firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 20 Sep 2022 13:36:52 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: v6S8hWmU295kIAwHNZCIw4TMiGNMH-Se8F-0hfTvvAMMRqN2b4mV2w==
Age: 3421
thereclinerrepairkenya.co.ke/
69.16.238.78301 Moved Permanently 245 B URL HTTP/1.1 thereclinerrepairkenya.co.ke/
IP 69.16.238.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 01e679845749ac2137a2fe4167ce0890
11a85d456d7ade247a8af53007ca10dcdb147cea
64331c406aba55a1f5d3b5163a7a827947727b40f5283d5209115ede75b5c082
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 20 Sep 2022 14:33:54 GMT
Server: Apache
Location: https://thereclinerrepairkenya.co.ke/
Cache-Control: max-age=600
Expires: Tue, 20 Sep 2022 14:43:54 GMT
Content-Length: 245
Keep-Alive: timeout=2, max=500
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 861cfa99de956423d917ed0ddbea4b9c
ad65dbc394b48b04a45c205f56af296c8d008db4
5c706b2718b1698995f4feb91223779aef4bf6dc967c31f9ef9a93873197d5f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9707
Expires: Tue, 20 Sep 2022 17:15:41 GMT
Date: Tue, 20 Sep 2022 14:33:54 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 20 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wZH6qPLeDmexSalw8hZOZzz7hpwJZembwWO1rJdAZB4mstL-LRCzfQ==
age: 35921
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 14:33:54 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 20 Sep 2022 14:03:22 GMT
Expires: Tue, 20 Sep 2022 14:28:18 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -OVyPLKIa6hA4CONLkchQyow9I8NnHV9ssvNb1mlHY3PdQjcClPkNg==
Age: 1833
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash edf07cd621f733b0eb50c632387ebf4f
61a082d26501c2c8d481b1676d0de2e585269613
e5c4324e4c55824b86f48bf0b9a1d317a82e7d3c19bdea7a91d78ce98d68a980
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1063
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:55 GMT
Last-Modified: Tue, 20 Sep 2022 14:16:12 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.165.41.15101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.165.41.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2J5TJlloSyVsT38AqX9pyQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zSEt89UiaHZv6bhSkGgL+thUm4s=
thereclinerrepairkenya.co.ke/
69.16.238.78200 OK 20 kB URL HTTP/2 thereclinerrepairkenya.co.ke/
IP 69.16.238.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (43582), with CRLF, LF line terminators
Hash 6104bf625e67afeaa88b93a182238229
a2565350a005459d553e137e7e6f3a2beb059760
4ccce4bed24de25a470f1347c75585792e93bd57928a87c9673966c1adf9eda9
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
link: <https://thereclinerrepairkenya.co.ke/wp-json/>; rel="https://api.w.org/", <https://thereclinerrepairkenya.co.ke/wp-json/wp/v2/pages/548>; rel="alternate"; type="application/json", <https://thereclinerrepairkenya.co.ke/>; rel=shortlink
cache-control: max-age=600
expires: Tue, 20 Sep 2022 14:43:55 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 20227
content-type: text/html; charset=UTF-8
date: Tue, 20 Sep 2022 14:33:55 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e34f594c2e3b9b6a81e4ae9fef80f363
b7f65f5fb0df328d3c863af6c9351923205645f2
bcedda132b602d90a62a5fbe07e7c37f69cce319fb4b84e1bed40b1200e9898b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e34f594c2e3b9b6a81e4ae9fef80f363
b7f65f5fb0df328d3c863af6c9351923205645f2
bcedda132b602d90a62a5fbe07e7c37f69cce319fb4b84e1bed40b1200e9898b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thereclinerrepairkenya.co.ke/wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=3.7.7
69.16.238.78200 OK 9.1 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=3.7.7
IP 69.16.238.78:0
File type ASCII text, with very long lines (45376)
Hash f93a86020ce823a3bf7700079f7529a9
4d30c3f900bb0bf392e33d9b580f62154fb618b2
04e2cc66d299632c29d71b8cb207551b4371a48e69b1833e3ddd3a0989f71e4d
GET /wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=3.7.7 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:04:39 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 9086
content-type: text/css
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
69.16.238.78200 OK 5.0 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 69.16.238.78:0
File type ASCII text, with very long lines (15660)
Hash e6624e0b978e6ddba476be41aaaa82df
822e920d8233072110ed7c8a7f379e5b13209b18
dac86a9ce08e4d8cded47b4fa900a664b0c997d8910c2a1be54a423678925a41
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 26 May 2022 16:49:54 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 5009
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/wpforms-lite/assets/css/wpforms-base.min.css?ver=1.7.2.1
69.16.238.78200 OK 3.8 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/wpforms-lite/assets/css/wpforms-base.min.css?ver=1.7.2.1
IP 69.16.238.78:0
File type ASCII text, with very long lines (22464)
Hash ec7365b0dbb836550ac8aec40fcd5ccd
fc40fee284e9309a36f9d6c88116ee7778c35502
9589cda048ad1ecc941bdd0fee64c0e35de658bd99ab9a942160c626aeadc245
GET /wp-content/plugins/wpforms-lite/assets/css/wpforms-base.min.css?ver=1.7.2.1 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:22:36 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3755
content-type: text/css
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.14.0
69.16.238.78200 OK 3.9 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.14.0
IP 69.16.238.78:0
File type ASCII text, with very long lines (19004)
Hash 5cfe64b61347ad8699dae0860d2ee68b
956f2647344b9338c71776c9e819595bc97324fb
770d5ab2de6db3cec78dad685927904a7fc84541d7b023717195c811ddb71cf3
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.14.0 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:21:54 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3919
content-type: text/css
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/uploads/elementor/css/post-516.css?ver=1644917082
69.16.238.78200 OK 413 B URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/uploads/elementor/css/post-516.css?ver=1644917082
IP 69.16.238.78:0
File type ASCII text, with very long lines (1220), with no line terminators
Hash 14bdbef3a58911060347e510f00b5488
ebf5542d3f1069f0dee7380c3acf0fa0d4581259
2f67b755c9bb4e485a3b84a199e54ef564b79b4e4004c7d3704f559f6b285143
GET /wp-content/uploads/elementor/css/post-516.css?ver=1644917082 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:24:42 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 413
content-type: text/css
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e34f594c2e3b9b6a81e4ae9fef80f363
b7f65f5fb0df328d3c863af6c9351923205645f2
bcedda132b602d90a62a5fbe07e7c37f69cce319fb4b84e1bed40b1200e9898b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.5.5
69.16.238.78200 OK 12 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.5.5
IP 69.16.238.78:0
File type ASCII text, with very long lines (65497)
Hash c5506c0fbffdb4907323e6a38485c2ca
339b6738afacc36b332465fe00f80656e4cfb6f5
4999fc65577144c341bc2840539aab355d20cad81d492354146c2a3f61057096
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.5.5 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:21:51 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 12540
content-type: text/css
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=3.5.5
69.16.238.78200 OK 4.2 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=3.5.5
IP 69.16.238.78:0
File type ASCII text, with very long lines (26516)
Hash d74abcef3df71d56667a44693f75c454
be993a7b5c88a550ef0dc19c4841f240e41967f8
8c8fb98c0a68a93f2bcf224fcc1bdaa1095fc1b3f5418f2e2c5fddcfa3dee410
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=3.5.5 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:22:00 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4229
content-type: text/css
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
69.16.238.78200 OK 12 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 69.16.238.78:0
File type ASCII text, with very long lines (43771)
Hash e5548800176e913a9084f47a3e1e04f6
