r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3128
Expires: Sat, 28 Jan 2023 10:38:32 GMT
Date: Sat, 28 Jan 2023 09:46:24 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13034
Expires: Sat, 28 Jan 2023 13:23:38 GMT
Date: Sat, 28 Jan 2023 09:46:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 09:43:05 GMT
content-type: application/json
age: 199
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14374
Expires: Sat, 28 Jan 2023 13:45:58 GMT
Date: Sat, 28 Jan 2023 09:46:24 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: YMS83O7OUe6bN73xs9njZn5ACADeunb7CHcBwFqVRbeR12qaIoycgNz9KmE2OTB1STo3ut/XUNw=
x-amz-request-id: DD5RVX03V2A34B7D
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 08:49:48 GMT
age: 3396
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 09:46:24 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 08:49:03 GMT
age: 3441
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
fits.hotflightsdeal.com/ga/click/2-191189970-654-1845-3521-3399-814eb87394-se0f292bf5
302 Found 149 B URL HTTP/1.1 fits.hotflightsdeal.com/ga/click/2-191189970-654-1845-3521-3399-814eb87394-se0f292bf5
IP
File type HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 33704c6e68efbb3ccedd35d04fc6c787
03d128160f7679eddef0837bed2e56b28754ee16
477033216d10ff1faad456cea9f69e04b7d5672105715fb844a06ae76d07296e
Analyzer Verdict Alert fortinet Phishing
GET /ga/click/2-191189970-654-1845-3521-3399-814eb87394-se0f292bf5 HTTP/1.1
Host: fits.hotflightsdeal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sat, 28 Jan 2023 09:46:24 GMT
Server: Apache/2.4.52 (Unix) OpenSSL/1.0.2k-fips PHP/7.3.33
Status: 302 Found
X-Rack-Cache: miss
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-Request-Id: 82ea9027e5e6868eef888d0fbfaf96e9
Location: http://mint.technerme.com/gtgvewucdbcvsfrdarstfygeuwibsdvfcsdtvuyew6535656465426767
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 0.026181
Expires: Mon, 01 Jan 1990 00:00:00 GMT
X-Powered-By: Phusion Passenger(R) 6.0.12
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7103
Expires: Sat, 28 Jan 2023 11:44:48 GMT
Date: Sat, 28 Jan 2023 09:46:25 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AFL7YI/7EMwsPRePwwONmw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: MuU12rIal9cCAxi8fDV4p0zAFYg=
mint.technerme.com/gtgvewucdbcvsfrdarstfygeuwibsdvfcsdtvuyew6535656465426767
302 Found 0 B URL HTTP/1.1 mint.technerme.com/gtgvewucdbcvsfrdarstfygeuwibsdvfcsdtvuyew6535656465426767
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /gtgvewucdbcvsfrdarstfygeuwibsdvfcsdtvuyew6535656465426767 HTTP/1.1
Host: mint.technerme.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sat, 28 Jan 2023 09:46:25 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
X-Powered-By: PHP/7.4.33
Location: https://mwebnice.com/7322/158/2/?subid=cdefsmit
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/s/gts1p5/ShhpkNB2lvo
200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/ShhpkNB2lvo
IP
Hash bc516aee248eff1f0a886215be4332a8
a1ac91c7f6bed0612cebc69ca7d204d97538c052
53e8ed1f2f24bc13f92805f343045be54c36aaad3cdddc2abd68565eb51ca922
POST /s/gts1p5/ShhpkNB2lvo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8477
Expires: Sat, 28 Jan 2023 12:07:43 GMT
Date: Sat, 28 Jan 2023 09:46:26 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8477
Expires: Sat, 28 Jan 2023 12:07:43 GMT
Date: Sat, 28 Jan 2023 09:46:26 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8477
Expires: Sat, 28 Jan 2023 12:07:43 GMT
Date: Sat, 28 Jan 2023 09:46:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 42580
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yEFlWGi3J14JLA0l2h02VlIqV8opHesKP6GOvfoP5Tp0m7dOYDxIGA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:59:32 GMT
age: 42414
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 2e85f75e-ab9d-4d45-adad-7313950a9647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSWbxGwnoAMFejw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d117-68f1a9e71a07a0453311fd32;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:49:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dbz3wXGNaetf6xvRE98rshyHy-FVfDo8co-4VDL0a4Qe3E4U8A82Og==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 18:36:01 GMT
age: 54625
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1WE1zQwrCGVy8HLT9_BFkAr6rQE_ROyttMOByR32KeT0w2Hd_ylvYQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:16:00 GMT
age: 41426
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg
200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 940946e65210c717266c3a64751f1b72
f0e66aeef0c72865d565f48b563f66a184b758a9
1d031b8a530a1e6d84d79fae891f023e1ab7646596c00c57d83cfffce1f6fdf5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5742
