/hm_custom_css_js/custom.css
192.124.249.175200 OK 217 B URL HTTP/2 smallfriendsnantucket.org/wp-content/uploads/hm_custom_css_js/custom.css
IP 192.124.249.175:0
File type ASCII text, with very long lines (482), with no line terminators
Hash 0c41032389d04f37627797cf7078c318
bc111a89d71c599b2bd2c4ca1a64e2e6b488905f
aa269044977b43633d8ceaeaabd3fde3f17e053ddffc64d6f4b4d02401c69e1f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/hm_custom_css_js/custom.css HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:20 GMT
content-type: text/css
content-length: 217
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Fri, 07 Aug 2020 17:22:39 GMT
etag: "56e2765-1e2-5ac4cda07f5c0-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 9046bdd3634f2cfb8ace7c326c4af05f
d92d1610bbcc211f0648ec87b5aee6a562f606db
eea88fe2aaabd085058e3cf139e8780e1ddeff62e4fb94d6eeabe512a309d8ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e6d21eff1927f7a74984663b16cfe21a
b747f7d42cdf7cfea6900348cd257066b2634222
a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e6d21eff1927f7a74984663b16cfe21a
b747f7d42cdf7cfea6900348cd257066b2634222
a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
216.58.207.227200 OK 46 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://smallfriendsnantucket.org
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 03:37:22 GMT
expires: Thu, 18 Jan 2024 03:37:22 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
age: 254998
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-content/uploads/2018/10/1.jpg
192.124.249.175200 OK 158 kB URL HTTP/2 smallfriendsnantucket.org/wp-content/uploads/2018/10/1.jpg
IP 192.124.249.175:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright= ], baseline, precision 8, 489x326, components 3\012- data
Size 158 kB (157911 bytes)
Hash 2de24f459de99e0976f793d04775ad0b
f6747f5626632c9e8b06b53c2ec559c1f24a5bf5
3a53afd62d4f9c27052d1b80624d354a7fdad1036b73ec4d1abbe694edddf90f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/1.jpg HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:20 GMT
content-type: image/jpeg
content-length: 157911
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 12 Feb 2019 09:13:42 GMT
etag: "56e2690-268d7-581aed76b9d80"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e6d21eff1927f7a74984663b16cfe21a
b747f7d42cdf7cfea6900348cd257066b2634222
a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
smallfriendsnantucket.org/wp-content/uploads/2018/10/3.jpg
192.124.249.175200 OK 203 kB URL HTTP/2 smallfriendsnantucket.org/wp-content/uploads/2018/10/3.jpg
IP 192.124.249.175:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright= ], baseline, precision 8, 489x326, components 3\012- data
Size 203 kB (202591 bytes)
Hash c4aecec359ac0c468699f93f339dbb04
5fa9b30b42e4c565e0cb1f9f534d6cccb10fbee7
0bfee1d365eb9c71d1b082f5be0ca975e2c594475fd236645ba9cce85869fb82
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/3.jpg HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:20 GMT
content-type: image/jpeg
content-length: 202591
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 12 Feb 2019 09:13:47 GMT
etag: "56e272c-3175f-581aed7b7e8c0"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 9046bdd3634f2cfb8ace7c326c4af05f
d92d1610bbcc211f0648ec87b5aee6a562f606db
eea88fe2aaabd085058e3cf139e8780e1ddeff62e4fb94d6eeabe512a309d8ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/s/player/4248d311/www-player.css
142.250.74.78200 OK 50 kB URL HTTP/2 www.youtube.com/s/player/4248d311/www-player.css
IP 142.250.74.78:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 8a6331ed48be29c59230b0c7360068de
22a20436f427d6b8e26eb30ed9aab51a43d389bf
72f0818ab04697fc29d331b2add584f3cd5e269446c7297300701a4666c9d95e
GET /s/player/4248d311/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/3H3EhbxH_po?start=3&&mute=1&autoplay=1&rel=0&loop=1&showinfo=0&controls=0&version=3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 49911
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Jan 2023 16:03:19 GMT
expires: Fri, 19 Jan 2024 16:03:19 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 12 Jan 2023 01:15:11 GMT
content-type: text/css
age: 123841
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-content/uploads/2018/10/2.jpg
192.124.249.175200 OK 200 kB URL HTTP/2 smallfriendsnantucket.org/wp-content/uploads/2018/10/2.jpg
IP 192.124.249.175:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright= ], baseline, precision 8, 489x326, components 3\012- data
Size 200 kB (199826 bytes)
Hash bb10bbe9b62bdbf8844b091c87b322c8
57ef689fabd8c473afbd305a091a2ecd5f144ba3
a82fe2a98dee201144dcf927b8f1ff07b98ce50dce0b68c20d1de4b5619403e1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/2.jpg HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:20 GMT
content-type: image/jpeg
content-length: 199826
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 12 Feb 2019 09:13:44 GMT
etag: "56e2710-30c92-581aed78a2200"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
www.youtube.com/s/player/4248d311/www-embed-player.vflset/www-embed-player.js
142.250.74.78200 OK 109 kB URL HTTP/2 www.youtube.com/s/player/4248d311/www-embed-player.vflset/www-embed-player.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (679)
Size 109 kB (109432 bytes)
Hash 711fcfe6f1ab52d89ab3474d437c1e48
b2f3e69e9d40b193de5e76ae13c6ad9ce0a8e537
361236d1317543e128074c35d22d65a2ba70f6ce9906b07a543e6b3c96239019