eff4604acc5c26ae82a19188de2f98bf5b79d80c
a2569c768eaca09f2483b971fcebb97badd57c9a16b5ae3e16b8cdcd8c688b07
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Jul 2022 18:36:49 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 11681
content-type: text/css
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=3.5.5
69.16.238.78200 OK 13 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=3.5.5
IP 69.16.238.78:0
File type ASCII text, with very long lines (59158)
Hash d7913fc87c4606f82b4ee77a8d47fc2f
62a54acf7535ae53425b44dadfe5fdabf3d8300a
bb05c88bb0b82e2f14f1efb94b4c3511292f74c3bb7cb0b104d300a42a49492f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=3.5.5 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:22:00 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 12869
content-type: text/css
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/uploads/elementor/css/post-548.css?ver=1650369735
69.16.238.78200 OK 2.0 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/uploads/elementor/css/post-548.css?ver=1650369735
IP 69.16.238.78:0
File type ASCII text, with very long lines (21980), with no line terminators
Hash 8d2ee7b808a40d7f7409923da0127212
9d1b39313386f31678860cbde2934595867fdff7
8236aa12e39a72e6b5d3b7eecd095b766b147095af05ee354fdd954189c88f76
GET /wp-content/uploads/elementor/css/post-548.css?ver=1650369735 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 19 Apr 2022 12:02:15 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2039
content-type: text/css
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=3.5.5
69.16.238.78200 OK 4.2 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=3.5.5
IP 69.16.238.78:0
File type ASCII text, with very long lines (14869)
Hash 1fcdd9935a66511c3b8069495af248e3
b0e375ac95b547b3bb6ce74cd1bcc505ffc2281d
4a741209fc122872cb5ae018a5870d70848a616fa98eb4289ad78cec986ec282
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=3.5.5 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:22:02 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4205
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.5.5
69.16.238.78200 OK 2.6 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.5.5
IP 69.16.238.78:0
File type ASCII text, with very long lines (10019)
Hash 0ea81c35141c6a4692506e4fe8d36edb
392c5f96995e66d74c27ed5a42f93169c2f32d18
b7488fd21ad73e483cdcaf42097ea7787ffe0616477e29a537f53f6064e321ab
GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.5.5 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:21:56 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2592
content-type: text/css
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.7.7
69.16.238.78200 OK 3.9 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.7.7
IP 69.16.238.78:0
File type ASCII text, with very long lines (16278), with no line terminators
Hash f647ededec390e2056356c3ed01ef1d8
b80172a5458601f77191db1cc484a5cc1ee1c43a
b731e47f3c3a488d608da7a1aed7b9201f2cc4b3116679e59378195f4e9ed8b6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.7.7 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:04:39 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3898
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.5.5
69.16.238.78200 OK 2.2 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.5.5
IP 69.16.238.78:0
File type ASCII text, with very long lines (4866)
Hash e1b0fa15c3eeee3432e159b4289cf06c
b251ac6586e766ff696c3c384b2cd604c0e23655
95c0f48311b613f4cef6910411fa87d95217c205dd484da79ea0cee2e7552da7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.5.5 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:22:12 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2166
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
69.16.238.78200 OK 4.2 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 69.16.238.78:0
File type ASCII text, with very long lines (11126)
Hash 5629711d7fdd5b28441bac39b851299f
4e0bf2b7383097f7c352023a1b1b1b48a50356b6
44c444309c7a6c05ff4a9bc198bed9e9596bedb5658637c85689c9a471dcdd16
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 18 Nov 2020 11:36:06 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4169
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.5.5
69.16.238.78200 OK 4.6 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.5.5
IP 69.16.238.78:0
File type ASCII text, with very long lines (14196)
Hash 42826c179b7549f1bdcfc76dc7bfa9d0
186632500a0d140c04cabd888a3f27904d75e0ce
d92e84b2e1f53e258ca6e1ea2b8029887ec608f6d19e10cb894b36e6d3b2f9ed
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.5.5 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:22:02 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4610
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
69.16.238.78200 OK 3.0 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
IP 69.16.238.78:0
File type ASCII text, with very long lines (12198), with no line terminators
Hash cfea3c51880820f2962a7773fbc864f9
45aa7ddc9b0c4201097d0df36791ab346470b734
12296ac9ef200103f8eea198a2bcd92692119dacece39538499758a0349035fb
GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:22:02 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2993
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.min.js?ver=1.7.2.1
69.16.238.78200 OK 374 B URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.min.js?ver=1.7.2.1
IP 69.16.238.78:0
File type ASCII text, with very long lines (754), with no line terminators
Hash ef785f463505633971eae5c08ad626d4
624e22257f386801822229db3a4bbd2e24b25e2f
b2a0dc77f0f79d81698a7e3893e16ecba7b0d980b80a5233656d9b11f1d8160d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.min.js?ver=1.7.2.1 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:22:38 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 374
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-includes/js/wp-util.min.js?ver=6.0.2
69.16.238.78200 OK 705 B URL HTTP/2 thereclinerrepairkenya.co.ke/wp-includes/js/wp-util.min.js?ver=6.0.2
IP 69.16.238.78:0
File type ASCII text, with very long lines (1305)
Hash fc7e549ce428fe90eb910c14d23a1532
e3eb36861f16a8b3ea97e8e60a2033957fe58a2e
80226ac13b48a680f63f8258a251d2b9b4c87394459df6bd32732fd4e69c1bd3
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-util.min.js?ver=6.0.2 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 25 Jun 2021 17:20:58 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 705
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
69.16.238.78200 OK 6.9 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
IP 69.16.238.78:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash 7e2b78a6e8a9b90385330755ee1cf3e5
684c325f39d45e42ae44a9e42f5e9fe4fb0b909c
43f124dabb4bc663cc1cc8d3161c1e6365cf8445d873ed5d69bbfdb507cf24a9
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 26 May 2022 16:50:11 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 6914
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/wpforms-lite/assets/js/wpforms.min.js?ver=1.7.2.1
69.16.238.78200 OK 9.3 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/wpforms-lite/assets/js/wpforms.min.js?ver=1.7.2.1
IP 69.16.238.78:0
File type ASCII text, with very long lines (30764), with no line terminators
Hash 6e5ff115f8bee822b9b5dd6687791b4b
a69d85e555eb62354d5a8ee40ed735fe46ccdbdb
4e7c516f32d9773e5c82317295a6e4afbd2fc6b3953ed8934cbf2358c38cb332
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wpforms-lite/assets/js/wpforms.min.js?ver=1.7.2.1 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:22:41 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 9284
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.5.5
69.16.238.78200 OK 11 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.5.5
IP 69.16.238.78:0
File type ASCII text, with very long lines (36850)
Hash 7cb6e36f901b384374d8d4118c49c562
b406dc0cf7881ea56c21ea381dba3cfc68e0380c
cece9ef580338d81ad8388cb11fb81440b950aa18edf87dc74079042856b0294
GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.5.5 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:22:04 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 10775