x-amzn-requestid: b22fd8a5-eefc-494e-a304-75b69eef069d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPFr2GsdoAMFpqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8318-69b5e7c726fa92134d08c775;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:04:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xBpEdVPmvtXlsyGTvZCkIahK7_Ivhq4yswhw23ixIOH1zlgWPyLH9Q==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 01:14:42 GMT
age: 30704
etag: "f0e66aeef0c72865d565f48b563f66a184b758a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg
200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0856916fa7de25bdb308c04d0ae58180
72abe5101dc03c35399e6e5aab02328c206f480a
9b8c3380c842aa6de358def0d56263bafec61e37bc951a06c06e6953419e2804
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6733
x-amzn-requestid: cd0cc842-d109-42b4-9104-0cb48a964794
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkGupoAMF3Pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-14b754495bb33b0f5f0cd805;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q599noZ2W5oOkldsXrti4Fbu8JlpfKHbLCURsarLwPQP7GlcZSKI-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:16:26 GMT
age: 41400
etag: "72abe5101dc03c35399e6e5aab02328c206f480a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 6a972feaf65966ccaf161e62929e1a7d
25f2fd5f2ebccbc8454567c6c2f796cb07d6e0e3
68805f5b2f6dc0b069184c5cee49c400d6a744badf15ae020e55279ec4f2171d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=132516
Date: Sat, 28 Jan 2023 09:46:26 GMT
Etag: "63d43a22-1d7"
Expires: Sun, 29 Jan 2023 22:35:02 GMT
Last-Modified: Fri, 27 Jan 2023 20:54:58 GMT
Server: ECS (nyb/1D13)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: u-JzZtpKq3-kIeELgfqNoWLbdqWYPiMBwCkn3gmJZKKTYkcDPi40xA==
Age: 6004
mwebnice.com/7322/158/2/?subid=cdefsmit
302 Found 0 B URL HTTP/2 mwebnice.com/7322/158/2/?subid=cdefsmit
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /7322/158/2/?subid=cdefsmit HTTP/1.1
Host: mwebnice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sat, 28 Jan 2023 09:46:26 GMT
content-type: text/html; charset=UTF-8
location: https://a107cfz6dmet0l51fkl329u1fz.hop.clickbank.net/?lead=0&tid=7322_sessid20230128094639425&subid=158
cache-control: max-age=3600, private
pragma: no-cache
expires: Sat, 28 Jan 2023 10:46:26 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7908cd08de2a0b06-OSL
X-Firefox-Spdy: h2
cdn-4.convertexperiments.com/js/10007727-10007041.js
200 OK 62 kB URL HTTP/2 cdn-4.convertexperiments.com/js/10007727-10007041.js
IP
File type ASCII text, with very long lines (32087), with CRLF, LF line terminators
Hash ee406b055466095a92b6ef47206e908e
3118018bf25aae577a474b45b26bc2fdf47a43b1
a3173c13ebad1ee67f5ffdb9896acba13065ea250c7c9ee4670af419456d215f
GET /js/10007727-10007041.js HTTP/1.1
Host: cdn-4.convertexperiments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=300
expires: Sat, 28 Jan 2023 09:51:27 GMT
date: Sat, 28 Jan 2023 09:46:27 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-PNWGZBT
200 OK 56 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PNWGZBT
IP
File type ASCII text, with very long lines (10484)
Hash d21aad0c1f52210f6cab683e81ba1363
abfdd4a9815afd4071645fe780713a1c0f44a4b3
81157f5b2d0547233bf510b7dce072727bed96d33d923751acfcd3aeca49263a
GET /gtm.js?id=GTM-PNWGZBT HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Jan 2023 09:46:27 GMT
expires: Sat, 28 Jan 2023 09:46:27 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Jan 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 56188
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
200 OK 5.4 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
IP
File type ASCII text, with very long lines (2134)
Hash 30ca3165d143baf2835023bfcf463450
62c662c0873b79a314c040fef28dcd29abb14480
4f405d00e8ced09d5826e3e070b7e4d3f3556f856ca790b0b4a2c2eaaf58d33b
GET /ajax/libs/webfont/1/webfont.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 5437
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Jan 2023 09:58:12 GMT
expires: Mon, 22 Jan 2024 09:58:12 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 517695
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 2.0 kB IP
Hash 01d00f6d80d027a301bd1a06d9c745de
d91cfb826cd90426aba6665e1cd6360e143b34c4
ba49c6f7dc73b5915b36a32f6b2dd6e1d410ef092373296d0dcc9e677d716197
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googleoptimize.com/optimize.js?id=OPT-KC32MDF
200 OK 44 kB URL HTTP/2 www.googleoptimize.com/optimize.js?id=OPT-KC32MDF
IP
File type ASCII text, with very long lines (1759)
Hash e4aa81157f54c6d358fb0ea617d7e31b
f89dccd763cba7e5202f8bbd35e36a9bf3e3f057
301745ce9b3023fd344212b7ecd1ecc57158be80f2911e2a14cb5c847be337b9
GET /optimize.js?id=OPT-KC32MDF HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Jan 2023 09:46:28 GMT