GET /s/player/4248d311/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/3H3EhbxH_po?start=3&&mute=1&autoplay=1&rel=0&loop=1&showinfo=0&controls=0&version=3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 109432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Jan 2023 16:03:20 GMT
expires: Fri, 19 Jan 2024 16:03:20 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 12 Jan 2023 01:15:11 GMT
content-type: text/javascript
age: 123840
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Jan 2023 21:48:03 GMT
expires: Fri, 19 Jan 2024 21:48:03 GMT
cache-control: public, max-age=31536000
age: 103157
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/images/logo.png
192.124.249.175200 OK 69 kB URL HTTP/2 smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/images/logo.png
IP 192.124.249.175:0
File type PNG image data, 350 x 144, 8-bit/color RGBA, non-interlaced\012- data
Hash cd5f6ea50873b6df115a4b1cf9c72f26
2d05d5cd27d27a29d94bd1b9392a472133398ef8
89339f2b02de1a3dfe2a7e755c900594ed90363da8a350843cc66b48d614a905
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/smallfriends/dist/images/logo.png HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/styles/main-e0f78736e9.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:20 GMT
content-type: image/png
content-length: 68985
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 12 Feb 2019 05:34:00 GMT
etag: "566129d-10d79-581abc5b64200"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Jan 2023 16:40:43 GMT
expires: Fri, 19 Jan 2024 16:40:43 GMT
cache-control: public, max-age=31536000
age: 121597
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/4248d311/player_ias.vflset/en_US/base.js
142.250.74.78200 OK 611 kB URL HTTP/2 www.youtube.com/s/player/4248d311/player_ias.vflset/en_US/base.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (517)
Size 611 kB (611243 bytes)
Hash 4bafbf546e35e79d802b8e836cf03e3b
cff2ccd4542a73b82c18cdac6b3e4af01198566e
da6660452c1ebd120eb25d4c1a742e2fe20cf5ccfbd3523acb5e1d5693170d70
GET /s/player/4248d311/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/3H3EhbxH_po?start=3&&mute=1&autoplay=1&rel=0&loop=1&showinfo=0&controls=0&version=3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding, Origin
content-encoding: br
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 611243
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Jan 2023 13:03:55 GMT
expires: Fri, 19 Jan 2024 13:03:55 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 12 Jan 2023 01:15:11 GMT
content-type: text/javascript
age: 134605
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/fonts/dk_cool_crayon-webfont.woff2
192.124.249.175200 OK 255 kB URL HTTP/2 smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/fonts/dk_cool_crayon-webfont.woff2
IP 192.124.249.175:0
File type Web Open Font Format (Version 2), TrueType, length 254856, version 1.66\012- data
Size 255 kB (254856 bytes)
Hash 3523b304e30b2aa3f0d12e3600248270
c61c2bf31aba2b3934ae5a1f4776d2a21306b240
310c6a173824e008367a99a617e499aa3b8c9e0bcbea48703777ac704266dc94
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/smallfriends/dist/fonts/dk_cool_crayon-webfont.woff2 HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/styles/main-e0f78736e9.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:20 GMT
content-type: font/woff2
content-length: 254856
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 12 Feb 2019 05:34:00 GMT
etag: "5661292-3e388-581abc5b64200"
accept-ranges: bytes
vary: Accept-Encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/fonts/fontawesome-webfont.woff2?v=4.7.0
192.124.249.175200 OK 77 kB URL HTTP/2 smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 192.124.249.175:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/smallfriends/dist/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/styles/main-e0f78736e9.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:20 GMT
content-type: font/woff2
content-length: 77160
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 12 Feb 2019 05:34:00 GMT
etag: "5661296-12d68-581abc5b64200"
accept-ranges: bytes
vary: Accept-Encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/images/favicon.png
192.124.249.175200 OK 34 kB URL HTTP/2 smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/images/favicon.png
IP 192.124.249.175:0
File type PNG image data, 190 x 190, 8-bit/color RGBA, non-interlaced\012- data
Hash c69f7e033b9f7e62059138fd0a42d960
52d694097bc54ed96a8693b3f6e078e1d6f5e5a8
c6f94616469405a9f55e9f7b58d577aa36d2f5f2d321eb137e33cda4845359ce
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/smallfriends/dist/images/favicon.png HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:20 GMT
content-type: image/png
content-length: 34463
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 12 Feb 2019 05:34:00 GMT
etag: "56612a7-869f-581abc5b64200"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 17f5ba39b1f66e39ad760d8e85018d79
7f21e8b294282191409297adeaace6be817f39f3
3a1bab6643c631b02d842788328cf1417059c4beb1b274e684253c7201ee18d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 875fc1415608498b67d609fd3b7335ae
463aca613dcdfc3446e7c7f4663d9577ef92f94e
fcb4c1657bc5afb8c1adfbec67198211be206ff61b5cc7c13565d5ce492de66e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.134200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.134:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Jan 2023 02:17:35 GMT
expires: Sat, 21 Jan 2023 02:32:35 GMT
cache-control: public, max-age=900
age: 586