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
69.16.238.78200 OK 31 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 69.16.238.78:0
File type ASCII text, with very long lines (65447)
Hash 9640915738503451aa21181699feab5b
c053eaf36ef0da96619706b3abda326305063bd6
f8834e669ad1f4039442c26aaa373ec39c35a233b9786d374fc3f670f16b0adc
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 10 Mar 2021 17:37:24 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 30908
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/wpforms-lite/assets/js/jquery.validate.min.js?ver=1.19.3
69.16.238.78200 OK 7.8 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/wpforms-lite/assets/js/jquery.validate.min.js?ver=1.19.3
IP 69.16.238.78:0
File type Unicode text, UTF-8 text, with very long lines (24292)
Hash 77070b1f5f2bebbb9e4a2e8fc8f534c8
7b3517e54d001fd84e4bf41d8405f6e7fff1e886
1086db35c3ef92c049541a01e5c08af303f1911c37865c54959841b5438017a0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wpforms-lite/assets/js/jquery.validate.min.js?ver=1.19.3 HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:22:41 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:56 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 7849
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:56 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f5180e6651455bc8443945fb5b6860c
01457b8648200c9d274b2790b95274b1dc855aaf
39301cccc2805993f794301cb01a70a954e7c8a8e5d6779acc4888f77d7282c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f5180e6651455bc8443945fb5b6860c
01457b8648200c9d274b2790b95274b1dc855aaf
39301cccc2805993f794301cb01a70a954e7c8a8e5d6779acc4888f77d7282c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.2
142.250.74.10200 OK 2.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.2
IP 142.250.74.10:0
Hash 99bd8837bdae89739209bd5bf37347d5
e7e4aa3786e315a7abee760cac56473b0dfc9c8d
89bc0a2599d5eb176b40dc969f70d61de3e9fe22f11babd3992d280344893b88
GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 20 Sep 2022 14:33:56 GMT
date: Tue, 20 Sep 2022 14:33:56 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fe5ffc0bb967bf39c053d24cdfae521a
87bc50876b1600714e2c29608bf4af00fbfbd23e
ceaf52d90eaf692a8da9f6c353d09011e26d8e2b971ec4c17fcbcab8676c70c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEAF52D90EAF692A8DA9F6C353D09011E26D8E2B971EC4C17FCBCAB8676C70C3"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5833
Expires: Tue, 20 Sep 2022 16:11:10 GMT
Date: Tue, 20 Sep 2022 14:33:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fe5ffc0bb967bf39c053d24cdfae521a
87bc50876b1600714e2c29608bf4af00fbfbd23e
ceaf52d90eaf692a8da9f6c353d09011e26d8e2b971ec4c17fcbcab8676c70c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEAF52D90EAF692A8DA9F6C353D09011E26D8E2B971EC4C17FCBCAB8676C70C3"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5833
Expires: Tue, 20 Sep 2022 16:11:10 GMT
Date: Tue, 20 Sep 2022 14:33:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fe5ffc0bb967bf39c053d24cdfae521a
87bc50876b1600714e2c29608bf4af00fbfbd23e
ceaf52d90eaf692a8da9f6c353d09011e26d8e2b971ec4c17fcbcab8676c70c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEAF52D90EAF692A8DA9F6C353D09011E26D8E2B971EC4C17FCBCAB8676C70C3"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5833
Expires: Tue, 20 Sep 2022 16:11:10 GMT
Date: Tue, 20 Sep 2022 14:33:57 GMT
Connection: keep-alive
fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2
142.250.74.163200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 21144, version 1.0\012- data
Hash 2bc7630144496092dc786ce63109e560
723df3658078cfed03c85e47f15fc439eb4331be
7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e
GET /s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thereclinerrepairkenya.co.ke
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21144
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Sep 2022 22:36:55 GMT
expires: Wed, 13 Sep 2023 22:36:55 GMT
cache-control: public, max-age=31536000
age: 575822
last-modified: Tue, 19 Apr 2022 19:43:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2
142.250.74.163200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 21724, version 1.0\012- data
Hash c3609c36a150ce088ea4dcab92b7c00b
0c18236a183e962533a4f61bff3ae2581313561a
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e
GET /s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thereclinerrepairkenya.co.ke
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21724
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Sep 2022 22:36:56 GMT
expires: Wed, 13 Sep 2023 22:36:56 GMT
cache-control: public, max-age=31536000
age: 575821
last-modified: Tue, 19 Apr 2022 19:29:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fe5ffc0bb967bf39c053d24cdfae521a
87bc50876b1600714e2c29608bf4af00fbfbd23e
ceaf52d90eaf692a8da9f6c353d09011e26d8e2b971ec4c17fcbcab8676c70c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEAF52D90EAF692A8DA9F6C353D09011E26D8E2B971EC4C17FCBCAB8676C70C3"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5833
Expires: Tue, 20 Sep 2022 16:11:10 GMT
Date: Tue, 20 Sep 2022 14:33:57 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ed7323b395e757f7766ea0045efdaca
8b91bc3069a3217bc719c27959d578b353b5d9dc
8daf8cb1464daa5f72bc4f1049adb4aba00b2c2dec11cb3ade3454ec2ebbfb63
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11832
x-amzn-requestid: 75065a71-5f2d-4987-915b-9bddc772c76a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugI_EsLIAMFdmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09f-1248d25405209da3353d4a4a;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7sCevVX1nGXxZxnrXSURjUcap1a7vCZwrMMIXfzcBPR1srMxJHLGUg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:07:05 GMT
age: 59212
etag: "8b91bc3069a3217bc719c27959d578b353b5d9dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28b8af49-2631-4a57-aeca-43e33f0f6d83.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28b8af49-2631-4a57-aeca-43e33f0f6d83.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c283017ec789693602177a2785177e21
ff8286c4d2cf87a1865d56d082bc5235dba60ad7
520db2567ad5529d35d2ac63b94d4186848382e9c86d0c4355ab979b34f0e0ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28b8af49-2631-4a57-aeca-43e33f0f6d83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11145
x-amzn-requestid: dcb726a6-2f43-4170-a53c-4f0d2883309e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yuh7yHfHIAMFu4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e37e-11bf06e96123e01c11854cbb;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:47:42 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: DwufJXA1yHz_jnJL0PWjCQYF9fa3jlJ0e-2hIomInAXCpmPISX3mjg==
via: 1.1 b47618c03bd47cf085f27b1e215f76cc.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:02:33 GMT
age: 59484
etag: "ff8286c4d2cf87a1865d56d082bc5235dba60ad7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1af9c9-23b5-42e1-b7c6-655c21db6627.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1af9c9-23b5-42e1-b7c6-655c21db6627.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ca0c1a7f205ad07f1cce80b26448873
0e14f5062e40ce94346494ff947bfcf74b5e88c1
ebc960279032671136749823c126ec807334d9eaf2b019abcc63b41bcdbf4a7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1af9c9-23b5-42e1-b7c6-655c21db6627.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9873
x-amzn-requestid: 7171299f-e6e3-40ef-a292-33779346e1ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugI-FDIIAMF-xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09f-31f9413434a6b00e77e7709b;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: evL3aL1ULo6B2a8Rp6iILKCX7F14O9HMSbEqkEY3XHFhmMptE8FaVw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 21:50:04 GMT
age: 60233
etag: "0e14f5062e40ce94346494ff947bfcf74b5e88c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b9b6fcc-4a98-463a-8c9c-a60812d5b535.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b9b6fcc-4a98-463a-8c9c-a60812d5b535.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a7d863845e96c5927e812f325c08c16