expires: Sat, 28 Jan 2023 09:46:28 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Jan 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44346
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://getcardiodefend.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 19:33:54 GMT
expires: Thu, 25 Jan 2024 19:33:54 GMT
cache-control: public, max-age=31536000
age: 223954
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://getcardiodefend.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 13:09:06 GMT
expires: Wed, 24 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 333442
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
200 OK 1.8 kB IP
Hash aa29e14437ac08b29d4b18e7b7f8db00
8fbc289c50fe08a31d8ec399a8344456b1137836
9870d960d5f9816bb5980e14f4b6ac42c186ecd7bdc873e5ca0f8a31dc67a2f5
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 28 Jan 2023 09:46:28 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 28 Jan 2023 01:30:45 GMT
Expires: Sun, 29 Jan 2023 01:30:45 GMT
ETag: "8fbc289c50fe08a31d8ec399a8344456b1137836"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9639ae8a86ca6298dc57a65ea513642f
ec396eeb2ea72e6a774d102a845025c8eec72c7f
b16bf88d839e0a18eb1aa48490f1095568c0fdbb550b665c890abba0d01729d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B16BF88D839E0A18EB1AA48490F1095568C0FDBB550B665C890ABBA0D01729D8"
Last-Modified: Fri, 27 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 28 Jan 2023 15:46:28 GMT
Date: Sat, 28 Jan 2023 09:46:28 GMT
Connection: keep-alive
getcardiodef.com/info/set_cookie.html?aff=mweb1&fb=
429 Too Many Requests 17 B URL HTTP/2 getcardiodef.com/info/set_cookie.html?aff=mweb1&fb=
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash eeb13468b73d93fa8bcbe3ebae6df720
1f55c90d5ce61c6447e923443d496b137be35c63
802600d124464157037a2519acb3cff90b97670fd04809ea902fbb95497a12ca
GET /info/set_cookie.html?aff=mweb1&fb= HTTP/1.1
Host: getcardiodef.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 429 Too Many Requests
cache-control: max-age=0, private, must-revalidate
content-length: 17
date: Sat, 28 Jan 2023 09:46:27 GMT
server: Cowboy
set-cookie: sid=a308e270-9ef0-11ed-b22b-27078d46f313; path=/; domain=.getcardiodef.com; expires=Thu, 15 Feb 2091 13:00:35 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 28 Jan 2023 09:45:20 GMT
expires: Sat, 28 Jan 2023 11:45:20 GMT
cache-control: public, max-age=7200
age: 68
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash b10c572a58f34d8fb28433f25bb9c885
8bc11baa4e367bfcf8738f28000a3befc9866cc8
678014c585151112a3bd14158afd8509eeec3d4bad3117d6ccd9ecaa109107bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2913
Cache-Control: max-age=86207
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:28 GMT
Etag: "63d39152-1d7"
Expires: Sun, 29 Jan 2023 09:43:15 GMT
Last-Modified: Fri, 27 Jan 2023 08:54:42 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
200 OK 28 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP
File type ASCII text, with very long lines (64348)
Hash 541db4f3f0ba067bfb58cdac34cb86f4
20e6883f068568888ce37c6b9ef8f5d12be257c0
83898f3b2da2a11996d2eb3a5115ef301255030fdf231b8bf7971916769bc7be
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
origin-agent-cluster: ?0
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: VtHuBHY3z7fu45csftSdqAfyMtCBnfwfqA0BLQ6nGWPVa8av7I5e3lqDpXtc+/MsBwYnV5hFeuSGvXVA+sd+Dg==
content-length: 27815
x-fb-trip-id: 1679558926
date: Sat, 28 Jan 2023 09:46:28 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash b10c572a58f34d8fb28433f25bb9c885
8bc11baa4e367bfcf8738f28000a3befc9866cc8
678014c585151112a3bd14158afd8509eeec3d4bad3117d6ccd9ecaa109107bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2913
Cache-Control: max-age=86207
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:28 GMT
Etag: "63d39152-1d7"
Expires: Sun, 29 Jan 2023 09:43:15 GMT
Last-Modified: Fri, 27 Jan 2023 08:54:42 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash da62e41b306961bb9430255cf50c6e5c
65e9e4d1c02ab9af083e1836854d8cb260251363
d615c77d4f6e344039cf03d673e1fa694613307b247bfa0a2fbfcf58720b2cc5
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 28 Jan 2023 09:46:28 GMT
Etag: "63d3b302-1d7"
Last-Modified: Sat, 28 Jan 2023 08:33:18 GMT
Server: ECS (nyb/1D1A)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 7p3hENMV-kSARuygMzr1rLuDT8X6sJD9Yia3yyWCHNEnRJJCom6mfQ==
Age: 4390
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-229580945-1&cid=1961023627.1674899190&jid=462350624&gjid=275193612&_gid=273765601.1674899190&_u=YCDAiEABRAAAAEAAI~&z=82623177
200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-229580945-1&cid=1961023627.1674899190&jid=462350624&gjid=275193612&_gid=273765601.1674899190&_u=YCDAiEABRAAAAEAAI~&z=82623177
IP