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.162302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Sat, 21 Jan 2023 02:27:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 17f5ba39b1f66e39ad760d8e85018d79
7f21e8b294282191409297adeaace6be817f39f3
3a1bab6643c631b02d842788328cf1417059c4beb1b274e684253c7201ee18d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.234200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.234:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sat, 21 Jan 2023 02:27:21 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id?slf_rd=1
142.250.74.162200 OK 120 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id?slf_rd=1
IP 142.250.74.162:0
Hash 8d77e63c7028610c3f835e6d1e17aad7
54a271325e8ea2be0f3ac22c97feff09670d9025
ba34e699fbdb52ff671ef375db17d14d3157974a63361c94d8e10e8695429e76
GET /pagead/id?slf_rd=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Referer: https://www.youtube.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
content-type: application/json; charset=UTF-8
date: Sat, 21 Jan 2023 02:27:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 120
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 875fc1415608498b67d609fd3b7335ae
463aca613dcdfc3446e7c7f4663d9577ef92f94e
fcb4c1657bc5afb8c1adfbec67198211be206ff61b5cc7c13565d5ce492de66e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.234200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.234:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 13a561ef34cab08c57a7a27247436281
99dd89d7d2a05a970eff3640006317a9fb8b1d8b
dd9bdc23cb7e8630d2fcbb6e9bf877092ce2e4d8207b83eb9855e91d436325fd
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 21 Jan 2023 02:27:21 GMT
server: ESF
cache-control: private
content-length: 30856
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 34a6ffa8918b00f3f6d21bd90db799f4
6573697e6488b07ba3551ca7fea9b89220494b3a
dff7862c0cfa5ae27f6e8daef94bf0cd05000b667dbabd62a673ec0354e4873b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/wBNXk7Q6V2dkHawik5TUb6id0fydDqlxfrWFyJdQ6Xw.js
216.58.211.4200 OK 14 kB URL HTTP/2 www.google.com/js/th/wBNXk7Q6V2dkHawik5TUb6id0fydDqlxfrWFyJdQ6Xw.js
IP 216.58.211.4:0
File type ASCII text, with very long lines (36000)
Hash b40bdd235c7883921e2b18743b3aea21
9aaa96e2ec231327ba976911513989568c56c7c1
8b00f3a7d9b7acabf6b991926d7543944771ce1431efd342dea743192ec667e3
GET /js/th/wBNXk7Q6V2dkHawik5TUb6id0fydDqlxfrWFyJdQ6Xw.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14173
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 20:52:40 GMT
expires: Thu, 18 Jan 2024 20:52:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Jan 2023 15:00:00 GMT
content-type: text/javascript
age: 192881
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b6b06a47d5f35483956c51ae6b96af06
e49f5f703895b470f0afafe0d2182f0f49383b2c
b14f34188f8acb034cc830f2fb93521063d1089be92f0fac7b3e306d54ea8944
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2179
Expires: Sat, 21 Jan 2023 03:03:40 GMT
Date: Sat, 21 Jan 2023 02:27:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2179
Expires: Sat, 21 Jan 2023 03:03:40 GMT
Date: Sat, 21 Jan 2023 02:27:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2179
Expires: Sat, 21 Jan 2023 03:03:40 GMT
Date: Sat, 21 Jan 2023 02:27:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2179
Expires: Sat, 21 Jan 2023 03:03:40 GMT
Date: Sat, 21 Jan 2023 02:27:21 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b7e829d-d4bc-4fa0-b5e5-e4527e48fd42.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b7e829d-d4bc-4fa0-b5e5-e4527e48fd42.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4483cb695fef2fe82f38a65e18ea1fd7
ea95504fc5be0259c8c3a39f47f8fcb322bca88d
807a120b964ee7ec7c83c5d943d29cea5df2171291ad1b99de9ef4df7e7e9046
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b7e829d-d4bc-4fa0-b5e5-e4527e48fd42.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9657
x-amzn-requestid: 03212f9c-5fb4-4cee-9474-cda1fbe1bb6c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: exa_7EfzIAMF8Bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c3a532-0f6da5925a2396020a9f2e89;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 07:03:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oWzXvF9KHIxUm0L4skYdF_t1yw_NwiCNNUiLe3KyUv8gTY7HyVcp7g==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 04:38:43 GMT
age: 78518
etag: "ea95504fc5be0259c8c3a39f47f8fcb322bca88d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a7ab95a69ddfa5014258076e66a6e19
1a54cca86788536002d6d18c5180ccf265ba1169
09348afd6055b26b5dba6f8f6ef763d52e6e040c039c6f763d64f71b8ca08d51
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10988
x-amzn-requestid: 67c03c6c-3896-4890-a75b-ecd7c1c1a4e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foHG8tIAMF3XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61300-2de17e5b0225f9427c197bc5;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cxuHpm9vR0_DvHdEtR5p5eRRNAFgCrOTnak0RsH3OeCccehhurKhJA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 01:38:03 GMT
age: 2958
etag: "1a54cca86788536002d6d18c5180ccf265ba1169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96cce020-7bd3-4d07-a265-a0ff76f15c24.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96cce020-7bd3-4d07-a265-a0ff76f15c24.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eff1c7571054ef3a3535dc3cf0756d38
54ccc9d66c916cab0d7b70135e0331d83f57a2d1
6d2f74f27c2622882bf06980569a8a6cf6402e2ec800cf9987c86a3779d1b023