b8484fb5443344b03e52dd56b1d6c5682eb6221a
fcb382029332a44deaf212298b618074a752d674d0c735a1b8b861ab4bb6ff0f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b9b6fcc-4a98-463a-8c9c-a60812d5b535.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9865
x-amzn-requestid: 7eeeff5b-cb13-4060-96a6-bf5a4be57331
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugokGQVoAMFXmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e169-4211dbbe1a22d0255a45aff0;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:38:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: zDPKSOJ7SJImKcluUMhGvVMHv4t2oKLD2AJfGKAFSfedsdSA4VgZ_g==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:02:56 GMT
etag: "b8484fb5443344b03e52dd56b1d6c5682eb6221a"
content-type: image/jpeg
age: 59461
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30fbdfee7ec4513a5ff3dfcb7282f816
a852edb64a7220532aa619ab2a440c3a7e11b97a
4adee59f97bea412c6a0a786d0a27e431a497198b9047a75841b0a530803bdfe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9543
x-amzn-requestid: 17be04c9-54f0-4988-82dd-f13911a2a629
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugINHN1IAMF8iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09a-35496b4c21c23dec75257964;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: y3urrVdjZEds_DKf3yL2XfaOy-5UPBwU-YVWe5eKYsDpl3JPmqffsw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:23:30 GMT
age: 58227
etag: "a852edb64a7220532aa619ab2a440c3a7e11b97a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/WhatsApp-Image-2022-02-16-at-4.22.51-AM.jpeg
69.16.238.78200 OK 213 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/WhatsApp-Image-2022-02-16-at-4.22.51-AM.jpeg
IP 69.16.238.78:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x1280, components 3\012- data
Size 213 kB (213278 bytes)
Hash c956b555d1da4ca76e33352eafb2f95a
ce808cb6a551bce5dceb12ec5eab60b7aba487a7
c999b1932e4d8fb4879667e8bca7a8e4f891390a3838ef20a7fc945ee21a774f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2022/02/WhatsApp-Image-2022-02-16-at-4.22.51-AM.jpeg HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/wp-content/uploads/elementor/css/post-548.css?ver=1650369735
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 16 Feb 2022 12:25:52 GMT
accept-ranges: bytes
content-length: 213278
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:57 GMT
content-type: image/jpeg
date: Tue, 20 Sep 2022 14:33:57 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/WhatsApp-Image-2022-02-05-at-10.45.34-AM.jpeg
69.16.238.78200 OK 139 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/WhatsApp-Image-2022-02-05-at-10.45.34-AM.jpeg
IP 69.16.238.78:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x960, components 3\012- data
Size 139 kB (138609 bytes)
Hash 5268095ffa061c424d6ddcf475e93046
f80dbb45100091a074c812dd55a82fca932068f5
8ea4227368b726d24ff7a551a784dba2922d16ff670dae76e0ce9614c9b446b2
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2022/02/WhatsApp-Image-2022-02-05-at-10.45.34-AM.jpeg HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/wp-content/uploads/elementor/css/post-548.css?ver=1650369735
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:30:05 GMT
accept-ranges: bytes
content-length: 138609
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:57 GMT
content-type: image/jpeg
date: Tue, 20 Sep 2022 14:33:57 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/WhatsApp-Image-2022-02-05-at-10.45.45-AM-1.jpeg
69.16.238.78200 OK 266 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/WhatsApp-Image-2022-02-05-at-10.45.45-AM-1.jpeg
IP 69.16.238.78:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x1280, components 3\012- data
Size 266 kB (266178 bytes)
Hash ca7d0c8b7cb2db17490d6f50d51b83f5
13ea847947ce7d5585fed4ca25f2100e13104655
61a24cdf992cebe148e9bbab2518ca64786bdf5a52c33a66568905b50010194d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2022/02/WhatsApp-Image-2022-02-05-at-10.45.45-AM-1.jpeg HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/wp-content/uploads/elementor/css/post-548.css?ver=1650369735
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:29:39 GMT
accept-ranges: bytes
content-length: 266178
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:57 GMT
content-type: image/jpeg
date: Tue, 20 Sep 2022 14:33:57 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/sonic-w.jpg
69.16.238.78200 OK 91 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/sonic-w.jpg
IP 69.16.238.78:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 200x200, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6], baseline, precision 8, 929x512, components 3\012- data
Hash 6becc83d0562ac7356b997d677218b82
efda6b4558e25b190bf72465b83dccbfeca05fd9
884900931bcbb71ee9e97a363e6e22fc3b13e1aff3f8b11c4dc750f8d01cb94d
GET /wp-content/uploads/2022/02/sonic-w.jpg HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:18:25 GMT
accept-ranges: bytes
content-length: 90810
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:57 GMT
content-type: image/jpeg
date: Tue, 20 Sep 2022 14:33:57 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/WhatsApp-Image-2022-02-16-at-2.40.22-AM.jpeg
69.16.238.78200 OK 174 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/WhatsApp-Image-2022-02-16-at-2.40.22-AM.jpeg
IP 69.16.238.78:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1024, components 3\012- data
Size 174 kB (174090 bytes)
Hash bcce2d8ad93facff4b775c69d8a19384
ce2694e2bdd9645685649fd28bf466328c3bc243
2cf94d9fef7593801721a5fd8b37bf37d75a28aaa89262f0b38f35142de40ff7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2022/02/WhatsApp-Image-2022-02-16-at-2.40.22-AM.jpeg HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 16 Feb 2022 12:25:55 GMT
accept-ranges: bytes
content-length: 174090
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:57 GMT
content-type: image/jpeg
date: Tue, 20 Sep 2022 14:33:57 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/js/text-editor.289ae80d76f0c5abea44.bundle.min.js
69.16.238.78200 OK 660 B URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/js/text-editor.289ae80d76f0c5abea44.bundle.min.js
IP 69.16.238.78:0
File type ASCII text, with very long lines (1316)
Hash 2ea7da28e4cb8b4583c695e29adbbe13
3661204874da32f76a44058d10d79c4c4bf3b474
58fc430620895a08a3e2ea26add9fbd2329de60d6593f8ef26b4f6a9a70960e6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/js/text-editor.289ae80d76f0c5abea44.bundle.min.js HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:22:02 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:57 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 660
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:57 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/js/video.1a44ef088849d6949ada.bundle.min.js
69.16.238.78200 OK 1.3 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/plugins/elementor/assets/js/video.1a44ef088849d6949ada.bundle.min.js
IP 69.16.238.78:0
File type ASCII text, with very long lines (3285)
Hash df4ac5434b67542ce63ed46d2f5abc98
874e10d11a0c4331c6a94c82ffed72af43a2810e
d0d20918d09cac3cfe7883265c57acb4649d0992c320611e51842f3f63fbe3b7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/js/video.1a44ef088849d6949ada.bundle.min.js HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 09:22:08 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:57 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1312
content-type: application/javascript
date: Tue, 20 Sep 2022 14:33:57 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash bb4bdc4c3c6869c822618f0b9ef1bdc5
6a438b8d9d87aa30e0989ace7fc0d4cafce1f29d
eb762661b0a0ecc4ccdf50229ce134d0062e8d60698b7ed1970c5073b18f31ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/cropped-sonic-w-32x32.jpg
69.16.238.78200 OK 25 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/cropped-sonic-w-32x32.jpg