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-229580945-1&cid=1961023627.1674899190&jid=462350624&gjid=275193612&_gid=273765601.1674899190&_u=YCDAiEABRAAAAEAAI~&z=82623177 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Content-Type: text/plain
Content-Length: 0
Origin: https://getcardiodefend.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://getcardiodefend.net
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 28 Jan 2023 09:46:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 21:48:03 GMT
expires: Fri, 26 Jan 2024 21:48:03 GMT
cache-control: public, max-age=31536000
age: 129505
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 16:40:43 GMT
expires: Fri, 26 Jan 2024 16:40:43 GMT
cache-control: public, max-age=31536000
age: 147945
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
200 OK 28 kB URL HTTP/2 www.youtube.com/iframe_api
IP
File type ASCII text, with very long lines (509)
Hash 8aa02a90daa92623e324159748d41d98
366d1b4ffc5bce6d784222b9ffed1f28c7e8c912
f6a4a9b176c31ceb391f7e21ca0921541becdba2f6559415f63d25311c8a045b
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Sat, 28 Jan 2023 09:46:28 GMT
date: Sat, 28 Jan 2023 09:46:28 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=LGCPoXxUvj0; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=dTn9rh8Z_D8; Domain=.youtube.com; Expires=Thu, 27-Jul-2023 09:46:28 GMT; Path=/; Secure; HttpOnly; SameSite=none
DEVICE_INFO=ChxOekU1TXpZek56SXpOekV3TXpReE16VXdOUT09EPTd054GGPTd054G; Domain=.youtube.com; Expires=Thu, 27-Jul-2023 09:46:28 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+572; expires=Mon, 27-Jan-2025 09:46:28 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cbtb.clickbank.net/?vendor=cardiodef
200 OK 934 B URL HTTP/2 cbtb.clickbank.net/?vendor=cardiodef
IP
File type ASCII text, with very long lines (934), with no line terminators
Hash 749c0fb0f006f7d4ddcd76fba550e264
940476750ad5d0f7858cce3470a3534be850f98a
bc4f846a058e02aa5fd315d0c535a227636ca4a74ed38a5a84d4d5e675ffec72
GET /?vendor=cardiodef HTTP/1.1
Host: cbtb.clickbank.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 09:46:28 GMT
content-type: text/javascript;charset=UTF-8
content-length: 934
set-cookie: AWSALB=ysrS2N8fKrmTJw6MYaTx1jK3cd7SKJKrjQBuSuAVk5mc6PcvYaYHcTIZepdP4aJsf2MoqzmawUAPFBdpANdk911NagdGvYT4q/PTYmhxXlF23zymRfql4JcLnhtE; Expires=Sat, 04 Feb 2023 09:46:28 GMT; Path=/
AWSALBCORS=ysrS2N8fKrmTJw6MYaTx1jK3cd7SKJKrjQBuSuAVk5mc6PcvYaYHcTIZepdP4aJsf2MoqzmawUAPFBdpANdk911NagdGvYT4q/PTYmhxXlF23zymRfql4JcLnhtE; Expires=Sat, 04 Feb 2023 09:46:28 GMT; Path=/; SameSite=None; Secure
server: Apache
cache-control: max-age=900
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=474944316878255&ev=ViewContent&dl=https%3A%2F%2Fgetcardiodefend.net%2Fvideo%2F%3Fhop%3Dmweb1%26lead%3D0%26subid%3D158&rl=https%3A%2F%2Fgetcardiodefend.net%2FextraBottle%2F%3Fhop%3Dmweb1%26lead%3D0%26subid%3D158&if=false&ts=1674899190851&sw=1280&sh=1024&v=2.9.92&r=stable&ec=1&o=30&fbp=fb.1.1674899190846.96060220&it=1674899190489&coo=false&rqm=GET
200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=474944316878255&ev=ViewContent&dl=https%3A%2F%2Fgetcardiodefend.net%2Fvideo%2F%3Fhop%3Dmweb1%26lead%3D0%26subid%3D158&rl=https%3A%2F%2Fgetcardiodefend.net%2FextraBottle%2F%3Fhop%3Dmweb1%26lead%3D0%26subid%3D158&if=false&ts=1674899190851&sw=1280&sh=1024&v=2.9.92&r=stable&ec=1&o=30&fbp=fb.1.1674899190846.96060220&it=1674899190489&coo=false&rqm=GET
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=474944316878255&ev=ViewContent&dl=https%3A%2F%2Fgetcardiodefend.net%2Fvideo%2F%3Fhop%3Dmweb1%26lead%3D0%26subid%3D158&rl=https%3A%2F%2Fgetcardiodefend.net%2FextraBottle%2F%3Fhop%3Dmweb1%26lead%3D0%26subid%3D158&if=false&ts=1674899190851&sw=1280&sh=1024&v=2.9.92&r=stable&ec=1&o=30&fbp=fb.1.1674899190846.96060220&it=1674899190489&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sat, 28 Jan 2023 09:46:28 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=474944316878255&ev=PageView&dl=https%3A%2F%2Fgetcardiodefend.net%2Fvideo%2F%3Fhop%3Dmweb1%26lead%3D0%26subid%3D158&rl=https%3A%2F%2Fgetcardiodefend.net%2FextraBottle%2F%3Fhop%3Dmweb1%26lead%3D0%26subid%3D158&if=false&ts=1674899190847&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&fbp=fb.1.1674899190846.96060220&it=1674899190489&coo=false&rqm=GET
200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=474944316878255&ev=PageView&dl=https%3A%2F%2Fgetcardiodefend.net%2Fvideo%2F%3Fhop%3Dmweb1%26lead%3D0%26subid%3D158&rl=https%3A%2F%2Fgetcardiodefend.net%2FextraBottle%2F%3Fhop%3Dmweb1%26lead%3D0%26subid%3D158&if=false&ts=1674899190847&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&fbp=fb.1.1674899190846.96060220&it=1674899190489&coo=false&rqm=GET