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96cce020-7bd3-4d07-a265-a0ff76f15c24.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10300
x-amzn-requestid: ba8a3ff1-2c2c-4f83-8524-20a003f25ca2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: etkvHGbOoAMF18g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c21b2d-0cc97cf827da6b61341da50c;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 03:02:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gTUDFWnRFsXI4FoRd-aXSzDLR8JtQfbtwoIImdqzTKpw3qm2RrscSw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 21:39:27 GMT
age: 17274
etag: "54ccc9d66c916cab0d7b70135e0331d83f57a2d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4f85f34-177a-42e1-8337-e98ac6995842.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4f85f34-177a-42e1-8337-e98ac6995842.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b48f53e84a3ec564b35cf6b0754d09bb
dc7ad580f90e8af4349f409fb0302a79c672ff99
37d8f9a37eed22705123275ac7a36ff34bcdea1b2faaa7108a7112afe5a8201f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4f85f34-177a-42e1-8337-e98ac6995842.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6068
x-amzn-requestid: 8962c77a-e852-426f-b37a-024546e0a2ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fD5VKG_zoAMFgZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb08ed-368af491496d024a0142b0e4;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: m9Elq65CekBIl_QIpAhrwIy_gNmHHhxO_lyhmgA_v7T0LUmCXNMOAQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 21:39:27 GMT
age: 17274
etag: "dc7ad580f90e8af4349f409fb0302a79c672ff99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88829ea0-64fb-483f-aec7-5aee09f32f6e.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88829ea0-64fb-483f-aec7-5aee09f32f6e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5ad9f2fef16aac849a0d465c88cfacd3
4e001905147530e41f22cbe575a75f10b6d741b3
0f1f68768230140ea96b26d8d343fc63a2d0fcfc1da6bbd86826f02757339171
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88829ea0-64fb-483f-aec7-5aee09f32f6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10880
x-amzn-requestid: 7e20a469-9620-4c2c-bc94-aa62c7c22419
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e6wWGE55IAMFn_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c760f3-3e00d645794ca28d5f3cd1b0;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 03:01:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: P53twmvhEi3JBSd0UVfdvwNalHMxkj1dUgbw_jvYgaU9UV5chQvEhw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 21:39:27 GMT
age: 17274
etag: "4e001905147530e41f22cbe575a75f10b6d741b3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b5b95d-798c-4d73-bd79-8e3c092be9b0.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b5b95d-798c-4d73-bd79-8e3c092be9b0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4b8e05930ca3ed03e20300b36819b1a
90645bb11f3788a9a03ad1756de541fea594fb15
0530c3fd68291836e997842e3e4b5bbef6086e89686f786dbda059143a5a8b5d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b5b95d-798c-4d73-bd79-8e3c092be9b0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5081
x-amzn-requestid: 56788104-29ed-4ff9-b9c5-58b83e53d169
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: etktlF50oAMFwNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c21b23-1dafe7e12dbeee0e3318ccdc;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 03:01:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 886cYViC-eBqAPpavmVYF0Jxqhsk8VQc8O1KPpTGM1yFpjrs-IxFVw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 11:59:42 GMT
age: 52059
etag: "90645bb11f3788a9a03ad1756de541fea594fb15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.207.234200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.207.234:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sat, 21 Jan 2023 02:27:21 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.207.234200 OK 110 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.207.234:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7a822d1665d6b95e8e66d551bb91131a
a9cc40e1d10d384dd7e3c24dd42c2beae035bf68
d01cb6b9637ed91bebd822f1c90f3d7b98b8738d6b835b68360fd1718ba2dc18
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 930
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 21 Jan 2023 02:27:21 GMT
server: ESF
cache-control: private
content-length: 110
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
yt3.ggpht.com/ytc/AMLnZu8rNhyA1gtV0GwcpF28TxnDhZgCDAW8-whQ_ELi=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 2.7 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu8rNhyA1gtV0GwcpF28TxnDhZgCDAW8-whQ_ELi=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 1730b338c7d441478865111c312b4a30
98a59e9bf0bcd598fb31bc5def8515461634766e
df472d3a02d5aede3a20a4b06e887e1e336a0c14cad96879d350b8a534898d2a
GET /ytc/AMLnZu8rNhyA1gtV0GwcpF28TxnDhZgCDAW8-whQ_ELi=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v20"
expires: Sun, 22 Jan 2023 02:27:21 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sat, 21 Jan 2023 02:27:21 GMT
server: fife
content-length: 2667
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b6b06a47d5f35483956c51ae6b96af06
e49f5f703895b470f0afafe0d2182f0f49383b2c
b14f34188f8acb034cc830f2fb93521063d1089be92f0fac7b3e306d54ea8944
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5d1053bbde6f93f9088bfb77c25c6e7c
bc09ffa94310acf4dd27ec2315f5e7ee8d0bf6d0