IP 69.16.238.78:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 200x200, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6], baseline, precision 8, 32x32, components 3\012- data
Hash 2a5a6463e394eae9c912ce518f014b97
ab58d979b052f9e205d5efb6007f1ecdb9b0cd9c
fb487aa6c7db60c9995132077d72c2b7805a183c3c8b1633107f4275f7e09243
GET /wp-content/uploads/2022/02/cropped-sonic-w-32x32.jpg HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 10:46:42 GMT
accept-ranges: bytes
content-length: 25372
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:57 GMT
content-type: image/jpeg
date: Tue, 20 Sep 2022 14:33:57 GMT
server: Apache
X-Firefox-Spdy: h2
thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/cropped-sonic-w-192x192.jpg
69.16.238.78200 OK 33 kB URL HTTP/2 thereclinerrepairkenya.co.ke/wp-content/uploads/2022/02/cropped-sonic-w-192x192.jpg
IP 69.16.238.78:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 200x200, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6], baseline, precision 8, 192x192, components 3\012- data
Hash 253d4db27a3300f7ff1c380545148f9e
92990171574f93831f38972789ff23aaa306fb17
596cb3122a49563334f2f5d168b293078698ca9599b731f1f43c8f505f77fc8f
GET /wp-content/uploads/2022/02/cropped-sonic-w-192x192.jpg HTTP/1.1
Host: thereclinerrepairkenya.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Feb 2022 10:46:42 GMT
accept-ranges: bytes
content-length: 33062
cache-control: max-age=2592000
expires: Thu, 20 Oct 2022 14:33:57 GMT
content-type: image/jpeg
date: Tue, 20 Sep 2022 14:33:57 GMT
server: Apache
X-Firefox-Spdy: h2
www.youtube.com/s/player/7577aaa2/www-widgetapi.vflset/www-widgetapi.js
142.250.74.14200 OK 54 kB URL HTTP/2 www.youtube.com/s/player/7577aaa2/www-widgetapi.vflset/www-widgetapi.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (717)
Hash 80b4b97e686ee273a3c35efed728ff4f
b70780183375fb301fde205984ad76990898944a
7e069356134f0a7e279ab1a5fe026bfbf0742d79e6ea62bd411ec9f94232e70a
GET /s/player/7577aaa2/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 53514
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 14:54:16 GMT
expires: Tue, 19 Sep 2023 14:54:16 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 19 Sep 2022 00:17:08 GMT
content-type: text/javascript
age: 85181
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 81fa7001b4b94f54d2ab4f3237ecaabb
e21bb07f34d9bed91f5caac3f9a83e9600a5652c
0ecbe6e0c5198d792a0eeb4197c88ec1d3a9f8b215efae7a6bb87776f7673b6a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e70b2859ca89b353682d03f6b46b93
ebd83f29edd95217dfa4f4c7a94eddf34dd58b14
43ad8f8b0a664bbec39e0410c1201498a2d2e36e5bd7d5ece8d65b15230ec50b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10894
x-amzn-requestid: 257316b9-2da7-4b43-a8b3-d89c088de1ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbsFXFpzoAMFkpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63215a22-6f365f587f25845668bf59b7;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 04:35:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LSbWIJN46uVGRdFSejE3rNtq5549StAmO0mQiKOjUED62cVh5ddd9Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 12:30:42 GMT
age: 67132
etag: "ebd83f29edd95217dfa4f4c7a94eddf34dd58b14"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Sep 2022 12:31:58 GMT
expires: Sun, 17 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 266519
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3146bb0aaba22619df206969792ed383
07db3170920b9ba82ecf00e6135eecf08f167942
cba7793fa0a6de6486e3515f886a42efeb21f3b4c84d5e7395f6468a5925d27f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dda77a44a7f9eeb9bd828f659ccb7e22
9af43f88835600fd3206e4f18b0c1c2571a3959c
c8effed6366a20b26e104fc4f64d24213eb357d61e7683e28f812d0c21edd044
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
216.58.207.230200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 216.58.207.230:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 14:29:23 GMT
expires: Tue, 20 Sep 2022 14:44:23 GMT
cache-control: public, max-age=900
age: 275
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.34302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Tue, 20 Sep 2022 14:33:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
172.217.21.170200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 172.217.21.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Tue, 20 Sep 2022 14:33:58 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
172.217.21.170200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 172.217.21.170:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 3f4923088ac821811029bfb80e5cb142
dfe587e16f5fb0aa852e1e437d61cfec9418a8b3
fac611b464870d4ec31cd01599d1a12e762fdf117b0d818df9def193718c0371
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 20 Sep 2022 14:33:58 GMT
server: ESF
cache-control: private
content-length: 30802
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3146bb0aaba22619df206969792ed383
07db3170920b9ba82ecf00e6135eecf08f167942
cba7793fa0a6de6486e3515f886a42efeb21f3b4c84d5e7395f6468a5925d27f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dda77a44a7f9eeb9bd828f659ccb7e22
9af43f88835600fd3206e4f18b0c1c2571a3959c
c8effed6366a20b26e104fc4f64d24213eb357d61e7683e28f812d0c21edd044
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c53364cae0510b97de38fb4b3396ff56
d6088b7fe775ebc077d116271fbe7fce898c06f0
2df909d86d97fbb9a27dd94ca9335ea29eae8f9325fccc8d0ef00a4f7cd7cdc6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/id?slf_rd=1
142.250.74.34200 OK 120 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id?slf_rd=1
IP 142.250.74.34:0
Hash c96fc81ffdae88144e7e9ab45cbb7d9a
02bfae5481b6b3cd8372e30358bf4db5008e0f99
5ff92d76bafdfdffd6aa8b1c7ced6d907d4db7e05bb5f0f063569c1796367825
GET /pagead/id?slf_rd=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Referer: https://www.youtube.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
content-type: application/json; charset=UTF-8
date: Tue, 20 Sep 2022 14:33:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 120
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/js/th/8jEuNRvllEtFmLzioZdbHhRQ_2cTQWhd6LiOGRrTeiw.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/8jEuNRvllEtFmLzioZdbHhRQ_2cTQWhd6LiOGRrTeiw.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (35918)
Hash b600177efe473664fb627ad35ffbc4db
b85f65be40c923277d1455e64a33966ee9fa0838
ec20323b3d03a9e3cb135ab17c27cee75eab248b40f3ebed5062d80ef18f961f
GET /js/th/8jEuNRvllEtFmLzioZdbHhRQ_2cTQWhd6LiOGRrTeiw.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14184
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 05:03:05 GMT
expires: Thu, 14 Sep 2023 05:03:05 GMT
cache-control: public, max-age=31536000
age: 552653
last-modified: Mon, 29 Aug 2022 11:00:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4aebec42ca2e6505dc8921d4e374fb5e
e43838649932d95af63c651d94b8ca67845156ef
01edca4a2f977f1dc6c0a068f97fd17e04dc96d88d9664107af3b2ffb6f18ffb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a65d65ea1518992714651808c0640c72
6d5ce80d391b02ef6bb7d8061f2c0292190e14b9
ba6f7792d3f64363e448078f3b2acf555dfe2b0b556bf7f6b5421cf236b2fe97
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash acd88936cf1da19211f818148fd2eea1
93f86a75e6c1a2b0caf138a54aa22a87c395abb3
1b8bdbbd226fb3db2197bc7c1425049bbd9c15ce63dd9c92168f5cfe6aca3459
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=243&aitags=133%2C134%2C135%2C160%2C242%2C243%2C244%2C278&source=youtube&requiressl=yes&mh=Pn&mm=31%2C29&mn=sn-capm-vnae%2Csn-5goeenez&ms=au%2Crdu&mv=u&mvi=2&pl=21&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=video%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1056165&dur=52.650&lmt=1645015411891000&mt=1663683894&fvip=1&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6319224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgMpX5XQCV492bUTjnIKHCvP4jgUF43ebHMk47jXpc-yUCICif-8K7jyWnU1qjr7YuiFGKULGHY55QunvJhRgv_OjV&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRgIhAK-9H_T1BMjc2BrfrCYOWS1V5gxHUhoQHWf57rej3EWCAiEA8PeOL_ic04A2IV-Avs6HeNfKi8dh8jZEGw6xNvk2ecc%3D&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&range=0-65918&rn=1&rbuf=0