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=474944316878255&ev=PageView&dl=https%3A%2F%2Fgetcardiodefend.net%2Fvideo%2F%3Fhop%3Dmweb1%26lead%3D0%26subid%3D158&rl=https%3A%2F%2Fgetcardiodefend.net%2FextraBottle%2F%3Fhop%3Dmweb1%26lead%3D0%26subid%3D158&if=false&ts=1674899190847&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&fbp=fb.1.1674899190846.96060220&it=1674899190489&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sat, 28 Jan 2023 09:46:28 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 7351cd54cd5eb1b1e30ec893131a7d05
9d7356ed7a34dd049be5a94d70f8ff966a661216
4a3151928644c2ea9ecbaee409c1beebbe682f2b3238360000d52168f85475df
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 28 Jan 2023 09:46:29 GMT
Last-Modified: Sat, 28 Jan 2023 09:18:59 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bY_CEg9o2wNw7tGyCp5F0XV3WsGIW5kZsNmGs6MIEXvnfZzA_BKJ3Q==
Age: 1651
prod.cbstatic.net/dist/assets/logo-header-two-tone-en.png
200 OK 3.5 kB URL HTTP/2 prod.cbstatic.net/dist/assets/logo-header-two-tone-en.png
IP
File type PNG image data, 472 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 47cdefc96f75be3d978d4b444737b00e
c9d8540c17ed48b72be610bb5795120e4d560d6f
84986c117f6f9418eff2f7ce5e55940671f178542c58092c05ef539ebd4da308
GET /dist/assets/logo-header-two-tone-en.png HTTP/1.1
Host: prod.cbstatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 3472
date: Fri, 27 Jan 2023 13:09:23 GMT
last-modified: Mon, 21 Dec 2020 21:57:35 GMT
x-amz-version-id: rgVoO.sKTwEpJN65bYI.UT4E8UVMZSpC
etag: "47cdefc96f75be3d978d4b444737b00e"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hBqEEeYShCEDGTNIHeB9KbrIEXG1k8vb_u6r4pTBU7_A98safGUWzA==
age: 74227
X-Firefox-Spdy: h2
prod.cbstatic.net/dist/assets/logo-tab-two-tone-en.png
200 OK 4.3 kB URL HTTP/2 prod.cbstatic.net/dist/assets/logo-tab-two-tone-en.png
IP
File type PNG image data, 321 x 63, 8-bit/color RGBA, non-interlaced\012- data
Hash c06ae1ecaaf7e0610c68af117658a7e0
337cc86d38734fd76333c063366ec36e7a7d343a
2f4d0823359307bdc2fbcc62d1004b361b02cc8ae5d6cb75f314658827ee1eeb
GET /dist/assets/logo-tab-two-tone-en.png HTTP/1.1
Host: prod.cbstatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 4341
date: Fri, 27 Jan 2023 13:09:23 GMT
last-modified: Mon, 21 Dec 2020 21:57:36 GMT
x-amz-version-id: 65GBUS1AcRJNN3GRB3Nf3yY51OsdERt0
etag: "c06ae1ecaaf7e0610c68af117658a7e0"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Ykz_LB65g3bqP2-106NGpQcovZb2riuAH2_9vfdqoPx7FgWn-WFvgg==
age: 74227
X-Firefox-Spdy: h2
prod.cbstatic.net/dist/i18n/app-strings-en.json
200 OK 9 B URL HTTP/2 prod.cbstatic.net/dist/i18n/app-strings-en.json
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash cdfca8b09e61ae7324e48f01984c9b34
874b413675711909229ca228efea613383d6a9a4
00c89e0cd4c41144418e06885bb87e962fdb17567bf55adccb1678a1f6beca4c
GET /dist/i18n/app-strings-en.json HTTP/1.1
Host: prod.cbstatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Origin: https://getcardiodefend.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 9
date: Fri, 27 Jan 2023 13:09:23 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 21 Dec 2020 21:57:36 GMT
x-amz-version-id: ZlnvsWVay.azLO76UGrGFfzKmZRJT9PH
etag: "cdfca8b09e61ae7324e48f01984c9b34"
server: AmazonS3
vary: Origin
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8vfr4ULGh9VQpANfG4lPG86c5wxu_PyItorsj5u6kTns8H95UrWdqA==
age: 74227
X-Firefox-Spdy: h2
seal-boise.bbb.org/seals/blue-seal-153-100-clickbank-5004291.png
200 OK 4.4 kB URL HTTP/2 seal-boise.bbb.org/seals/blue-seal-153-100-clickbank-5004291.png
IP
File type PNG image data, 153 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 29b69d407571d2a3b8e14bb01717f962
78a6491be4b9558bde5a02dde73e2a1eaebe44eb
1159a884fa7e78df1f617db9249bf931eff94f7a83c3cf984fd3d39ad12b983b
GET /seals/blue-seal-153-100-clickbank-5004291.png HTTP/1.1
Host: seal-boise.bbb.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: keycdn-engine
date: Sat, 28 Jan 2023 09:46:29 GMT
content-type: image/png
content-length: 4380
cache-control: max-age=14400
expires: Sat, 28 Jan 2023 13:46:29 GMT
last-modified: Tue, 24 Jan 2023 08:10:00 GMT
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: HIT
x-shield: active
x-edge-location: noos
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash af1c521d29c662e208d80836c19fa58a
64e18dcf8f3ea43f6aeb1c66299bd37121cdfe14
57fe9c6dbb637c6090c7110234fb9d3aadb75850d6d5ed5c668376ebd121c1f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/id
302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Sat, 28 Jan 2023 09:46:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.doubleclick.net/instream/ad_status.js
200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 09:42:52 GMT
expires: Sat, 28 Jan 2023 09:57:52 GMT
cache-control: public, max-age=900
age: 217
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sat, 28 Jan 2023 09:46:29 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash af1c521d29c662e208d80836c19fa58a
64e18dcf8f3ea43f6aeb1c66299bd37121cdfe14