562ca8b5ac4a81d86ca3bd9aa7b20447f04017ebc09752a2a5190026663bb3a9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&mh=Bl&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynlk&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1253750&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=video%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=5320859&dur=137.303&lmt=1660385157955353&mt=1674267444&fvip=5&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANqeJ5MSljB-W88rciX_pOQyB7U5XbURo13S7lRlDeG8AiA-WuGKSQ3FQ6_TwNnr9JfP0bLzyuUsdggaldpXC2TQVg%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAKZNhtpiMkTS3vMFmL__FP-dW2NJ5SfOHgSS3bPviHTdAiAHXdldIqOb4s3Z72hJcXQCKlTZYdA9kPC6NzE1gjhs-A%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&range=0-651&rn=1&rbuf=0
91.90.45.173200 OK 1.1 kB URL HTTP/1.1 rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&mh=Bl&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynlk&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1253750&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=video%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=5320859&dur=137.303&lmt=1660385157955353&mt=1674267444&fvip=5&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANqeJ5MSljB-W88rciX_pOQyB7U5XbURo13S7lRlDeG8AiA-WuGKSQ3FQ6_TwNnr9JfP0bLzyuUsdggaldpXC2TQVg%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAKZNhtpiMkTS3vMFmL__FP-dW2NJ5SfOHgSS3bPviHTdAiAHXdldIqOb4s3Z72hJcXQCKlTZYdA9kPC6NzE1gjhs-A%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&range=0-651&rn=1&rbuf=0
IP 91.90.45.173:0
ASN #50304 Blix Solutions AS
File type ASCII text, with very long lines (1092), with no line terminators
Hash ef5f7ca723798d2f509912971fc99ae8
de53db83d787b88c6806f1201dbc65054c3201e2
4b3c9a7ca6c06871c38d093af6936ec79c2447abf1170792e1c46142f03493b8
POST /videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&mh=Bl&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynlk&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1253750&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=video%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=5320859&dur=137.303&lmt=1660385157955353&mt=1674267444&fvip=5&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANqeJ5MSljB-W88rciX_pOQyB7U5XbURo13S7lRlDeG8AiA-WuGKSQ3FQ6_TwNnr9JfP0bLzyuUsdggaldpXC2TQVg%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAKZNhtpiMkTS3vMFmL__FP-dW2NJ5SfOHgSS3bPviHTdAiAHXdldIqOb4s3Z72hJcXQCKlTZYdA9kPC6NzE1gjhs-A%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&range=0-651&rn=1&rbuf=0 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Sat, 21 Jan 2023 02:27:21 GMT
Expires: Sat, 21 Jan 2023 02:27:21 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 1092
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=251&source=youtube&requiressl=yes&mh=Bl&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynlk&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1253750&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=audio%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=2176938&dur=137.361&lmt=1660385600381770&mt=1674267444&fvip=5&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5311224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgIeYCoMxToBL8S_FBupdA4PYfB2CYmgjo0fUqt3-EnDkCIQCOUcHY6xf-lsEC0BQ_E3yI-0HMBRqFHvDzFPgweDoltA%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAKZNhtpiMkTS3vMFmL__FP-dW2NJ5SfOHgSS3bPviHTdAiAHXdldIqOb4s3Z72hJcXQCKlTZYdA9kPC6NzE1gjhs-A%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&range=0-500&rn=2&rbuf=0
91.90.45.173200 OK 1.0 kB URL HTTP/1.1 rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=251&source=youtube&requiressl=yes&mh=Bl&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynlk&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1253750&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=audio%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=2176938&dur=137.361&lmt=1660385600381770&mt=1674267444&fvip=5&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5311224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgIeYCoMxToBL8S_FBupdA4PYfB2CYmgjo0fUqt3-EnDkCIQCOUcHY6xf-lsEC0BQ_E3yI-0HMBRqFHvDzFPgweDoltA%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAKZNhtpiMkTS3vMFmL__FP-dW2NJ5SfOHgSS3bPviHTdAiAHXdldIqOb4s3Z72hJcXQCKlTZYdA9kPC6NzE1gjhs-A%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&range=0-500&rn=2&rbuf=0
IP 91.90.45.173:0
ASN #50304 Blix Solutions AS
File type ASCII text, with very long lines (1013), with no line terminators
Hash 5e01910fd5a19c41d6acf1b0d79284c0
8e5b78f3a38862e193edc721f4588cb4521c735c
4dcf17f46687b1280e35565798a082cf143702ceb6724e78d1667de964f235cc
POST /videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=251&source=youtube&requiressl=yes&mh=Bl&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynlk&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1253750&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=audio%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=2176938&dur=137.361&lmt=1660385600381770&mt=1674267444&fvip=5&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5311224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgIeYCoMxToBL8S_FBupdA4PYfB2CYmgjo0fUqt3-EnDkCIQCOUcHY6xf-lsEC0BQ_E3yI-0HMBRqFHvDzFPgweDoltA%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAKZNhtpiMkTS3vMFmL__FP-dW2NJ5SfOHgSS3bPviHTdAiAHXdldIqOb4s3Z72hJcXQCKlTZYdA9kPC6NzE1gjhs-A%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&range=0-500&rn=2&rbuf=0 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Sat, 21 Jan 2023 02:27:22 GMT
Expires: Sat, 21 Jan 2023 02:27:22 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 1013