91.90.45.173200 OK 1.1 kB URL HTTP/1.1 rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=243&aitags=133%2C134%2C135%2C160%2C242%2C243%2C244%2C278&source=youtube&requiressl=yes&mh=Pn&mm=31%2C29&mn=sn-capm-vnae%2Csn-5goeenez&ms=au%2Crdu&mv=u&mvi=2&pl=21&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=video%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1056165&dur=52.650&lmt=1645015411891000&mt=1663683894&fvip=1&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6319224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgMpX5XQCV492bUTjnIKHCvP4jgUF43ebHMk47jXpc-yUCICif-8K7jyWnU1qjr7YuiFGKULGHY55QunvJhRgv_OjV&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRgIhAK-9H_T1BMjc2BrfrCYOWS1V5gxHUhoQHWf57rej3EWCAiEA8PeOL_ic04A2IV-Avs6HeNfKi8dh8jZEGw6xNvk2ecc%3D&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&range=0-65918&rn=1&rbuf=0
IP 91.90.45.173:0
ASN #50304 Blix Solutions AS
File type ASCII text, with very long lines (1085), with no line terminators
Hash d49705c48edf4f055ee4c5b3ca0fffce
6b43fc36db6f3808def143b35c84223199e2a069
7083e73bfccff778a20202d349d7f999207b54f8beed5bd4020a09ad7568bf6c
GET /videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=243&aitags=133%2C134%2C135%2C160%2C242%2C243%2C244%2C278&source=youtube&requiressl=yes&mh=Pn&mm=31%2C29&mn=sn-capm-vnae%2Csn-5goeenez&ms=au%2Crdu&mv=u&mvi=2&pl=21&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=video%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1056165&dur=52.650&lmt=1645015411891000&mt=1663683894&fvip=1&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6319224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgMpX5XQCV492bUTjnIKHCvP4jgUF43ebHMk47jXpc-yUCICif-8K7jyWnU1qjr7YuiFGKULGHY55QunvJhRgv_OjV&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRgIhAK-9H_T1BMjc2BrfrCYOWS1V5gxHUhoQHWf57rej3EWCAiEA8PeOL_ic04A2IV-Avs6HeNfKi8dh8jZEGw6xNvk2ecc%3D&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&range=0-65918&rn=1&rbuf=0 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Tue, 20 Sep 2022 14:33:58 GMT
Expires: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 1085
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=251&source=youtube&requiressl=yes&mh=Pn&mm=31%2C29&mn=sn-capm-vnae%2Csn-5goeenez&ms=au%2Crdu&mv=u&mvi=2&pl=21&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=audio%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1094041&dur=52.661&lmt=1645015299464752&mt=1663683894&fvip=1&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6318224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAPzl1cGEaSGsIalM1GZtMFDjzGvYkHJaNaerkVHDgVQSAiAW4LsuXsp06-6Ls5N6NhNgfpQtWl95V0ZrzyILd5YiRw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRgIhAK-9H_T1BMjc2BrfrCYOWS1V5gxHUhoQHWf57rej3EWCAiEA8PeOL_ic04A2IV-Avs6HeNfKi8dh8jZEGw6xNvk2ecc%3D&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&range=0-65893&rn=2&rbuf=0
91.90.45.173200 OK 1.0 kB URL HTTP/1.1 rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=251&source=youtube&requiressl=yes&mh=Pn&mm=31%2C29&mn=sn-capm-vnae%2Csn-5goeenez&ms=au%2Crdu&mv=u&mvi=2&pl=21&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=audio%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1094041&dur=52.661&lmt=1645015299464752&mt=1663683894&fvip=1&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6318224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAPzl1cGEaSGsIalM1GZtMFDjzGvYkHJaNaerkVHDgVQSAiAW4LsuXsp06-6Ls5N6NhNgfpQtWl95V0ZrzyILd5YiRw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRgIhAK-9H_T1BMjc2BrfrCYOWS1V5gxHUhoQHWf57rej3EWCAiEA8PeOL_ic04A2IV-Avs6HeNfKi8dh8jZEGw6xNvk2ecc%3D&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&range=0-65893&rn=2&rbuf=0
IP 91.90.45.173:0
ASN #50304 Blix Solutions AS
File type ASCII text, with very long lines (1038), with no line terminators
Hash 829c39ebebb318049b185cde6bdf5c25
b6292e918687ec29b82b13932ce511a5c23e6409
610074dafaefd26544e31e05ae69080313a209b897ce59d5020563e328402d83
GET /videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=251&source=youtube&requiressl=yes&mh=Pn&mm=31%2C29&mn=sn-capm-vnae%2Csn-5goeenez&ms=au%2Crdu&mv=u&mvi=2&pl=21&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=audio%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1094041&dur=52.661&lmt=1645015299464752&mt=1663683894&fvip=1&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6318224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAPzl1cGEaSGsIalM1GZtMFDjzGvYkHJaNaerkVHDgVQSAiAW4LsuXsp06-6Ls5N6NhNgfpQtWl95V0ZrzyILd5YiRw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRgIhAK-9H_T1BMjc2BrfrCYOWS1V5gxHUhoQHWf57rej3EWCAiEA8PeOL_ic04A2IV-Avs6HeNfKi8dh8jZEGw6xNvk2ecc%3D&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&range=0-65893&rn=2&rbuf=0 HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Tue, 20 Sep 2022 14:33:58 GMT
Expires: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 1038
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash acd88936cf1da19211f818148fd2eea1
93f86a75e6c1a2b0caf138a54aa22a87c395abb3
1b8bdbbd226fb3db2197bc7c1425049bbd9c15ce63dd9c92168f5cfe6aca3459
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash df63c5967c0a9b90868d582bbd512ba3
90c180fb2683bde6614e6630a509dcb8d867cd49
12cc564ea174002cfafc50e20da5b37be7ccae96180902ab1e719637988d7427
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash df63c5967c0a9b90868d582bbd512ba3
90c180fb2683bde6614e6630a509dcb8d867cd49
12cc564ea174002cfafc50e20da5b37be7ccae96180902ab1e719637988d7427
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr1---sn-5goeenez.googlevideo.com/videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=251&source=youtube&requiressl=yes&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=audio%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1094041&dur=52.661&lmt=1645015299464752&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6318224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAPzl1cGEaSGsIalM1GZtMFDjzGvYkHJaNaerkVHDgVQSAiAW4LsuXsp06-6Ls5N6NhNgfpQtWl95V0ZrzyILd5YiRw%3D%3D&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Pn&mm=29&mn=sn-5goeenez&ms=rdu&mt=1663683212&mv=u&mvi=1&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAO9zd4FTG-sBW6i7D0eVK6NOS4oKG9Tq-kFvnNhi6B6ZAiEAzAIVq842N3cqJYd5bPaH8tGAKDx_xbnNjNgxWDoVTdw%3D&range=0-65893&rn=4&rbuf=0
74.125.111.6200 OK 1.0 kB URL HTTP/1.1 rr1---sn-5goeenez.googlevideo.com/videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=251&source=youtube&requiressl=yes&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=audio%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1094041&dur=52.661&lmt=1645015299464752&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6318224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAPzl1cGEaSGsIalM1GZtMFDjzGvYkHJaNaerkVHDgVQSAiAW4LsuXsp06-6Ls5N6NhNgfpQtWl95V0ZrzyILd5YiRw%3D%3D&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Pn&mm=29&mn=sn-5goeenez&ms=rdu&mt=1663683212&mv=u&mvi=1&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAO9zd4FTG-sBW6i7D0eVK6NOS4oKG9Tq-kFvnNhi6B6ZAiEAzAIVq842N3cqJYd5bPaH8tGAKDx_xbnNjNgxWDoVTdw%3D&range=0-65893&rn=4&rbuf=0
IP 74.125.111.6:0
File type ASCII text, with very long lines (1043), with no line terminators
Hash 78a424057d746399e75ffafd045a67e3
efb6b01ac69c324e1ef5dafa5c55e897c3d62d6d
837d46c5fcfc523f32d6c7176ecd7bb019083fba0cb452dcefe1e5f39e62c791
GET /videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=251&source=youtube&requiressl=yes&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=audio%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1094041&dur=52.661&lmt=1645015299464752&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6318224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAPzl1cGEaSGsIalM1GZtMFDjzGvYkHJaNaerkVHDgVQSAiAW4LsuXsp06-6Ls5N6NhNgfpQtWl95V0ZrzyILd5YiRw%3D%3D&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Pn&mm=29&mn=sn-5goeenez&ms=rdu&mt=1663683212&mv=u&mvi=1&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAO9zd4FTG-sBW6i7D0eVK6NOS4oKG9Tq-kFvnNhi6B6ZAiEAzAIVq842N3cqJYd5bPaH8tGAKDx_xbnNjNgxWDoVTdw%3D&range=0-65893&rn=4&rbuf=0 HTTP/1.1