57fe9c6dbb637c6090c7110234fb9d3aadb75850d6d5ed5c668376ebd121c1f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash f0245aa3f42eb8c81386222c6ccd60eb
01d83d9b53752c22952309995436b147da67b264
f10f9684664b6f5ec68f1bf1b381ea5917c1accb411d3b48e7df97697158d464
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 28 Jan 2023 09:46:29 GMT
server: ESF
cache-control: private
content-length: 30815
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 622311873d3819b9911301b09bc2d43c
9f08d648e40479aa12da033da15b80a15017c739
6138674cec17da8b7bb02bf0686bf3e7aefa2bce6a5f844ebd80e10b665818b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/x4UJj8gT6CtT5_PZSB2sMkWT7oT3ONYvYheI_Vl_kb0.js
200 OK 14 kB URL HTTP/2 www.google.com/js/th/x4UJj8gT6CtT5_PZSB2sMkWT7oT3ONYvYheI_Vl_kb0.js
IP
File type ASCII text, with very long lines (36171)
Hash a13a76dd17af226d4a24bd16ef702377
c364171cd0f66eb4a1a8dde04e1e083154d81dbd
1dd3352cbdb7561b142954006a2bb94008486c22760c3d5ebb1b6fffeb325173
GET /js/th/x4UJj8gT6CtT5_PZSB2sMkWT7oT3ONYvYheI_Vl_kb0.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14250
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 18:38:28 GMT
expires: Sat, 27 Jan 2024 18:38:28 GMT
cache-control: public, max-age=31536000
age: 54481
last-modified: Tue, 03 Jan 2023 15:00:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 166bf2c6932f048996b3fe12e1cf3db9
9489d067ac8215775dda446a4c291e6db1e8ab3f
896314990eb656b725f8ec5d3753e70bf71e956c142a15b45773a77bb7d6ff24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AL5GRJVmxImsDP3-H7_MKaH9_a7ksT3nj6peJa-tjA=s68-c-k-c0x00ffffff-no-rj
200 OK 882 B URL HTTP/2 yt3.ggpht.com/ytc/AL5GRJVmxImsDP3-H7_MKaH9_a7ksT3nj6peJa-tjA=s68-c-k-c0x00ffffff-no-rj
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, components 3\012- data
Hash c7b84df907a3337b9dd62a468dd16ab3
1d9a2b84b11c66d7e2c42d9296214223b584ea18
59651ffea91f50fa8673a51dd02a583b3b1ecee8826ed2e0f159d0c3a4cb2ecf
GET /ytc/AL5GRJVmxImsDP3-H7_MKaH9_a7ksT3nj6peJa-tjA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
expires: Sun, 29 Jan 2023 09:46:29 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sat, 28 Jan 2023 09:46:29 GMT
server: fife
content-length: 882
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 166bf2c6932f048996b3fe12e1cf3db9
9489d067ac8215775dda446a4c291e6db1e8ab3f
896314990eb656b725f8ec5d3753e70bf71e956c142a15b45773a77bb7d6ff24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Sat, 28 Jan 2023 09:46:29 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
200 OK 114 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 4b0d250991391f02b95a468c5127a34b
055c24579e6e4b0a4c429362da10acad20ee0f44
657d50d50c3ae83176951febc947ecaaeff154013251bdcccc8dccefac7b72ff
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1091
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sat, 28 Jan 2023 09:46:29 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 9cb1b0e28aa4782094fdef39189329de
bb71ad80edfe9fda1c8feeb10561ec9c80ed3153
db1341579cd5138d2c43444f0e19b62a5a260ee792d0a1a7ecc8a59f80129dbf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 9cb1b0e28aa4782094fdef39189329de
bb71ad80edfe9fda1c8feeb10561ec9c80ed3153
db1341579cd5138d2c43444f0e19b62a5a260ee792d0a1a7ecc8a59f80129dbf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1674920789&ei=9e7UY8j1IJOGyAWGzJqgDA&ip=91.90.42.154&id=o-AFToEiAcT4DMw-mNSR211MHAfno8D1RXVoTaJ5-sjF8O&itag=244&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&mh=6Q&mm=31%2C29&mn=sn-capm-vnae%2Csn-5goeen7y&ms=au%2Crdu&mv=m&mvi=1&pl=21&initcwndbps=1921250&spc=H3gIhv-kn_Z5V1PT4dloLdNarpAzGvs&vprv=1&mime=video%2Fwebm&ns=wQ5iQQ4E--me-qD0tPXyfmoL&gir=yes&clen=95561231&dur=2933.130&lmt=1653564248714408&mt=1674898894&fvip=1&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=XT3qR5ymoRwR7w&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANhwCftZw--RwOlbLdukIcwhT2-oDZbwFUiaS8rtMpBYAiBfyXD45okg-uthBClOro6PIrnkv66YujZuOuVpQammwg%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhANQK74rYjMHstH1UkHhf0rElCks_Na6rhiZf73rClsuaAiEAg9x4uVPHKFhYEnEor2-jygivT2kVC3YvLJvT-FZYsUA%3D&alr=yes&cpn=nGqwqPPVoY0gVhQB&cver=1.20230111.01.00&range=0-222088&rn=1&rbuf=0
200 OK 222 kB URL HTTP/1.1 rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1674920789&ei=9e7UY8j1IJOGyAWGzJqgDA&ip=91.90.42.154&id=o-AFToEiAcT4DMw-mNSR211MHAfno8D1RXVoTaJ5-sjF8O&itag=244&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&mh=6Q&mm=31%2C29&mn=sn-capm-vnae%2Csn-5goeen7y&ms=au%2Crdu&mv=m&mvi=1&pl=21&initcwndbps=1921250&spc=H3gIhv-kn_Z5V1PT4dloLdNarpAzGvs&vprv=1&mime=video%2Fwebm&ns=wQ5iQQ4E--me-qD0tPXyfmoL&gir=yes&clen=95561231&dur=2933.130&lmt=1653564248714408&mt=1674898894&fvip=1&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=XT3qR5ymoRwR7w&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANhwCftZw--RwOlbLdukIcwhT2-oDZbwFUiaS8rtMpBYAiBfyXD45okg-uthBClOro6PIrnkv66YujZuOuVpQammwg%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhANQK74rYjMHstH1UkHhf0rElCks_Na6rhiZf73rClsuaAiEAg9x4uVPHKFhYEnEor2-jygivT2kVC3YvLJvT-FZYsUA%3D&alr=yes&cpn=nGqwqPPVoY0gVhQB&cver=1.20230111.01.00&range=0-222088&rn=1&rbuf=0
IP
ASN #50304 Blix Solutions AS
File type WebM\012- EBML file, creator webmB\20\012- data
Size 222 kB (222089 bytes)
Hash f439b52d158a8d3d8bd234b8a551fca1
42d950f96ac331de20845a1bf657b07669f63c3e
6a5e4d325ee27456f99ea1345264396cbf33cc9282e0ece6ac1de43440f2557f
POST /videoplayback?expire=1674920789&ei=9e7UY8j1IJOGyAWGzJqgDA&ip=91.90.42.154&id=o-AFToEiAcT4DMw-mNSR211MHAfno8D1RXVoTaJ5-sjF8O&itag=244&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=youtube&requiressl=yes&mh=6Q&mm=31%2C29&mn=sn-capm-vnae%2Csn-5goeen7y&ms=au%2Crdu&mv=m&mvi=1&pl=21&initcwndbps=1921250&spc=H3gIhv-kn_Z5V1PT4dloLdNarpAzGvs&vprv=1&mime=video%2Fwebm&ns=wQ5iQQ4E--me-qD0tPXyfmoL&gir=yes&clen=95561231&dur=2933.130&lmt=1653564248714408&mt=1674898894&fvip=1&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5316224&n=XT3qR5ymoRwR7w&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANhwCftZw--RwOlbLdukIcwhT2-oDZbwFUiaS8rtMpBYAiBfyXD45okg-uthBClOro6PIrnkv66YujZuOuVpQammwg%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhANQK74rYjMHstH1UkHhf0rElCks_Na6rhiZf73rClsuaAiEAg9x4uVPHKFhYEnEor2-jygivT2kVC3YvLJvT-FZYsUA%3D&alr=yes&cpn=nGqwqPPVoY0gVhQB&cver=1.20230111.01.00&range=0-222088&rn=1&rbuf=0 HTTP/1.1
Host: rr1---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Thu, 26 May 2022 11:24:08 GMT
Content-Type: video/webm
Date: Sat, 28 Jan 2023 09:46:29 GMT
Expires: Sat, 28 Jan 2023 09:46:29 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 222089
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1674920789&ei=9e7UY8j1IJOGyAWGzJqgDA&ip=91.90.42.154&id=o-AFToEiAcT4DMw-mNSR211MHAfno8D1RXVoTaJ5-sjF8O&itag=251&source=youtube&requiressl=yes&mh=6Q&mm=31%2C29&mn=sn-capm-vnae%2Csn-5goeen7y&ms=au%2Crdu&mv=m&mvi=1&pl=21&initcwndbps=1921250&spc=H3gIhv-kn_Z5V1PT4dloLdNarpAzGvs&vprv=1&mime=audio%2Fwebm&ns=wQ5iQQ4E--me-qD0tPXyfmoL&gir=yes&clen=45871093&dur=2933.141&lmt=1653564653257919&mt=1674898894&fvip=1&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5311224&n=XT3qR5ymoRwR7w&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgKqXz_mLzLi9csvmmZMAz2YhKrSAIbzH3rH8t24fxRaACIQDzQdUJNWqAcLc0OQ15DdPYl3o7Zzb4CWIM4swCWfmNuw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhANQK74rYjMHstH1UkHhf0rElCks_Na6rhiZf73rClsuaAiEAg9x4uVPHKFhYEnEor2-jygivT2kVC3YvLJvT-FZYsUA%3D&alr=yes&cpn=nGqwqPPVoY0gVhQB&cver=1.20230111.01.00&range=0-70981&rn=2&rbuf=0
200 OK 71 kB URL HTTP/1.1 rr1---sn-capm-vnae.googlevideo.com/videoplayback?expire=1674920789&ei=9e7UY8j1IJOGyAWGzJqgDA&ip=91.90.42.154&id=o-AFToEiAcT4DMw-mNSR211MHAfno8D1RXVoTaJ5-sjF8O&itag=251&source=youtube&requiressl=yes&mh=6Q&mm=31%2C29&mn=sn-capm-vnae%2Csn-5goeen7y&ms=au%2Crdu&mv=m&mvi=1&pl=21&initcwndbps=1921250&spc=H3gIhv-kn_Z5V1PT4dloLdNarpAzGvs&vprv=1&mime=audio%2Fwebm&ns=wQ5iQQ4E--me-qD0tPXyfmoL&gir=yes&clen=45871093&dur=2933.141&lmt=1653564653257919&mt=1674898894&fvip=1&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5311224&n=XT3qR5ymoRwR7w&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgKqXz_mLzLi9csvmmZMAz2YhKrSAIbzH3rH8t24fxRaACIQDzQdUJNWqAcLc0OQ15DdPYl3o7Zzb4CWIM4swCWfmNuw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhANQK74rYjMHstH1UkHhf0rElCks_Na6rhiZf73rClsuaAiEAg9x4uVPHKFhYEnEor2-jygivT2kVC3YvLJvT-FZYsUA%3D&alr=yes&cpn=nGqwqPPVoY0gVhQB&cver=1.20230111.01.00&range=0-70981&rn=2&rbuf=0
IP
ASN #50304 Blix Solutions AS
File type WebM\012- EBML file, creator webmB\20\012- data
Hash 88510c7468d9da5cc6f75bed89f55cf0
fa734bdf4a49ddb2cc27003c82c17ba6be3c20ee
a2226c0ac373d5322a56ddcc169bc121b727a23ec5bda02deb687e9e95aa2138
POST /videoplayback?expire=1674920789&ei=9e7UY8j1IJOGyAWGzJqgDA&ip=91.90.42.154&id=o-AFToEiAcT4DMw-mNSR211MHAfno8D1RXVoTaJ5-sjF8O&itag=251&source=youtube&requiressl=yes&mh=6Q&mm=31%2C29&mn=sn-capm-vnae%2Csn-5goeen7y&ms=au%2Crdu&mv=m&mvi=1&pl=21&initcwndbps=1921250&spc=H3gIhv-kn_Z5V1PT4dloLdNarpAzGvs&vprv=1&mime=audio%2Fwebm&ns=wQ5iQQ4E--me-qD0tPXyfmoL&gir=yes&clen=45871093&dur=2933.141&lmt=1653564653257919&mt=1674898894&fvip=1&keepalive=yes&fexp=24007246&c=WEB_EMBEDDED_PLAYER&txp=5311224&n=XT3qR5ymoRwR7w&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgKqXz_mLzLi9csvmmZMAz2YhKrSAIbzH3rH8t24fxRaACIQDzQdUJNWqAcLc0OQ15DdPYl3o7Zzb4CWIM4swCWfmNuw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRgIhANQK74rYjMHstH1UkHhf0rElCks_Na6rhiZf73rClsuaAiEAg9x4uVPHKFhYEnEor2-jygivT2kVC3YvLJvT-FZYsUA%3D&alr=yes&cpn=nGqwqPPVoY0gVhQB&cver=1.20230111.01.00&range=0-70981&rn=2&rbuf=0 HTTP/1.1
Host: rr1---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Thu, 26 May 2022 11:30:53 GMT