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5d1053bbde6f93f9088bfb77c25c6e7c
bc09ffa94310acf4dd27ec2315f5e7ee8d0bf6d0
562ca8b5ac4a81d86ca3bd9aa7b20447f04017ebc09752a2a5190026663bb3a9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4beadc4a4c4da58f8670d70c54b1436d
b46f1db68655290011d2c53cbbfbc8d72dd25b5e
c1fa49980e6bce565c07d7901fd476860a59ed4549ef3fe96e44f093fec6026e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4beadc4a4c4da58f8670d70c54b1436d
b46f1db68655290011d2c53cbbfbc8d72dd25b5e
c1fa49980e6bce565c07d7901fd476860a59ed4549ef3fe96e44f093fec6026e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr5---sn-5go7ynlk.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=video%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=5320859&dur=137.303&lmt=1660385157955353&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANqeJ5MSljB-W88rciX_pOQyB7U5XbURo13S7lRlDeG8AiA-WuGKSQ3FQ6_TwNnr9JfP0bLzyuUsdggaldpXC2TQVg%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Bl&mm=29&mn=sn-5go7ynlk&ms=rdu&mt=1674267934&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgJWqwd61hx8fK1zEx3X3o8ctQbOcQnlVq45zLfaHitTACIFCPsHjhkd7UH4poNCoeH28jihkS7MCEyOVzUtAaSsqw&range=0-651&rn=3&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I=
173.194.6.10200 OK 1.3 kB URL HTTP/1.1 rr5---sn-5go7ynlk.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=video%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=5320859&dur=137.303&lmt=1660385157955353&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANqeJ5MSljB-W88rciX_pOQyB7U5XbURo13S7lRlDeG8AiA-WuGKSQ3FQ6_TwNnr9JfP0bLzyuUsdggaldpXC2TQVg%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Bl&mm=29&mn=sn-5go7ynlk&ms=rdu&mt=1674267934&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgJWqwd61hx8fK1zEx3X3o8ctQbOcQnlVq45zLfaHitTACIFCPsHjhkd7UH4poNCoeH28jihkS7MCEyOVzUtAaSsqw&range=0-651&rn=3&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I=
IP 173.194.6.10:0
File type ASCII text, with very long lines (1252), with no line terminators
Hash 724dbc3351249871c09776c811068280
548ea7af5603bda0b7c146b6ae2e51e6db0b41b2
15fa1259c9e6feb498bee12d68d57ea5a98338bfbb820305ae3225f2cac1b202
POST /videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=video%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=5320859&dur=137.303&lmt=1660385157955353&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANqeJ5MSljB-W88rciX_pOQyB7U5XbURo13S7lRlDeG8AiA-WuGKSQ3FQ6_TwNnr9JfP0bLzyuUsdggaldpXC2TQVg%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Bl&mm=29&mn=sn-5go7ynlk&ms=rdu&mt=1674267934&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgJWqwd61hx8fK1zEx3X3o8ctQbOcQnlVq45zLfaHitTACIFCPsHjhkd7UH4poNCoeH28jihkS7MCEyOVzUtAaSsqw&range=0-651&rn=3&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I= HTTP/1.1
Host: rr5---sn-5go7ynlk.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Sat, 21 Jan 2023 02:27:22 GMT
Expires: Sat, 21 Jan 2023 02:27:22 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 1252
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
rr5---sn-5go7ynlk.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=251&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=audio%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=2176938&dur=137.361&lmt=1660385600381770&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5311224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgIeYCoMxToBL8S_FBupdA4PYfB2CYmgjo0fUqt3-EnDkCIQCOUcHY6xf-lsEC0BQ_E3yI-0HMBRqFHvDzFPgweDoltA%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Bl&mm=29&mn=sn-5go7ynlk&ms=rdu&mt=1674267934&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgV883N2LhXJ3OHB6B5tH3GCDskVbjdC4hnvmp7PtMHncCIG1g-DD5LqTd8oAEcNXhhRr2LIyEIYX_RYnLcWG-B5oQ&range=0-500&rn=4&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I=
173.194.6.10200 OK 1.2 kB URL HTTP/1.1 rr5---sn-5go7ynlk.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=251&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=audio%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=2176938&dur=137.361&lmt=1660385600381770&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5311224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgIeYCoMxToBL8S_FBupdA4PYfB2CYmgjo0fUqt3-EnDkCIQCOUcHY6xf-lsEC0BQ_E3yI-0HMBRqFHvDzFPgweDoltA%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Bl&mm=29&mn=sn-5go7ynlk&ms=rdu&mt=1674267934&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgV883N2LhXJ3OHB6B5tH3GCDskVbjdC4hnvmp7PtMHncCIG1g-DD5LqTd8oAEcNXhhRr2LIyEIYX_RYnLcWG-B5oQ&range=0-500&rn=4&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I=
IP 173.194.6.10:0
File type ASCII text, with very long lines (1171), with no line terminators
Hash ced3c9db5ca8787e109a66ff5245ca49
6c411e64ddf4cee0acf85935c84e3fcf3f54cafa
ba4736f4e60d421f51a80f60cfb109ff6863a8a0ca88fd8d051ff24f13af4a26
POST /videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=251&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=audio%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=2176938&dur=137.361&lmt=1660385600381770&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5311224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgIeYCoMxToBL8S_FBupdA4PYfB2CYmgjo0fUqt3-EnDkCIQCOUcHY6xf-lsEC0BQ_E3yI-0HMBRqFHvDzFPgweDoltA%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Bl&mm=29&mn=sn-5go7ynlk&ms=rdu&mt=1674267934&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgV883N2LhXJ3OHB6B5tH3GCDskVbjdC4hnvmp7PtMHncCIG1g-DD5LqTd8oAEcNXhhRr2LIyEIYX_RYnLcWG-B5oQ&range=0-500&rn=4&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I= HTTP/1.1