Host: rr1---sn-5goeenez.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Tue, 20 Sep 2022 14:33:58 GMT
Expires: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 1043
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
rr1---sn-5goeenez.googlevideo.com/videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=243&aitags=133%2C134%2C135%2C160%2C242%2C243%2C244%2C278&source=youtube&requiressl=yes&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=video%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1056165&dur=52.650&lmt=1645015411891000&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6319224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgMpX5XQCV492bUTjnIKHCvP4jgUF43ebHMk47jXpc-yUCICif-8K7jyWnU1qjr7YuiFGKULGHY55QunvJhRgv_OjV&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Pn&mm=29&mn=sn-5goeenez&ms=rdu&mt=1663683212&mv=u&mvi=1&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAM8nIRL5y10IStEM2WWtCjUmQvcscZo8EYSR7I-MczD1AiEAm9L5CB7j7w2At6nmME8C_y8-mN_pZcPMApC1d29m9uA%3D&range=0-65918&rn=3&rbuf=0
74.125.111.6200 OK 1.1 kB URL HTTP/1.1 rr1---sn-5goeenez.googlevideo.com/videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=243&aitags=133%2C134%2C135%2C160%2C242%2C243%2C244%2C278&source=youtube&requiressl=yes&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=video%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1056165&dur=52.650&lmt=1645015411891000&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6319224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgMpX5XQCV492bUTjnIKHCvP4jgUF43ebHMk47jXpc-yUCICif-8K7jyWnU1qjr7YuiFGKULGHY55QunvJhRgv_OjV&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Pn&mm=29&mn=sn-5goeenez&ms=rdu&mt=1663683212&mv=u&mvi=1&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAM8nIRL5y10IStEM2WWtCjUmQvcscZo8EYSR7I-MczD1AiEAm9L5CB7j7w2At6nmME8C_y8-mN_pZcPMApC1d29m9uA%3D&range=0-65918&rn=3&rbuf=0
IP 74.125.111.6:0
File type ASCII text, with very long lines (1098), with no line terminators
Hash 8cff7f467ecc3f96eb7c88787e02fe8c
41b3580a3126576591f245286686a1e6fc8f0742
1ae758bd50df17035b5287dba6c9e00767033147acd59e931b33e5c485dea28c
GET /videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=243&aitags=133%2C134%2C135%2C160%2C242%2C243%2C244%2C278&source=youtube&requiressl=yes&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=video%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1056165&dur=52.650&lmt=1645015411891000&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6319224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgMpX5XQCV492bUTjnIKHCvP4jgUF43ebHMk47jXpc-yUCICif-8K7jyWnU1qjr7YuiFGKULGHY55QunvJhRgv_OjV&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&redirect_counter=1&cm2rm=sn-capm-vnae7l&cms_redirect=yes&cmsv=e&mh=Pn&mm=29&mn=sn-5goeenez&ms=rdu&mt=1663683212&mv=u&mvi=1&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAM8nIRL5y10IStEM2WWtCjUmQvcscZo8EYSR7I-MczD1AiEAm9L5CB7j7w2At6nmME8C_y8-mN_pZcPMApC1d29m9uA%3D&range=0-65918&rn=3&rbuf=0 HTTP/1.1
Host: rr1---sn-5goeenez.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Tue, 20 Sep 2022 14:33:58 GMT
Expires: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 1098
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b4c49cafcb6c1050bd6062ca77021b0f
391b19a1f787aaf2769aa4d8b77c8a494b7ccf58
9a41450a0f09390e532d6193d9309fee56fd9a2512375af64516f88b330674ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash df63c5967c0a9b90868d582bbd512ba3
90c180fb2683bde6614e6630a509dcb8d867cd49
12cc564ea174002cfafc50e20da5b37be7ccae96180902ab1e719637988d7427
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi/if5HaeTqWYs/sddefault.jpg
216.58.207.214200 OK 26 kB URL HTTP/2 i.ytimg.com/vi/if5HaeTqWYs/sddefault.jpg
IP 216.58.207.214:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x480, components 3\012- data
Hash bccfe50053cc0310b02bc0bd3813fd83
2782a2f857d9ac47243cb3804575ee0de0952909
c3c6cd8360b0229d98393c3dcf3fcba124285d0757442d061cf7a8c56ec0b8e0
GET /vi/if5HaeTqWYs/sddefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 25898
date: Tue, 20 Sep 2022 14:33:58 GMT
expires: Tue, 20 Sep 2022 16:33:58 GMT
cache-control: public, max-age=7200
etag: "0"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b4c49cafcb6c1050bd6062ca77021b0f
391b19a1f787aaf2769aa4d8b77c8a494b7ccf58
9a41450a0f09390e532d6193d9309fee56fd9a2512375af64516f88b330674ea
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
172.217.21.170200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 172.217.21.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Tue, 20 Sep 2022 14:33:59 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
yt3.ggpht.com/ytc/AMLnZu_OQULaHtRUyKhscINRe21LULN-G8aWU22cH1oJLA=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 3.3 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu_OQULaHtRUyKhscINRe21LULN-G8aWU22cH1oJLA=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 1d5940f7b778a5fc54caa6a86f950e4b
157e41ea7f9155089e1750b9d3e7274daf662c8f
e81c98df38d34bada71a1d242bcdc88d297b44da6120f12a1fdea812bb6a9828
GET /ytc/AMLnZu_OQULaHtRUyKhscINRe21LULN-G8aWU22cH1oJLA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v3479"
expires: Wed, 21 Sep 2022 14:33:59 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Tue, 20 Sep 2022 14:33:59 GMT
server: fife
content-length: 3252
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
172.217.21.170200 OK 114 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 172.217.21.170:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b1bf78ec01da82453fa6c84d92fd88ef
f07ef3774d6f251ebe0f73193397a3e289a13705
ba3b02e9819beedd1bc2babadcfc29afb4567fe81d23ceabd6b0c9696ef3ffd0
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1246
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 20 Sep 2022 14:33:59 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 652e49f0f16ee4961ca56d263bb2a962
97f122a7d03674a548043e408e50f23298a655d9
9a3333625d7b33bd64afbf14b87945f6db21aa413d567f9768f34da1da078da5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 652e49f0f16ee4961ca56d263bb2a962
97f122a7d03674a548043e408e50f23298a655d9
9a3333625d7b33bd64afbf14b87945f6db21aa413d567f9768f34da1da078da5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AMLnZu_OQULaHtRUyKhscINRe21LULN-G8aWU22cH1oJLA=s88-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 4.6 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu_OQULaHtRUyKhscINRe21LULN-G8aWU22cH1oJLA=s88-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 88x88, components 3\012- data
Hash 67f4cfc44911f07a859be0503ffab88b
7e763e7cdcd72a7256fe995403280a3a684cd1f1
44c203bb227c5c155a138cf223814b13ec833cb83bb6c4036d44dd2a59ff4418
GET /ytc/AMLnZu_OQULaHtRUyKhscINRe21LULN-G8aWU22cH1oJLA=s88-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v3479"
expires: Wed, 21 Sep 2022 14:33:59 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Tue, 20 Sep 2022 14:33:59 GMT
server: fife
content-length: 4593
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 67801aaa77b0226b24e48c3d2b0055ec
284e0390a9afeed4f556a2e7eac0e75c33b01d6c
b576b0b0307ccf104137b1427b246e30570da6c64a1c8116fe4e765a0562a308
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr5---sn-5hneknee.googlevideo.com/videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=243&aitags=133%2C134%2C135%2C160%2C242%2C243%2C244%2C278&source=youtube&requiressl=yes&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=video%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1056165&dur=52.650&lmt=1645015411891000&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6319224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgMpX5XQCV492bUTjnIKHCvP4jgUF43ebHMk47jXpc-yUCICif-8K7jyWnU1qjr7YuiFGKULGHY55QunvJhRgv_OjV&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&cm2rm=sn-capm-vnae7l,sn-5gos77e&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=Pn&mm=34&mn=sn-5hneknee&ms=ltu&mt=1663684382&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAMBhqBfeuQrz9oLBMuG7zKfsSxE9kP-9a8qINRgddqm8AiAYn3eOImfij5rU9aZNJtjfyPAEAoY9OEmJgctTNXKX4Q%3D%3D&range=0-65918&rn=6&rbuf=0
74.125.8.74200 OK 66 kB URL HTTP/1.1 rr5---sn-5hneknee.googlevideo.com/videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=243&aitags=133%2C134%2C135%2C160%2C242%2C243%2C244%2C278&source=youtube&requiressl=yes&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=video%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1056165&dur=52.650&lmt=1645015411891000&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6319224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgMpX5XQCV492bUTjnIKHCvP4jgUF43ebHMk47jXpc-yUCICif-8K7jyWnU1qjr7YuiFGKULGHY55QunvJhRgv_OjV&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&cm2rm=sn-capm-vnae7l,sn-5gos77e&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=Pn&mm=34&mn=sn-5hneknee&ms=ltu&mt=1663684382&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAMBhqBfeuQrz9oLBMuG7zKfsSxE9kP-9a8qINRgddqm8AiAYn3eOImfij5rU9aZNJtjfyPAEAoY9OEmJgctTNXKX4Q%3D%3D&range=0-65918&rn=6&rbuf=0
IP 74.125.8.74:0
File type WebM\012- EBML file, creator webmB\20\012- data
Hash 710e7483a5ba066c19e15f78146b1b2d
00e20ea2d8220dbb23fd042da9190d9ff95417db
06cdf72410c9c0e18f57adc6351c8447596382e85576aeaba0e1835f7d79006b
GET /videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=243&aitags=133%2C134%2C135%2C160%2C242%2C243%2C244%2C278&source=youtube&requiressl=yes&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=video%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1056165&dur=52.650&lmt=1645015411891000&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6319224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgMpX5XQCV492bUTjnIKHCvP4jgUF43ebHMk47jXpc-yUCICif-8K7jyWnU1qjr7YuiFGKULGHY55QunvJhRgv_OjV&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&cm2rm=sn-capm-vnae7l,sn-5gos77e&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=Pn&mm=34&mn=sn-5hneknee&ms=ltu&mt=1663684382&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAMBhqBfeuQrz9oLBMuG7zKfsSxE9kP-9a8qINRgddqm8AiAYn3eOImfij5rU9aZNJtjfyPAEAoY9OEmJgctTNXKX4Q%3D%3D&range=0-65918&rn=6&rbuf=0 HTTP/1.1
Host: rr5---sn-5hneknee.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Wed, 16 Feb 2022 12:43:31 GMT
Content-Type: video/webm
Date: Tue, 20 Sep 2022 14:33:59 GMT
Expires: Tue, 20 Sep 2022 14:33:59 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 65919
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
rr5---sn-5hneknee.googlevideo.com/videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=251&source=youtube&requiressl=yes&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=audio%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1094041&dur=52.661&lmt=1645015299464752&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6318224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAPzl1cGEaSGsIalM1GZtMFDjzGvYkHJaNaerkVHDgVQSAiAW4LsuXsp06-6Ls5N6NhNgfpQtWl95V0ZrzyILd5YiRw%3D%3D&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&cm2rm=sn-capm-vnae7l,sn-5gos77e&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=Pn&mm=34&mn=sn-5hneknee&ms=ltu&mt=1663684382&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgEiTCJKdepTbdsJf4PlOxjdr31KKZnZ3lFBB1pVDuSDcCIDHKJ57FG6j6foqogft4y8IFRF091tXHmmGiJVAaaua4&range=0-65893&rn=5&rbuf=0
74.125.8.74200 OK 66 kB URL HTTP/1.1 rr5---sn-5hneknee.googlevideo.com/videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=251&source=youtube&requiressl=yes&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=audio%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1094041&dur=52.661&lmt=1645015299464752&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6318224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAPzl1cGEaSGsIalM1GZtMFDjzGvYkHJaNaerkVHDgVQSAiAW4LsuXsp06-6Ls5N6NhNgfpQtWl95V0ZrzyILd5YiRw%3D%3D&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&cm2rm=sn-capm-vnae7l,sn-5gos77e&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=Pn&mm=34&mn=sn-5hneknee&ms=ltu&mt=1663684382&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgEiTCJKdepTbdsJf4PlOxjdr31KKZnZ3lFBB1pVDuSDcCIDHKJ57FG6j6foqogft4y8IFRF091tXHmmGiJVAaaua4&range=0-65893&rn=5&rbuf=0
IP 74.125.8.74:0
File type WebM\012- EBML file, creator webmB\20\012- data
Hash 64f5ace65862a0a1becf19929830c332
3669fecd16fb5ba15a029741a8849a78578c6bc2
7077c5f4244eb1f1b51836e836c5efb4815d4d495afdb76e0ba4afb873716bb2
GET /videoplayback?expire=1663706038&ei=Vs8pY_uHH4zV7QSM3bmoDA&ip=91.90.42.154&id=o-ACKgDlEh3lHFtJd8a4rE32niH75Oy0KF3XS3DjGNQN8y&itag=251&source=youtube&requiressl=yes&spc=yR2vp6XHXDJEx_qOalPvi6-vxxA8S70&vprv=1&mime=audio%2Fwebm&ns=AE3-darMtqP_IrYtYBF6cQsI&gir=yes&clen=1094041&dur=52.661&lmt=1645015299464752&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&rbqsm=fr&txp=6318224&n=3muIR32lj20JDQ&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhAPzl1cGEaSGsIalM1GZtMFDjzGvYkHJaNaerkVHDgVQSAiAW4LsuXsp06-6Ls5N6NhNgfpQtWl95V0ZrzyILd5YiRw%3D%3D&alr=yes&cpn=jBLNKcFFHGWdviJa&cver=1.20220918.00.00&cm2rm=sn-capm-vnae7l,sn-5gos77e&redirect_counter=2&cms_redirect=yes&cmsv=e&mh=Pn&mm=34&mn=sn-5hneknee&ms=ltu&mt=1663684382&mv=m&mvi=5&pl=21&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgEiTCJKdepTbdsJf4PlOxjdr31KKZnZ3lFBB1pVDuSDcCIDHKJ57FG6j6foqogft4y8IFRF091tXHmmGiJVAaaua4&range=0-65893&rn=5&rbuf=0 HTTP/1.1
Host: rr5---sn-5hneknee.googlevideo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Wed, 16 Feb 2022 12:41:39 GMT
Content-Type: audio/webm
Date: Tue, 20 Sep 2022 14:33:59 GMT
Expires: Tue, 20 Sep 2022 14:33:59 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 65894
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 652e49f0f16ee4961ca56d263bb2a962
97f122a7d03674a548043e408e50f23298a655d9
9a3333625d7b33bd64afbf14b87945f6db21aa413d567f9768f34da1da078da5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 14:33:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf62dac-1ffa-4daa-b23e-b3be303c9660.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf62dac-1ffa-4daa-b23e-b3be303c9660.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 29f4a52fb629dce4ef8038d4df7ea58a
4a5b84c77bd53f4c94e1af4a702f6f85b46b51b0
32cee35b22110b83738f49f49edb6efcedb54fe793d5ccc900004e16e3fefda3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf62dac-1ffa-4daa-b23e-b3be303c9660.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5827
x-amzn-requestid: 9a4bb6fa-13e5-4271-a5be-c551a570a5d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugoqHKbIAMF9WQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e16a-53ccce5d5ab40afc1d0901af;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:38:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: KPBiONnlEEPs-Ut0o1SS6KF7nIY586K95dYz2aCqGgq8CxSjN9773A==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:00:28 GMT
age: 59615
etag: "4a5b84c77bd53f4c94e1af4a702f6f85b46b51b0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Barlow%3A400%2C%2C700&display=fallback&ver=3.7.7
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Barlow%3A400%2C%2C700&display=fallback&ver=3.7.7
IP 142.250.74.10:0
GET /css?family=Barlow%3A400%2C%2C700&display=fallback&ver=3.7.7 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 20 Sep 2022 14:33:56 GMT
date: Tue, 20 Sep 2022 14:33:56 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
142.250.74.14200 OK 0 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.14:0
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thereclinerrepairkenya.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Tue, 20 Sep 2022 14:33:57 GMT
date: Tue, 20 Sep 2022 14:33:57 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=FZNTnM0cYhE; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=nHZ2MRL-nb0; Domain=.youtube.com; Expires=Sun, 19-Mar-2023 14:33:57 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+879; expires=Thu, 19-Sep-2024 14:33:57 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2