Content-Type: audio/webm
Date: Sat, 28 Jan 2023 09:46:29 GMT
Expires: Sat, 28 Jan 2023 09:46:29 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 70982
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 9cb1b0e28aa4782094fdef39189329de
bb71ad80edfe9fda1c8feeb10561ec9c80ed3153
db1341579cd5138d2c43444f0e19b62a5a260ee792d0a1a7ecc8a59f80129dbf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e2579e6546ece9f51d426a7d7f271499
1a73b4aa9dd0a6ad011c8d56d5bfdd1be30e2b10
56f86a1282b4e619ae6a9f211ccebaa8a6ddf614acec73700814986dc84a593c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi_webp/nS6CAU71cP0/maxresdefault.webp
200 OK 45 kB URL HTTP/2 i.ytimg.com/vi_webp/nS6CAU71cP0/maxresdefault.webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x720, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6f06fdb825f61cd8391b574aa1dec981
dddb0cb4944ebefa0a0662531254c0eb2ab7091f
24cb8c2bb012af1008d290a686c96334ebea941c4a22908e85071d6131b1b678
GET /vi_webp/nS6CAU71cP0/maxresdefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/webp
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 45032
date: Sat, 28 Jan 2023 09:46:30 GMT
expires: Sat, 28 Jan 2023 11:46:30 GMT
cache-control: public, max-age=7200
etag: "0"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e2579e6546ece9f51d426a7d7f271499
1a73b4aa9dd0a6ad011c8d56d5bfdd1be30e2b10
56f86a1282b4e619ae6a9f211ccebaa8a6ddf614acec73700814986dc84a593c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 09:46:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unpkg.com/flickity@2/dist/flickity.min.css
302 Found 0 B URL HTTP/2 unpkg.com/flickity@2/dist/flickity.min.css
IP
GET /flickity@2/dist/flickity.min.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 28 Jan 2023 09:46:27 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /flickity@2.3.0/dist/flickity.min.css
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GQVW3PEEKM3883WN70VGCMG7-fra
cf-cache-status: HIT
age: 232
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7908cd1198fa1bfe-OSL
X-Firefox-Spdy: h2
unpkg.com/flickity@2.3.0/dist/flickity.min.css
200 OK 0 B URL HTTP/2 unpkg.com/flickity@2.3.0/dist/flickity.min.css
IP
GET /flickity@2.3.0/dist/flickity.min.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 09:46:27 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"705-iG4rBnn9uZ8eW5XLtZHjveGiMLs"
via: 1.1 fly.io
fly-request-id: 01G754EEDGMX2J9V944NV9F6VR-fra
cf-cache-status: HIT
age: 17943299
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7908cd11b9111bfe-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:400,700
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400,700
IP
GET /css?family=Roboto:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 09:46:27 GMT
date: Sat, 28 Jan 2023 09:46:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
optassets.ontraport.com/tracking.js
200 OK 0 B URL HTTP/2 optassets.ontraport.com/tracking.js
IP
GET /tracking.js HTTP/1.1
Host: optassets.ontraport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 09:46:28 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=11886
etag: W/"63d2f128-2e6e"
last-modified: Thu, 26 Jan 2023 21:31:20 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
x-op-ca: 10.2.80.206
x-op-class: optassets
x-op-release: 3
cf-cache-status: HIT
age: 6326
expires: Sat, 28 Jan 2023 17:46:28 GMT
cache-control: public, max-age=28800
server: cloudflare
cf-ray: 7908cd164fa3b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
prod.cbstatic.net/dist/injectable.js
200 OK 0 B URL HTTP/2 prod.cbstatic.net/dist/injectable.js
IP
GET /dist/injectable.js HTTP/1.1
Host: prod.cbstatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://getcardiodefend.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Fri, 27 Jan 2023 13:09:23 GMT
last-modified: Mon, 21 Dec 2020 21:57:37 GMT
x-amz-version-id: RdcimFzJWwtinCAQ.f3F8OeQrj2.m2uJ
etag: W/"af651c30e1a69f6f2124e9c1d094a300"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HHJbMJhh2495JjdPABd1DKsX9DmhCa_bLDY1eeZIvu9OHxu9Lro3vg==
age: 74227
X-Firefox-Spdy: h2
getcardiodefend.net/extraBottle/?hop=mweb1&lead=0&subid=158
200 OK 0 B URL HTTP/2 getcardiodefend.net/extraBottle/?hop=mweb1&lead=0&subid=158
IP
GET /extraBottle/?hop=mweb1&lead=0&subid=158 HTTP/1.1
Host: getcardiodefend.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 28 Jan 2023 09:46:27 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r8RVjVJwEwP1v1tqoNpbJqR2gsu%2BIjAqgnWVt9Y8L4aEL5XHC08G%2Bfev2rhP7RVIIjGjiqBljP4SPWtfUicau9DZvgIWNw62EH830RFnh%2B9cnpaJ5zPP0cJrpbczJ5j8vztDHqvY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7908cd103dd7b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
154.26.136.25
23.61.236.204
93.184.220.29
157.240.200.14
82.102.27.18
104.16.125.175
188.114.96.1
212.32.237.92