Host: rr5---sn-5go7ynlk.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Sat, 21 Jan 2023 02:27:22 GMT
Expires: Sat, 21 Jan 2023 02:27:22 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 1171
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
rr5---sn-5go7ynlk.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=video%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=5320859&dur=137.303&lmt=1660385157955353&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANqeJ5MSljB-W88rciX_pOQyB7U5XbURo13S7lRlDeG8AiA-WuGKSQ3FQ6_TwNnr9JfP0bLzyuUsdggaldpXC2TQVg%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Bl&mm=29&mn=sn-5go7ynlk&ms=rdu&mt=1674267934&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgPTEqAuLtd8mWBOmH8T_MnFO0U93wGrZpf8yzUf52dOUCIG_jd0GHBZv8PH9WMg0B6FYWd7b23VHE4BKRcdQugfzC&range=0-651&rn=7&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I=
173.194.6.10200 OK 1.2 kB URL HTTP/1.1 rr5---sn-5go7ynlk.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=video%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=5320859&dur=137.303&lmt=1660385157955353&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANqeJ5MSljB-W88rciX_pOQyB7U5XbURo13S7lRlDeG8AiA-WuGKSQ3FQ6_TwNnr9JfP0bLzyuUsdggaldpXC2TQVg%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Bl&mm=29&mn=sn-5go7ynlk&ms=rdu&mt=1674267934&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgPTEqAuLtd8mWBOmH8T_MnFO0U93wGrZpf8yzUf52dOUCIG_jd0GHBZv8PH9WMg0B6FYWd7b23VHE4BKRcdQugfzC&range=0-651&rn=7&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I=
IP 173.194.6.10:0
File type ASCII text, with very long lines (1244), with no line terminators
Hash a34e2eb9cca6f94a3eedd3242495d19b
67630d4d9a91c8784066cfff7686e6a0387e6323
b41fb09714ec576dddb8785aec1e0a8688df7c2500e12334c25b693d3d765a9e
POST /videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=video%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=5320859&dur=137.303&lmt=1660385157955353&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANqeJ5MSljB-W88rciX_pOQyB7U5XbURo13S7lRlDeG8AiA-WuGKSQ3FQ6_TwNnr9JfP0bLzyuUsdggaldpXC2TQVg%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Bl&mm=29&mn=sn-5go7ynlk&ms=rdu&mt=1674267934&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgPTEqAuLtd8mWBOmH8T_MnFO0U93wGrZpf8yzUf52dOUCIG_jd0GHBZv8PH9WMg0B6FYWd7b23VHE4BKRcdQugfzC&range=0-651&rn=7&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I= HTTP/1.1
Host: rr5---sn-5go7ynlk.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Sat, 21 Jan 2023 02:27:22 GMT
Expires: Sat, 21 Jan 2023 02:27:22 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 1244
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4beadc4a4c4da58f8670d70c54b1436d
b46f1db68655290011d2c53cbbfbc8d72dd25b5e
c1fa49980e6bce565c07d7901fd476860a59ed4549ef3fe96e44f093fec6026e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr1---sn-5hne6nzk.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=251&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=audio%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=2176938&dur=137.361&lmt=1660385600381770&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5311224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgIeYCoMxToBL8S_FBupdA4PYfB2CYmgjo0fUqt3-EnDkCIQCOUcHY6xf-lsEC0BQ_E3yI-0HMBRqFHvDzFPgweDoltA%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&cm2rm=sn-capm-vnae7l,sn-5gose76&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=Bl&mm=34&mn=sn-5hne6nzk&ms=ltu&mt=1674267653&mv=m&mvi=1&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAPyPcwBJgYuoCB0vfSYxGbUdlz9GjWIxq6sF2zex7ykOAiEAmjibiF0i9R7JnEa2M2V0NF1YHLunLbnimAGs2_KFadI%3D&range=0-500&rn=6&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I=
172.217.132.134200 OK 501 B URL HTTP/1.1 rr1---sn-5hne6nzk.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=251&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=audio%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=2176938&dur=137.361&lmt=1660385600381770&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5311224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgIeYCoMxToBL8S_FBupdA4PYfB2CYmgjo0fUqt3-EnDkCIQCOUcHY6xf-lsEC0BQ_E3yI-0HMBRqFHvDzFPgweDoltA%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&cm2rm=sn-capm-vnae7l,sn-5gose76&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=Bl&mm=34&mn=sn-5hne6nzk&ms=ltu&mt=1674267653&mv=m&mvi=1&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAPyPcwBJgYuoCB0vfSYxGbUdlz9GjWIxq6sF2zex7ykOAiEAmjibiF0i9R7JnEa2M2V0NF1YHLunLbnimAGs2_KFadI%3D&range=0-500&rn=6&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I=
IP 172.217.132.134:0
File type WebM\012- EBML file, creator webmB\20\012- data
Hash 7839ad6a7441e8cd859aaf8d32b7c308
28fcebdd513b8e75c4721681954758b615347415
6867bd9c50cea804e53671df13c52822ed11821c0066f40d6e06dc9e9fdbb677
POST /videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=251&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=audio%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=2176938&dur=137.361&lmt=1660385600381770&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5311224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgIeYCoMxToBL8S_FBupdA4PYfB2CYmgjo0fUqt3-EnDkCIQCOUcHY6xf-lsEC0BQ_E3yI-0HMBRqFHvDzFPgweDoltA%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&cm2rm=sn-capm-vnae7l,sn-5gose76&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=Bl&mm=34&mn=sn-5hne6nzk&ms=ltu&mt=1674267653&mv=m&mvi=1&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAPyPcwBJgYuoCB0vfSYxGbUdlz9GjWIxq6sF2zex7ykOAiEAmjibiF0i9R7JnEa2M2V0NF1YHLunLbnimAGs2_KFadI%3D&range=0-500&rn=6&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I= HTTP/1.1
Host: rr1---sn-5hne6nzk.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Sat, 13 Aug 2022 10:13:20 GMT
Content-Type: audio/webm
Date: Sat, 21 Jan 2023 02:27:22 GMT
Expires: Sat, 21 Jan 2023 02:27:22 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 501
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
rr1---sn-5hne6nzk.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=video%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=5320859&dur=137.303&lmt=1660385157955353&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANqeJ5MSljB-W88rciX_pOQyB7U5XbURo13S7lRlDeG8AiA-WuGKSQ3FQ6_TwNnr9JfP0bLzyuUsdggaldpXC2TQVg%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&cm2rm=sn-capm-vnae7l,sn-5gose76&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=Bl&mm=34&mn=sn-5hne6nzk&ms=ltu&mt=1674267653&mv=m&mvi=1&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgcUVKUjTFv48GC9QrwakkjUTo1SkdY3fnQvE19WS9tl8CIDlHn8grgaVAX-axisCGs_YpjIdUl-EthU0rEBAi8mBw&range=0-651&rn=8&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I=
172.217.132.134200 OK 652 B URL HTTP/1.1 rr1---sn-5hne6nzk.googlevideo.com/videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=video%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=5320859&dur=137.303&lmt=1660385157955353&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANqeJ5MSljB-W88rciX_pOQyB7U5XbURo13S7lRlDeG8AiA-WuGKSQ3FQ6_TwNnr9JfP0bLzyuUsdggaldpXC2TQVg%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&cm2rm=sn-capm-vnae7l,sn-5gose76&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=Bl&mm=34&mn=sn-5hne6nzk&ms=ltu&mt=1674267653&mv=m&mvi=1&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgcUVKUjTFv48GC9QrwakkjUTo1SkdY3fnQvE19WS9tl8CIDlHn8grgaVAX-axisCGs_YpjIdUl-EthU0rEBAi8mBw&range=0-651&rn=8&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I=
IP 172.217.132.134:0
File type WebM\012- EBML file, creator webmB\20\012- data
Hash 2f2e779bff36164e4d6c832e6f408e0f
b16c605523d1d300e55a3080e019e021ac8792ec
c4bd1a49f2b30ccd5c21f523cc148c583e37a767316b796e90fdf972818d2195
POST /videoplayback?expire=1674289641&ei=iU3LY9LSFcayyQWS9LGIBQ&ip=91.90.42.154&id=o-AGEoehFQ4yC46ExhLtgnxUBIqzXDp66BuM9HptXjjLxQ&itag=243&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&spc=zIddbC4dVFKJiZKAt2MVB2qZzKQROOY&vprv=1&mime=video%2Fwebm&ns=LOWlQrtUZu7qij_BygJq9lEK&gir=yes&clen=5320859&dur=137.303&lmt=1660385157955353&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=4rJX-V4a43qFnA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANqeJ5MSljB-W88rciX_pOQyB7U5XbURo13S7lRlDeG8AiA-WuGKSQ3FQ6_TwNnr9JfP0bLzyuUsdggaldpXC2TQVg%3D%3D&alr=yes&cpn=SyUMtHJbsnql6Tll&cver=1.20230111.01.00&cm2rm=sn-capm-vnae7l,sn-5gose76&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=Bl&mm=34&mn=sn-5hne6nzk&ms=ltu&mt=1674267653&mv=m&mvi=1&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgcUVKUjTFv48GC9QrwakkjUTo1SkdY3fnQvE19WS9tl8CIDlHn8grgaVAX-axisCGs_YpjIdUl-EthU0rEBAi8mBw&range=0-651&rn=8&rbuf=0&pot=D1nyefjQ83OpWcqfk427rKRAvUtc5T68akHGOyEQiRC_LGg6vUNN6X4HW4llRzsCCxl125SAb-Sbol1gYDBW8iFG1_lSr2rJAxcob9hEQ1ANRb4Q8QflOKpdwCvixnKVzeYhF6I= HTTP/1.1
Host: rr1---sn-5hne6nzk.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Sat, 13 Aug 2022 10:05:57 GMT
Content-Type: video/webm
Date: Sat, 21 Jan 2023 02:27:22 GMT
Expires: Sat, 21 Jan 2023 02:27:22 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 652
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
www.youtube.com/embed/3H3EhbxH_po?start=3&&mute=1&autoplay=1&rel=0&loop=1&showinfo=0&controls=0&version=3
142.250.74.78200 OK 0 B URL HTTP/2 www.youtube.com/embed/3H3EhbxH_po?start=3&&mute=1&autoplay=1&rel=0&loop=1&showinfo=0&controls=0&version=3
IP 142.250.74.78:0
GET /embed/3H3EhbxH_po?start=3&&mute=1&autoplay=1&rel=0&loop=1&showinfo=0&controls=0&version=3 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 21 Jan 2023 02:27:20 GMT
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=qG0bToIwuqA; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=lvsLEoa3CMI; Domain=.youtube.com; Expires=Thu, 20-Jul-2023 02:27:20 GMT; Path=/; Secure; HttpOnly; SameSite=none
DEVICE_INFO=ChxOekU1TURreU5qUTNPREV4TlRZd09UUTBOZz09EIibrZ4GGIibrZ4G; Domain=.youtube.com; Expires=Thu, 20-Jul-2023 02:27:20 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+624; expires=Mon, 20-Jan-2025 02:27:20 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/images/home-content.jpg
192.124.249.175200 OK 0 B URL HTTP/2 smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/images/home-content.jpg
IP 192.124.249.175:0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/smallfriends/dist/images/home-content.jpg HTTP/1.1
Host: smallfriendsnantucket.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://smallfriendsnantucket.org/wp-content/themes/smallfriends/dist/styles/main-e0f78736e9.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 02:27:20 GMT
content-type: image/jpeg
content-length: 253797
x-sucuri-id: 19025
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 12 Feb 2019 05:34:00 GMT
etag: "566129b-3df65-581abc5b64200"
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 0 B IP 142.250.74.131:0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 02:27:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN