backupquest.top/kaspi
301 Moved Permanently 162 B IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Phishing
GET /kaspi HTTP/1.1
Host: backupquest.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 25 Sep 2022 18:25:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://backupquest.top/kaspi/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RZNN%2FlWbEy1cz4OTC1pPkPCq8UvtYoEZXzSAltDNWy8xUwqv%2FG1%2Fp64aOTISRxep2DqkiMi0oPQ1SKgeuDTIi8pbhn0FO3IzlQ%2FPBeWOJEDaex79FmgvTdisgpnIvUSEUpg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7505cd34385d0b51-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15345
Expires: Sun, 25 Sep 2022 22:41:02 GMT
Date: Sun, 25 Sep 2022 18:25:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 18:15:03 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CCwnBA4o0qhXjpmv830-93XxCN-GFCVFkOIO7QGgBddjIjGOCWPU0w==
Age: 614
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6-STtnBtNgrq7Ig-CdBiQWCv562GwpnX83GSmg2zjAeT79VX_DAoSA==
age: 49803
X-Firefox-Spdy: h2
backupquest.top/kaspi/
200 OK 63 B IP
File type HTML document, ASCII text, with no line terminators
Hash bdab75acd4bfe025fba02d1fb4962cde
c9062aa63449a000cbcfa0429ff6a7f92903692d
892190d91438df89aa3ca51006daae9c4c5991d3b52fc3b817665b9d3b8a241e
Analyzer Verdict Alert fortinet Phishing
GET /kaspi/ HTTP/1.1
Host: backupquest.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 18:25:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e9EN7K%2F8qbeqClfE8joJx7UzWye6A%2FZaMdebUAG1w9mwrFg5CsTu4m8t4sdgIdbL8fzgx6jAld%2B03QIX1AwySK8jtJIaYfjzRnozQ%2BfQpQg434QrZMbDOk%2BxOU2PlTVQGNM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7505cd35fa090b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 18:25:17 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
backupquest.top/kaspi/
200 OK 16 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (439), with CRLF line terminators
Hash 062e3cdf05d1f2d9cabdb8724421bdcb
668494d6beb83b28eef37d2b1b1f6f00dc3d10ba
f8c365ced68b09cf53c5eb2fa83d04d82fc9e58f48b5ca0641e11f195b1daf39
Analyzer Verdict Alert fortinet Phishing
GET /kaspi/ HTTP/1.1
Host: backupquest.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 18:25:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1kT9ZgZlkqiWRbwzVXFZYYhQdIaSX23RgRxRu5W13H415910Jsjy5qhIJu3SwciycurNEwzlQRh95W5%2FKOaPosLFCoOmkBY2ni8m%2BwHTY0aNJVUT7zksaqplLrSoFNpvtiA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7505cd374c730b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
backupquest.top/kaspi/static/sur.css
200 OK 3.8 kB URL HTTP/1.1 backupquest.top/kaspi/static/sur.css
IP
File type ASCII text, with CRLF line terminators
Hash b40c692d3052ce10b3c59ec4d4060085
fb5062d7e3f0204e8f60cbb665dac4102986a9c7
9381b5145c3805f8c222bd5f96b8a42221e998baa92da1db6ee90940b5edfc99
GET /kaspi/static/sur.css HTTP/1.1
Host: backupquest.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://backupquest.top/kaspi/
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 18:25:18 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 25 Feb 2022 20:16:56 GMT
Vary: Accept-Encoding
ETag: W/"62193938-398e"
Expires: Mon, 26 Sep 2022 06:25:18 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CAcbQTIiTGTJTa9wnOELgzE4j673UemO7lnIiB3%2B%2BhrmdGjQ0dD%2B0w1grBx6tBu70CnYHcoP41%2FwiHFXEOnCrXOXfskmBzWXDD6RTYeYA5%2BFKVTgyhBu2Tsq5W1hr3hFfgg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7505cd381d780b51-OSL
alt-svc: h2=":443"; ma=60
benfly.net/js/responsive.js
200 OK 3.3 kB URL HTTP/1.1 benfly.net/js/responsive.js
IP
ASN #201702 skHosting.eu s.r.o.
Hash c73b78ce175ab6d220bc9d36887cb801
bc235a64616537bd4efb2652c5333f24d764c4d5
d9d88d83a3f02dc448ce1c0abfee8d267bb3409266a34bd79cc28276afde195d
GET /js/responsive.js HTTP/1.1
Host: benfly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://backupquest.top/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Sep 2022 18:25:18 GMT
Content-Type: application/javascript
Content-Length: 3283
Last-Modified: Tue, 20 Sep 2022 17:57:57 GMT
Connection: keep-alive
ETag: "6329ff25-cd3"
Accept-Ranges: bytes
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 37ea040313ea503e3b3f5a643d7d406b
c31d5065384d4c9ca7ff199f2c76020e523030d8
7fb525769198e17f75513a764decb539e15c9de2343f1ed6bb6c3c74bdca60ba
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "7FB525769198E17F75513A764DECB539E15C9DE2343F1ED6BB6C3C74BDCA60BA"
Last-Modified: Sat, 24 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21579
Expires: Mon, 26 Sep 2022 00:24:57 GMT
Date: Sun, 25 Sep 2022 18:25:18 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 37ea040313ea503e3b3f5a643d7d406b
c31d5065384d4c9ca7ff199f2c76020e523030d8
7fb525769198e17f75513a764decb539e15c9de2343f1ed6bb6c3c74bdca60ba
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "7FB525769198E17F75513A764DECB539E15C9DE2343F1ED6BB6C3C74BDCA60BA"
Last-Modified: Sat, 24 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21526
Expires: Mon, 26 Sep 2022 00:24:04 GMT
Date: Sun, 25 Sep 2022 18:25:18 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash f027a38d7fb49bb6dc196176086c4ca2
db7fc9cd444aa8b2bdaed87902c6c6cdf1945946
3698f7925bccdbabfa059ea4898a4b01b786782e5c822181568af2f3e7013838
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3698F7925BCCDBABFA059EA4898A4B01B786782E5C822181568AF2F3E7013838"
Last-Modified: Sun, 25 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21576
Expires: Mon, 26 Sep 2022 00:24:54 GMT
Date: Sun, 25 Sep 2022 18:25:18 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash 37ea040313ea503e3b3f5a643d7d406b
c31d5065384d4c9ca7ff199f2c76020e523030d8
7fb525769198e17f75513a764decb539e15c9de2343f1ed6bb6c3c74bdca60ba
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "7FB525769198E17F75513A764DECB539E15C9DE2343F1ED6BB6C3C74BDCA60BA"
Last-Modified: Sat, 24 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21503
Expires: Mon, 26 Sep 2022 00:23:41 GMT
Date: Sun, 25 Sep 2022 18:25:18 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash f027a38d7fb49bb6dc196176086c4ca2
db7fc9cd444aa8b2bdaed87902c6c6cdf1945946
3698f7925bccdbabfa059ea4898a4b01b786782e5c822181568af2f3e7013838
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3698F7925BCCDBABFA059EA4898A4B01B786782E5C822181568AF2F3E7013838"
Last-Modified: Sun, 25 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21495
Expires: Mon, 26 Sep 2022 00:23:33 GMT
Date: Sun, 25 Sep 2022 18:25:18 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash dde08ad6d0d33c288ad70cce74175fbb
de2d638241098268be6c8fc01b748fde38f1dd96
164fa18665323f6274da69ec244a59054ac277e17c5792a04eb2907758e0e586
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 18:25:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 5081dc1508d43c1e614957b7a94bab1a
4eecce92d0ed0a867a5c6545238b8ec255aded8b
17aeec36af397aa62a479b610a5dd05987c22cbb58d26d4e79b3e403af5cf9b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 18:25:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 58b52380a6b5c598d1ad88e8da148137
a56206a0277aea6e8e2f7629793aba713d8edd0c
561a57c27dfa1f8651a89292428576b626e8700b9cd6b8173a0ce121aa8f9f4a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 18:25:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash dde08ad6d0d33c288ad70cce74175fbb
de2d638241098268be6c8fc01b748fde38f1dd96
164fa18665323f6274da69ec244a59054ac277e17c5792a04eb2907758e0e586
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 18:25:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash dde08ad6d0d33c288ad70cce74175fbb
de2d638241098268be6c8fc01b748fde38f1dd96
164fa18665323f6274da69ec244a59054ac277e17c5792a04eb2907758e0e586
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 18:25:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1.bp.blogspot.com/-ZEoj6vDnH68/YR83f1jlIPI/AAAAAAAACuU/Kqtsq2BEidQVeo6Y2sL7EbonvrQVP0O9wCLcBGAsYHQ/s0/%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-44.jpg
200 OK 12 kB URL HTTP/2 1.bp.blogspot.com/-ZEoj6vDnH68/YR83f1jlIPI/AAAAAAAACuU/Kqtsq2BEidQVeo6Y2sL7EbonvrQVP0O9wCLcBGAsYHQ/s0/%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-44.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 290x300, components 3\012- data
Hash 8804fa691db41ec8c25806c32c765ff2
5c377a594dce22f171211e6ad025177caca214fa
647b1e3785f511769b931ba3c29062a5d4502f37161c1bb706e82467f9965fca
GET /-ZEoj6vDnH68/YR83f1jlIPI/AAAAAAAACuU/Kqtsq2BEidQVeo6Y2sL7EbonvrQVP0O9wCLcBGAsYHQ/s0/%25E6%259C%25AA%25E6%25A0%2587%25E9%25A2%2598-44.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="___-44.jpg";filename*=UTF-8''%E6%9C%AA%E6%A0%87%E9%A2%98-44.jpg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 12491
x-xss-protection: 0
date: Sun, 25 Sep 2022 17:47:34 GMT
expires: Wed, 20 Jul 2022 01:16:59 GMT
cache-control: public, max-age=86400, no-transform
age: 2264
etag: "vafb"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e2b0e2a0e4d31967fbe7264b95784031
208ba2485ed3985956e77f478584b404641adb1e
d0237279812199df65ef10bd82c85399f953af39830f6376627e033c3081e7c7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D0237279812199DF65EF10BD82C85399F953AF39830F6376627E033C3081E7C7"
Last-Modified: Sun, 25 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18711
Expires: Sun, 25 Sep 2022 23:37:09 GMT
Date: Sun, 25 Sep 2022 18:25:18 GMT
Connection: keep-alive
1.bp.blogspot.com/-JeUUXd97x3M/YAqO3Tit9zI/AAAAAAAAAkA/30Uau3Asv6c0GK8aK2hCwwbrVTVL_mQYgCLcBGAsYHQ/s0/cdx.png
200 OK 404 B URL HTTP/2 1.bp.blogspot.com/-JeUUXd97x3M/YAqO3Tit9zI/AAAAAAAAAkA/30Uau3Asv6c0GK8aK2hCwwbrVTVL_mQYgCLcBGAsYHQ/s0/cdx.png
IP
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 957c4baee13b9d7f31e1ba5131d18320
4a354e2bca8914751654e551d1fbcea4bede071b
f42c523b8880c33c6cb0fe8276ce98a9abced7de968418c45592c02630a926f6
GET /-JeUUXd97x3M/YAqO3Tit9zI/AAAAAAAAAkA/30Uau3Asv6c0GK8aK2hCwwbrVTVL_mQYgCLcBGAsYHQ/s0/cdx.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="cdx.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 404
x-xss-protection: 0
date: Sun, 25 Sep 2022 15:27:26 GMT
expires: Sun, 14 Nov 2021 01:37:25 GMT
cache-control: public, max-age=86400, no-transform
age: 10672
etag: "v241"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sun, 25 Sep 2022 18:04:17 GMT
Expires: Sun, 25 Sep 2022 18:09:45 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CePtCLb4l5RHlW672hu7NDRrZFyihZeMN_4k9WkMv-Us3AZXyJ9f4Q==
Age: 1261
1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
200 OK 181 kB URL HTTP/2 1.bp.blogspot.com/-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png
IP
File type PNG image data, 497 x 308, 8-bit/color RGBA, non-interlaced\012- data
Size 181 kB (180954 bytes)
Hash fd835c1f326d3e7da0d9839550f66723
5004618bc15011d7d0f569f60f900d076b164b3d
b2286c3ed452ee4eeb15d2044a90cfc456d4789b2fdbe42bb9e023c9da18e4a8
GET /-6OjTtrMq588/YKsjbL-wmoI/AAAAAAAABhs/UuUHtZD40v4QF-PMdm29IuYEYXf1-gCCwCLcBGAsYHQ/s16000/Norway_outbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_outbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 180954
x-xss-protection: 0
date: Sun, 25 Sep 2022 16:38:17 GMT
expires: Wed, 17 Nov 2021 05:57:49 GMT
cache-control: public, max-age=86400, no-transform
age: 6421
etag: "v632"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
200 OK 14 kB URL HTTP/2 1.bp.blogspot.com/-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png
IP
File type PNG image data, 350 x 251, 8-bit colormap, non-interlaced\012- data
Hash ff055162c5d233506eece3fb69a47e74
49812e303ae6674819b6a7a6e0721d555ef64df4
7e46c8bcf219a0d6f0f3d5c5b027ed613678a0c54d637172d6495f428ff80150
GET /-T_4FPQJDXos/YKsjbNLDpRI/AAAAAAAABho/lE-RXu-La9UZUtmJisWFGBB7Gyzc2-M_QCLcBGAsYHQ/s16000/Norway_inbox.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="Norway_inbox.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 13695
x-xss-protection: 0
date: Sun, 25 Sep 2022 16:38:17 GMT
expires: Mon, 22 Nov 2021 12:23:38 GMT
cache-control: public, max-age=86400, no-transform
age: 6421
etag: "v630"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-ECQ3BZLVQS
200 OK 75 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-ECQ3BZLVQS
IP
File type ASCII text, with very long lines (17807)
Hash 5dae926e2cdf83ecb54cb67215077e96
8981e9a458fa129c77443ab3af07dc4ccb2982ad
c0830448f9b6e81c44a816b710ff786a158c91eb3cc4b89d74edeb9c90383c5f
GET /gtag/js?id=G-ECQ3BZLVQS HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 25 Sep 2022 18:25:18 GMT
expires: Sun, 25 Sep 2022 18:25:18 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74574
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/--AoG0eWSCqo/YgCV5UnS6VI/AAAAAAAAErI/yaR1RC9r0PU2Q6yzIOqRpeLZEQxiczAJgCNcBGAsYHQ/s16000/1644205540070550-1.png
200 OK 20 kB URL HTTP/2 1.bp.blogspot.com/--AoG0eWSCqo/YgCV5UnS6VI/AAAAAAAAErI/yaR1RC9r0PU2Q6yzIOqRpeLZEQxiczAJgCNcBGAsYHQ/s16000/1644205540070550-1.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, orientation=upper-left, software=Google], baseline, precision 8, 150x150, components 3\012- data
Hash d8167af1cfb3fa0b85fcd7b194082507
28e62537621b3806e63b7f90a9d70eb5d5d41605
893d03a5d0fba45d436b333e58a190beb58be7787357c50320adc80a2635fddc
GET /--AoG0eWSCqo/YgCV5UnS6VI/AAAAAAAAErI/yaR1RC9r0PU2Q6yzIOqRpeLZEQxiczAJgCNcBGAsYHQ/s16000/1644205540070550-1.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="1644205540070550-1.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 19605
x-xss-protection: 0
date: Sun, 25 Sep 2022 18:25:18 GMT
expires: Sun, 25 Sep 2022 06:11:49 GMT
cache-control: public, max-age=86400, no-transform
etag: "v12b7"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-Kh_UmES1MaM/YHgCow_lL9I/AAAAAAAABBM/pk1tEVA_Wic2ZJkw557utRV_IwcTMbdAACLcBGAsYHQ/s16000/5.jpg
200 OK 12 kB URL HTTP/2 1.bp.blogspot.com/-Kh_UmES1MaM/YHgCow_lL9I/AAAAAAAABBM/pk1tEVA_Wic2ZJkw557utRV_IwcTMbdAACLcBGAsYHQ/s16000/5.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 200x200, components 3\012- data
Hash fc33936ede6b08c297f29fda3b59ca14
08803d2fa1a3017b14b4061c7815fccf0fa3c6b7
ffaa915dcc260544f0642dce33f40bb9a54ca0f48ecc6c61e125307967741f6a
GET /-Kh_UmES1MaM/YHgCow_lL9I/AAAAAAAABBM/pk1tEVA_Wic2ZJkw557utRV_IwcTMbdAACLcBGAsYHQ/s16000/5.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="5.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 12445
x-xss-protection: 0
date: Sun, 25 Sep 2022 17:47:34 GMT
expires: Sun, 14 Nov 2021 01:43:52 GMT
cache-control: public, max-age=86400, no-transform
age: 2264
etag: "v44c"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-BMKo2R7DDdA/YHgCr8M3hGI/AAAAAAAABCU/4ajZhoKQPTUDWq4N4-CITg0dpP4KeCoAACLcBGAsYHQ/s16000/66.jpg
200 OK 12 kB URL HTTP/2 1.bp.blogspot.com/-BMKo2R7DDdA/YHgCr8M3hGI/AAAAAAAABCU/4ajZhoKQPTUDWq4N4-CITg0dpP4KeCoAACLcBGAsYHQ/s16000/66.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 200x200, components 3\012- data
Hash 2341518e144f8a92c79374170d3d8512
aa95e2c9c48867ff62f300b0467c8179af8711dc
192f7caac8fb73b2d7db477958de65df575a77e4626a2aa4c5864e08573681a2
GET /-BMKo2R7DDdA/YHgCr8M3hGI/AAAAAAAABCU/4ajZhoKQPTUDWq4N4-CITg0dpP4KeCoAACLcBGAsYHQ/s16000/66.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="66.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 11726
x-xss-protection: 0
date: Sun, 25 Sep 2022 18:25:18 GMT
expires: Fri, 11 Feb 2022 18:22:18 GMT
cache-control: public, max-age=86400, no-transform
etag: "v452"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-OCwBDUYVnw0/YHgCs8V1VbI/AAAAAAAABCw/t7VBnYf075gn1ooZhO1p9ctacQCjJkpkgCLcBGAsYHQ/s16000/72.jpg
200 OK 12 kB URL HTTP/2 1.bp.blogspot.com/-OCwBDUYVnw0/YHgCs8V1VbI/AAAAAAAABCw/t7VBnYf075gn1ooZhO1p9ctacQCjJkpkgCLcBGAsYHQ/s16000/72.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 200x200, components 3\012- data
Hash e986a3c1e47c70519a1ffce8ce37db93
d13a8c7943fd5523a78b13e47b2002c0f47615c6
66cdb11e0fda4d501f58996c888c559a0c930999917f21cdb3d5267eb5084c12
GET /-OCwBDUYVnw0/YHgCs8V1VbI/AAAAAAAABCw/t7VBnYf075gn1ooZhO1p9ctacQCjJkpkgCLcBGAsYHQ/s16000/72.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="72.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 12396
x-xss-protection: 0
date: Sun, 25 Sep 2022 18:25:18 GMT
expires: Fri, 23 Sep 2022 05:26:52 GMT
cache-control: public, max-age=86400, no-transform
etag: "v452"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-Giid1Qcwd1Y/YgCV3doxlYI/AAAAAAAAEq8/Qa8RlelUVyEWeyIwpuIpI_Os4k-D7VVXQCNcBGAsYHQ/s16000/1644205531717885-4.png
200 OK 26 kB URL HTTP/2 1.bp.blogspot.com/-Giid1Qcwd1Y/YgCV3doxlYI/AAAAAAAAEq8/Qa8RlelUVyEWeyIwpuIpI_Os4k-D7VVXQCNcBGAsYHQ/s16000/1644205531717885-4.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, orientation=upper-left, software=Google], baseline, precision 8, 150x150, components 3\012- data
Hash 590e09b38cfef2f8b7176e278d89b9a7
f065f94068bcb0422c7997dfd3e9d3f2c845d55a
72d8fe4bcd8a5a427e6bd1bd146b5c27b0ae325ee01eca3db857feeb7b0b78d3
GET /-Giid1Qcwd1Y/YgCV3doxlYI/AAAAAAAAEq8/Qa8RlelUVyEWeyIwpuIpI_Os4k-D7VVXQCNcBGAsYHQ/s16000/1644205531717885-4.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="1644205531717885-4.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 25786
x-xss-protection: 0
date: Sun, 25 Sep 2022 18:25:18 GMT
expires: Fri, 23 Sep 2022 08:15:08 GMT
cache-control: public, max-age=86400, no-transform
etag: "v12b5"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-TPd74mmZuYY/YgCV4todeDI/AAAAAAAAErE/HJ8HR-0ymukw1GyqjY_7zaMMac7YmIu-wCNcBGAsYHQ/s16000/1644205537411479-2.png
200 OK 23 kB URL HTTP/2 1.bp.blogspot.com/-TPd74mmZuYY/YgCV4todeDI/AAAAAAAAErE/HJ8HR-0ymukw1GyqjY_7zaMMac7YmIu-wCNcBGAsYHQ/s16000/1644205537411479-2.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, orientation=upper-left, software=Google], baseline, precision 8, 150x151, components 3\012- data
Hash dfc1f9a0fc43e889f6ddd10facb1c6b2
d8ee278a61c74cb6b28ab7267a2e52adc0eba131
d8c608caa9a55a9bdc96ebbfc787df970638ce47d36c2e45da1b646d411e74a1
GET /-TPd74mmZuYY/YgCV4todeDI/AAAAAAAAErE/HJ8HR-0ymukw1GyqjY_7zaMMac7YmIu-wCNcBGAsYHQ/s16000/1644205537411479-2.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="1644205537411479-2.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 23378
x-xss-protection: 0
date: Sun, 25 Sep 2022 18:25:18 GMT
expires: Fri, 23 Sep 2022 08:15:08 GMT
cache-control: public, max-age=86400, no-transform
etag: "v12b6"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-GX6a85RJ3bc/YHgCxAtaJoI/AAAAAAAABEU/v0C8BwYyTe4XU95OKsp9xgzbUlb1UKrnwCLcBGAsYHQ/s16000/94.jpg
200 OK 12 kB URL HTTP/2 1.bp.blogspot.com/-GX6a85RJ3bc/YHgCxAtaJoI/AAAAAAAABEU/v0C8BwYyTe4XU95OKsp9xgzbUlb1UKrnwCLcBGAsYHQ/s16000/94.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 200x199, components 3\012- data
Hash 122d3fb9f6a578875dd10bcf7e3a8c33
1351bee5e612853103b4cbbf464024f0803826a9
64a09fe654a9665567bb9a56a03fa1e274e6e35b960fb9e65218e30c246b1a92
GET /-GX6a85RJ3bc/YHgCxAtaJoI/AAAAAAAABEU/v0C8BwYyTe4XU95OKsp9xgzbUlb1UKrnwCLcBGAsYHQ/s16000/94.jpg HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="94.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 12065
x-xss-protection: 0
date: Sun, 25 Sep 2022 18:25:18 GMT
expires: Tue, 08 Mar 2022 08:51:58 GMT
cache-control: public, max-age=86400, no-transform
etag: "v450"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 5081dc1508d43c1e614957b7a94bab1a
4eecce92d0ed0a867a5c6545238b8ec255aded8b
17aeec36af397aa62a479b610a5dd05987c22cbb58d26d4e79b3e403af5cf9b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 18:25:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 58b52380a6b5c598d1ad88e8da148137
a56206a0277aea6e8e2f7629793aba713d8edd0c
561a57c27dfa1f8651a89292428576b626e8700b9cd6b8173a0ce121aa8f9f4a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 18:25:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash fd3b36dc2b620b48de491a8d9ba00fc0
be67ba7db5215dcb7c9225876e35a5e0a5005c9e
28205ee62c77b1caad6cc24c1ce98ddb92d26f67d41270f7d5278208a907c62f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 607
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 18:25:18 GMT
Last-Modified: Sun, 25 Sep 2022 18:15:11 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
1.bp.blogspot.com/-GLfrQgx7GZQ/YgCV6LOxNkI/AAAAAAAAErM/ekZ9XtX_ZicE5rHaTZxMD9D0TSvg8wziACNcBGAsYHQ/s16000/1644205542921793-0.png
200 OK 19 kB URL HTTP/2 1.bp.blogspot.com/-GLfrQgx7GZQ/YgCV6LOxNkI/AAAAAAAAErM/ekZ9XtX_ZicE5rHaTZxMD9D0TSvg8wziACNcBGAsYHQ/s16000/1644205542921793-0.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, orientation=upper-left, software=Google], baseline, precision 8, 150x151, components 3\012- data
Hash d36288da198cb56fe87c4fdb0babf128
c0855d620731a3a1b244aaf7b8346890920bb3e4
22ab13f26753d52b59f63515ae9adf01561c6aa2ad2667b66fff5b82881527de
GET /-GLfrQgx7GZQ/YgCV6LOxNkI/AAAAAAAAErM/ekZ9XtX_ZicE5rHaTZxMD9D0TSvg8wziACNcBGAsYHQ/s16000/1644205542921793-0.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v12b8"
expires: Mon, 26 Sep 2022 18:25:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="1644205542921793-0.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sun, 25 Sep 2022 18:25:18 GMT
server: fife
content-length: 18656
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-gbwRVVD7diU/YgIZoE_o2mI/AAAAAAAAEvk/6gOzmqRZ95UiRzjimdnTB-cwz2Li94LBgCNcBGAsYHQ/s16000/1644304799260782-3.png
200 OK 1.9 kB URL HTTP/2 1.bp.blogspot.com/-gbwRVVD7diU/YgIZoE_o2mI/AAAAAAAAEvk/6gOzmqRZ95UiRzjimdnTB-cwz2Li94LBgCNcBGAsYHQ/s16000/1644304799260782-3.png
IP
File type PNG image data, 350 x 251, 8-bit/color RGBA, non-interlaced\012- data
Hash 0570163a34e9d6ccdef684cee7c4e1e2
d58a40db2d1302bc6b9bd6c68e1d4450007bb996
d5aa220d54f54933c7b353974ab37dea02c3d7edafdc1e01faac02d596d872bf
GET /-gbwRVVD7diU/YgIZoE_o2mI/AAAAAAAAEvk/6gOzmqRZ95UiRzjimdnTB-cwz2Li94LBgCNcBGAsYHQ/s16000/1644304799260782-3.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v12fe"
expires: Mon, 26 Sep 2022 18:25:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="1644304799260782-3.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sun, 25 Sep 2022 18:25:18 GMT
server: fife
content-length: 1942
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash f027a38d7fb49bb6dc196176086c4ca2
db7fc9cd444aa8b2bdaed87902c6c6cdf1945946
3698f7925bccdbabfa059ea4898a4b01b786782e5c822181568af2f3e7013838
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3698F7925BCCDBABFA059EA4898A4B01B786782E5C822181568AF2F3E7013838"
Last-Modified: Sun, 25 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21495
Expires: Mon, 26 Sep 2022 00:23:33 GMT
Date: Sun, 25 Sep 2022 18:25:18 GMT
Connection: keep-alive
1.bp.blogspot.com/-k1WL1RJT65k/YgIZpahE9JI/AAAAAAAAEvs/SMhWVm22PfotaLZF4-Enz3UrZdCd7HKrwCNcBGAsYHQ/s16000/1644304804804359-1.png
200 OK 31 kB URL HTTP/2 1.bp.blogspot.com/-k1WL1RJT65k/YgIZpahE9JI/AAAAAAAAEvs/SMhWVm22PfotaLZF4-Enz3UrZdCd7HKrwCNcBGAsYHQ/s16000/1644304804804359-1.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 432x147, components 3\012- data
Hash 1d11cb67409b9712378ab434567c36a2
e4acfe1661363d0afd05a76ffb519509e43e1579
9829c59e71138c6e16c4430b43e6b3b342ba7d605169dae983ef1f83f0b203ba
GET /-k1WL1RJT65k/YgIZpahE9JI/AAAAAAAAEvs/SMhWVm22PfotaLZF4-Enz3UrZdCd7HKrwCNcBGAsYHQ/s16000/1644304804804359-1.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1300"
expires: Mon, 26 Sep 2022 18:25:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="1644304804804359-1.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sun, 25 Sep 2022 18:25:18 GMT
server: fife
content-length: 30558
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-jv16wVPFdoo/YgIZqOjoFWI/AAAAAAAAEvw/29M7OV-Crs83Mb-UOUR7SMUe4Kn60oEvQCNcBGAsYHQ/s16000/1644304807516156-0.png
200 OK 6.2 kB URL HTTP/2 1.bp.blogspot.com/-jv16wVPFdoo/YgIZqOjoFWI/AAAAAAAAEvw/29M7OV-Crs83Mb-UOUR7SMUe4Kn60oEvQCNcBGAsYHQ/s16000/1644304807516156-0.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 130x105, components 3\012- data
Hash e1e21bf6381e1a250526fe6474b88542
28a7a19245603786d95a30424290fba242f5c564
6aa8ca701c8f1c455fc9f51578f2b4781eb04743012024008f2aeca0f9a7ac2e
GET /-jv16wVPFdoo/YgIZqOjoFWI/AAAAAAAAEvw/29M7OV-Crs83Mb-UOUR7SMUe4Kn60oEvQCNcBGAsYHQ/s16000/1644304807516156-0.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1301"
expires: Mon, 26 Sep 2022 18:25:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="1644304807516156-0.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sun, 25 Sep 2022 18:25:18 GMT
server: fife
content-length: 6230
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-hVLBsZdPCZs/YgIZnc5LckI/AAAAAAAAEvg/amQUxRF_BFI0w5hujUZALnsg5mUuNYTswCNcBGAsYHQ/s16000/1644304796277915-4.png
200 OK 11 kB URL HTTP/2 1.bp.blogspot.com/-hVLBsZdPCZs/YgIZnc5LckI/AAAAAAAAEvg/amQUxRF_BFI0w5hujUZALnsg5mUuNYTswCNcBGAsYHQ/s16000/1644304796277915-4.png
IP
File type PNG image data, 350 x 251, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e69454389aad8bb14cf9b7d16ec9fbd
5ebb853c1e583d953d1261e3d9437bb676cda346
71deb7c40ac343eb457f14a6e45e6e073e860218ba5bc41c4796de30d234a61b
GET /-hVLBsZdPCZs/YgIZnc5LckI/AAAAAAAAEvg/amQUxRF_BFI0w5hujUZALnsg5mUuNYTswCNcBGAsYHQ/s16000/1644304796277915-4.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v12fd"
expires: Mon, 26 Sep 2022 18:25:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="1644304796277915-4.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sun, 25 Sep 2022 18:25:18 GMT
server: fife
content-length: 10914
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/--R25nG5PRDs/YgIZmgR-31I/AAAAAAAAEvc/wYdF2EkrECEhYqR4zydJhT1IqE7fvnQrQCNcBGAsYHQ/s16000/1644304793235087-5.png
200 OK 6.2 kB URL HTTP/2 1.bp.blogspot.com/--R25nG5PRDs/YgIZmgR-31I/AAAAAAAAEvc/wYdF2EkrECEhYqR4zydJhT1IqE7fvnQrQCNcBGAsYHQ/s16000/1644304793235087-5.png
IP
File type PNG image data, 350 x 251, 8-bit/color RGBA, non-interlaced\012- data
Hash 6c4f899b73ca68ab437f865b80db2b33
2a8f7b062cf2349ba44f95aebf243e0bf406fb8a
07b171389b5765bb3bcde68017f0f6c840ded5de4484febd0f0e7c0c88b29731
GET /--R25nG5PRDs/YgIZmgR-31I/AAAAAAAAEvc/wYdF2EkrECEhYqR4zydJhT1IqE7fvnQrQCNcBGAsYHQ/s16000/1644304793235087-5.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v12ff"
expires: Mon, 26 Sep 2022 18:25:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="1644304793235087-5.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sun, 25 Sep 2022 18:25:18 GMT
server: fife
content-length: 6215
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KLEvoCvpFED3jyzfPudsjw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: sLJLFjepOWI+h7kFzxFwNRmm5lc=
1.bp.blogspot.com/-5NGBmW7KW_o/YgIZlzZ4nrI/AAAAAAAAEvY/BBFV9l2QXn8bHzPx5EROx3-4Q6Cksx0TACNcBGAsYHQ/s16000/1644304790275271-6.png
200 OK 184 kB URL HTTP/2 1.bp.blogspot.com/-5NGBmW7KW_o/YgIZlzZ4nrI/AAAAAAAAEvY/BBFV9l2QXn8bHzPx5EROx3-4Q6Cksx0TACNcBGAsYHQ/s16000/1644304790275271-6.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 600x400, components 3\012- data
Size 184 kB (184283 bytes)
Hash 7a7939ecfa44bd283647e6031234e1b1
f7c57f1863df29466acf21b0773f28064b4f2682
2a87c65b50584ab151312f8c310572f6098ab2769733296e36b6c10c16e1292f
GET /-5NGBmW7KW_o/YgIZlzZ4nrI/AAAAAAAAEvY/BBFV9l2QXn8bHzPx5EROx3-4Q6Cksx0TACNcBGAsYHQ/s16000/1644304790275271-6.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v12fd"
expires: Mon, 26 Sep 2022 18:25:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="1644304790275271-6.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sun, 25 Sep 2022 18:25:18 GMT
server: fife
content-length: 184283
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1.bp.blogspot.com/-y5WpwRtx26w/YgCV3_1C0lI/AAAAAAAAErA/nJYh99QtmNQzWWD0yxX4PK-HP4xqgAFwwCNcBGAsYHQ/s16000/1644205534737924-3.png
200 OK 27 kB URL HTTP/2 1.bp.blogspot.com/-y5WpwRtx26w/YgCV3_1C0lI/AAAAAAAAErA/nJYh99QtmNQzWWD0yxX4PK-HP4xqgAFwwCNcBGAsYHQ/s16000/1644205534737924-3.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, orientation=upper-left, software=Google], baseline, precision 8, 150x150, components 3\012- data
Hash edc23094ba3f3fadf2621fb63377750e
3cee7aa0e34cc72334c11ebafef2f235d31d60a9
4de491d8171df540ef69d46d988536e5afdfce24423f49a607f161ea68cde9ac
GET /-y5WpwRtx26w/YgCV3_1C0lI/AAAAAAAAErA/nJYh99QtmNQzWWD0yxX4PK-HP4xqgAFwwCNcBGAsYHQ/s16000/1644205534737924-3.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="1644205534737924-3.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 26999
x-xss-protection: 0
date: Sun, 25 Sep 2022 18:25:19 GMT
expires: Sun, 25 Sep 2022 06:11:50 GMT
cache-control: public, max-age=86400, no-transform
etag: "v12b8"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
backupquest.top/kaspi/yuming.js?1664130317653&_=1664130317612
200 OK 194 B URL HTTP/1.1 backupquest.top/kaspi/yuming.js?1664130317653&_=1664130317612
IP
Hash ac8e42ccc679acc33523a4c49ef878a2
b16956fda0e7673ce42c4a580999b17c773bbb4a
1dd0f0711a5f7984395f4d84ab4cbea9ec0cebd94018c7c1fff7dfa523efd6a1
GET /kaspi/yuming.js?1664130317653&_=1664130317612 HTTP/1.1
Host: backupquest.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://backupquest.top/kaspi/
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 18:25:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 25 Feb 2022 20:16:56 GMT
ETag: W/"62193938-10c"
Expires: Mon, 26 Sep 2022 06:25:19 GMT
Cache-Control: max-age=43200
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NMPUTC8xRaQmTB9Rsfa2d4zyaoxJT54EzfX02%2B1It%2BqAMyuEyea8pknOKHTQCod5J%2FHnRKGJ8BUI6OgfeE13tHH8RxqzwTIPP47M2QittAgXKjIs2xc9cPfkmaqdau7pcOw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7505cd3eed330b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
backupquest.top/kaspi/static/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2.html
404 Not Found 146 B URL HTTP/1.1 backupquest.top/kaspi/static/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2.html
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /kaspi/static/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2.html HTTP/1.1
Host: backupquest.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://backupquest.top/kaspi/static/sur.css
HTTP/1.1 404 Not Found
Date: Sun, 25 Sep 2022 18:25:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eluT1%2Bgq1lgmcuYtDfoBjX3o4E%2Fay3F4rY9FS2ubEUqeAI4AYtjTBUvq1LZf5UfggXyxXBlSCN5pcoyqjMWRh78Azgut8UuxCRSr%2F9w0B8HWpBM%2Bt0TpRsZ1aoirrtHgfnY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7505cd3f0eaafac0-OSL
alt-svc: h2=":443"; ma=60
uprimp.com/bnr_xload.php?section=General&pub=995577&format=300x50&ga=g&xt=166413031837318&xtt=4537150
200 OK 103 B URL HTTP/2 uprimp.com/bnr_xload.php?section=General&pub=995577&format=300x50&ga=g&xt=166413031837318&xtt=4537150
IP
ASN #201702 skHosting.eu s.r.o.
File type gzip compressed data, from Unix\012- data
Hash 4e59f48081d871bfecb06832bfcb9aef
4be99b715e4c3f9f4e13c89d6dbce58901cf7128
8690df2a1a50352e71cf07e88bad444613e83b2cde8d36561d4cfe4cfed09787
GET /bnr_xload.php?section=General&pub=995577&format=300x50&ga=g&xt=166413031837318&xtt=4537150 HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 18:25:19 GMT
content-type: text/html; charset=UTF-8
expires: Sun, 25 Sep 2022 18:25:19 GMT
last-modified: Sun, 25 Sep 2022 18:25:19 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP
Hash 46b3278be063863bd7c885b28b753662
64dd1b7d3e45e1bf8b14533ad949ac0d285f7349
219c25d35f0fbfb66ea4a3732973f27b80a4b0b32f4b9463ebdd4b7e877fb9dd
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 18:25:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Thu, 29 Sep 2022 16:06:37 GMT
ETag: "64dd1b7d3e45e1bf8b14533ad949ac0d285f7349"
Last-Modified: Sun, 25 Sep 2022 16:06:38 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 330
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7505cd430b7f1c06-OSL
js.goodgoodstudy.biz/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
200 OK 21 kB URL HTTP/2 js.goodgoodstudy.biz/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js
IP
File type ASCII text, with very long lines (48058), with CRLF line terminators
Hash ee5c9165ad2636800ec33d2eeed3d411
4cbaad9a1b89031965a38b47f1734226a689d65a
ba86aa3095db62ae53dcdd036b2f7c125ef9a26ee0fc41d4defcbe6d7395b731
GET /npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js HTTP/1.1
Host: js.goodgoodstudy.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 18:25:19 GMT
content-type: application/javascript
last-modified: Wed, 14 Apr 2021 02:43:30 GMT
vary: Accept-Encoding
etag: W/"607656d2-11c3d"
expires: Mon, 26 Sep 2022 06:25:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zirWkTTmh2%2FOWET7hySHhT%2FEdaG%2BwU2rMzoYaL4pM2PNhp3YQGiF7lzYoLvaaQRMVxCaH5k7xhjQYgFIIAupVM2ObM4FrPLVpbxUs92BxSKta2n92KTfDldfklqG%2BGum6aDHLbDpLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7505cd39bd95b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-ECQ3BZLVQS>m=2oe9l0&_p=1601297113&cid=1976395155.1664130318&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664130317&sct=1&seg=0&dl=http%3A%2F%2Fbackupquest.top%2Fkaspi%2F&dt=%F0%9F%8E%89%E2%9D%A4%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8FKaspi%20Women%27s%20Day%20Gifts!Kaspi%20Women%27s%20Day%20Gifts!%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8F%E2%9D%A4%F0%9F%8E%8A&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-ECQ3BZLVQS>m=2oe9l0&_p=1601297113&cid=1976395155.1664130318&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664130317&sct=1&seg=0&dl=http%3A%2F%2Fbackupquest.top%2Fkaspi%2F&dt=%F0%9F%8E%89%E2%9D%A4%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8FKaspi%20Women%27s%20Day%20Gifts!Kaspi%20Women%27s%20Day%20Gifts!%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8F%E2%9D%A4%F0%9F%8E%8A&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-ECQ3BZLVQS>m=2oe9l0&_p=1601297113&cid=1976395155.1664130318&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664130317&sct=1&seg=0&dl=http%3A%2F%2Fbackupquest.top%2Fkaspi%2F&dt=%F0%9F%8E%89%E2%9D%A4%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8FKaspi%20Women%27s%20Day%20Gifts!Kaspi%20Women%27s%20Day%20Gifts!%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8F%E2%9D%A4%F0%9F%8E%8A&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://backupquest.top
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://backupquest.top
date: Sun, 25 Sep 2022 18:25:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7631
Expires: Sun, 25 Sep 2022 20:32:31 GMT
Date: Sun, 25 Sep 2022 18:25:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7631
Expires: Sun, 25 Sep 2022 20:32:31 GMT
Date: Sun, 25 Sep 2022 18:25:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7631
Expires: Sun, 25 Sep 2022 20:32:31 GMT
Date: Sun, 25 Sep 2022 18:25:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7631
Expires: Sun, 25 Sep 2022 20:32:31 GMT
Date: Sun, 25 Sep 2022 18:25:20 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5CzA52-o7GYViSJ4lna7ptv9dycJCUL-NLWOk-iCW-ZxDU_FQH_OoQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:51:18 GMT
age: 74042
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b4f012b-e562-4fc6-aab8-ec2ffc328b6d.jpeg
200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b4f012b-e562-4fc6-aab8-ec2ffc328b6d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9d59e1bbd58ff8c5fe5faecb58149601
ad7f5ed3a5f6923a0b1bb093bbc0f31a44fd0bcd
c16a2adaeaabbe45801ab5d12ceaeab587b525b4959933f53a9c8dcdb12aec68
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b4f012b-e562-4fc6-aab8-ec2ffc328b6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7757
x-amzn-requestid: 3092c81c-f703-403a-b718-e18f035f9464
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJQFUWIAMF7Pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-565f665c7e34294079703141;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hc0cpj1kMbAQqcM0ooSgEdS8nPP0m4FJD1bHdY7jN2OENNsJF_gluA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 08:16:33 GMT
age: 36527
etag: "ad7f5ed3a5f6923a0b1bb093bbc0f31a44fd0bcd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg
200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dfdacc8edea3c24dad020d7e9c11b3f4
2b6e37596e88b62f288dc8e8c937fd904fae28d5
338a44f3bcc01bdd197f037dd8f8bf58a18dea00127465488efe76fb72a6fdff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8914
x-amzn-requestid: 8cfdc32e-f04a-4fd6-a1f1-632934a682fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EUHqJoAMF7MQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7881-14a6d8ef126409964607e0aa;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kdF6En2vbJhRH1bkYMOuNm5XOIsT1qs3FE281N1SKn1FbyW-oNZsEw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:06 GMT
etag: "2b6e37596e88b62f288dc8e8c937fd904fae28d5"
content-type: image/jpeg
age: 74894
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
js.goodgoodstudy.biz/npm/lazyload@2.0.0-rc.2/lazyload.min.js
200 OK 8.2 kB URL HTTP/2 js.goodgoodstudy.biz/npm/lazyload@2.0.0-rc.2/lazyload.min.js
IP
File type ASCII text, with very long lines (4720), with CRLF line terminators
Hash 52b31b82c4d048ff0e84e5f1d3172aa4
b4cb42f42f4ffacb0218152027a263d93c7dd064
0a3c597f3f6c1b64a62a061b08ec98ffed4473623facbc6619c20b5ca3784fbd
GET /npm/lazyload@2.0.0-rc.2/lazyload.min.js HTTP/1.1
Host: js.goodgoodstudy.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 18:25:18 GMT
content-type: application/javascript
last-modified: Tue, 27 Jul 2021 04:19:04 GMT
vary: Accept-Encoding
etag: W/"60ff8938-12be"
expires: Mon, 26 Sep 2022 06:25:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UK3hLT9JqRXhARBpu%2BEYZkZq8v0iW7sIKakcIbEcJzS1g4a9HzBBX9FtDMa%2BMQxhqa7A4iT4VTkRUbjUf%2F%2B3tdPb6uU5I48IOpRyqwgFKR4QbyxBjIX0qDIcVWX7t8VXXG1zTuopoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7505cd39ddc7b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js.goodgoodstudy.biz/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
200 OK 28 kB URL HTTP/2 js.goodgoodstudy.biz/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js
IP
File type ASCII text, with very long lines (63188), with CRLF line terminators
Hash 10e528714f58957b4611d55eed52e347
64ed346c9eccbb8181f53d22ca670d946c56c2ad
0a52ba37f0534a965bd6f28ce39809382e128310c2db53c651f45b6b035269da
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.min.js HTTP/1.1
Host: js.goodgoodstudy.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 18:25:19 GMT
content-type: application/javascript
last-modified: Wed, 14 Apr 2021 02:49:20 GMT
vary: Accept-Encoding
etag: W/"60765830-f7f1"
expires: Mon, 26 Sep 2022 06:25:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eFi1ogeh35TPhi0dh9JlCaIMZEa%2B50jYnogrgQy6AlDgl%2BVqbH4O0Ojz5%2FqnDjF2RwqP34bcNwpAHvSZ5SHN7LpeFfe2uoRWG3kTE0N6oNqXjN71iAj4de3dNzvIinmRxfzYDuzRDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7505cd39bd9eb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7631
Expires: Sun, 25 Sep 2022 20:32:31 GMT
Date: Sun, 25 Sep 2022 18:25:20 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F742ed98b-b8fa-4199-984b-51f661ac6e89.jpeg
200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F742ed98b-b8fa-4199-984b-51f661ac6e89.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3f93f322ecd0244e7ee4169b200b50df
8db9c71402f2c8ceee047c56ca1a5e41c74f5cf3
2bb739a60a4581e554fb308be7df8b3d7f47e95051e5ef5e0d1d9ed0a0443b68
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F742ed98b-b8fa-4199-984b-51f661ac6e89.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4829
x-amzn-requestid: c283df3f-4198-47dd-9b24-634c425bccd6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2aA_HgFoAMF_tQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632c0a06-3881d661368a03ae48227b37;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 07:08:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3zDl5u8ndYwMQ2-4aH1sRDit8p-G3OK9bvGNj1hOab9dWo5389KPGg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 08:15:05 GMT
age: 36615
etag: "8db9c71402f2c8ceee047c56ca1a5e41c74f5cf3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?516cf1e28e72a8bbbc97f59281d9ee28
200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?516cf1e28e72a8bbbc97f59281d9ee28
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (667)
Hash ef36288626aa8f049ac95eebc48e773a
345bb581b83e6897bf0b6c31d17e3542c330f747
54946f38776e65dd3d5c6ab20d01b9c4f9ee44b35a514d5112c0b3d7032b5d36
GET /hm.js?516cf1e28e72a8bbbc97f59281d9ee28 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11380
Content-Type: application/javascript
Date: Sun, 25 Sep 2022 18:25:20 GMT
Etag: 59e3754ea2b0f4f1d4781cb57e955d66
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=4F78C68EC9F729F3; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.js?fe2131a30a7eef80970fad70159cd124
200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?fe2131a30a7eef80970fad70159cd124
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (694)
Hash f9f0d59a6582cc88ae330c9a3f323b46
63ec06b4a5941aee0b16add468c8b9bf36453859
3071a15d8dd9b6429c244452512be9b453b9e14c48113e76ac2e48e7da57f0ca
GET /hm.js?fe2131a30a7eef80970fad70159cd124 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11407
Content-Type: application/javascript
Date: Sun, 25 Sep 2022 18:25:20 GMT
Etag: a4a31d39610b1b77050b7ecd38187e96
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=B1AD457705F71AF1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=447197014&si=516cf1e28e72a8bbbc97f59281d9ee28&v=1.2.97&lv=1&sn=65&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fbackupquest.top%2Fkaspi%2F%231664130318155&tt=%F0%9F%8E%89%E2%9D%A4%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8FKaspi%20Women%27s%20Day%20Gifts!Kaspi%20Women%27s%20Day%20Gifts!%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8F%E2%9D%A4%F0%9F%8E%8A
200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=447197014&si=516cf1e28e72a8bbbc97f59281d9ee28&v=1.2.97&lv=1&sn=65&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fbackupquest.top%2Fkaspi%2F%231664130318155&tt=%F0%9F%8E%89%E2%9D%A4%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8FKaspi%20Women%27s%20Day%20Gifts!Kaspi%20Women%27s%20Day%20Gifts!%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8F%E2%9D%A4%F0%9F%8E%8A
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=447197014&si=516cf1e28e72a8bbbc97f59281d9ee28&v=1.2.97&lv=1&sn=65&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fbackupquest.top%2Fkaspi%2F%231664130318155&tt=%F0%9F%8E%89%E2%9D%A4%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8FKaspi%20Women%27s%20Day%20Gifts!Kaspi%20Women%27s%20Day%20Gifts!%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8F%E2%9D%A4%F0%9F%8E%8A HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 25 Sep 2022 18:25:21 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=04B0DCFFD23A5ED1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=491417794&si=fe2131a30a7eef80970fad70159cd124&v=1.2.97&lv=1&sn=65&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fbackupquest.top%2Fkaspi%2F%231664130318155&tt=%F0%9F%8E%89%E2%9D%A4%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8FKaspi%20Women%27s%20Day%20Gifts!Kaspi%20Women%27s%20Day%20Gifts!%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8F%E2%9D%A4%F0%9F%8E%8A
200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=491417794&si=fe2131a30a7eef80970fad70159cd124&v=1.2.97&lv=1&sn=65&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fbackupquest.top%2Fkaspi%2F%231664130318155&tt=%F0%9F%8E%89%E2%9D%A4%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8FKaspi%20Women%27s%20Day%20Gifts!Kaspi%20Women%27s%20Day%20Gifts!%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8F%E2%9D%A4%F0%9F%8E%8A
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=491417794&si=fe2131a30a7eef80970fad70159cd124&v=1.2.97&lv=1&sn=65&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fbackupquest.top%2Fkaspi%2F%231664130318155&tt=%F0%9F%8E%89%E2%9D%A4%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8FKaspi%20Women%27s%20Day%20Gifts!Kaspi%20Women%27s%20Day%20Gifts!%F0%9F%8F%A6%F0%9F%9B%8D%EF%B8%8F%E2%9D%A4%F0%9F%8E%8A HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sun, 25 Sep 2022 18:25:21 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=C2C2C5215959B392; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
benfly.net/c39aadb942/da1c750f07/?placementName=default&randomA=0_1064&maxw=0
200 OK 341 B URL HTTP/1.1 benfly.net/c39aadb942/da1c750f07/?placementName=default&randomA=0_1064&maxw=0
IP
ASN #201702 skHosting.eu s.r.o.
File type HTML document, ASCII text, with very long lines (412), with no line terminators
Hash 93e092722c121cfc824720afc8884270
4bd9a6f083a4734c4ba00ab75c028da85b51e444
92baaad3267495ea3e42db336d304cf9014ea1260caedbf3b657f9fca0f7d53b
GET /c39aadb942/da1c750f07/?placementName=default&randomA=0_1064&maxw=0 HTTP/1.1
Host: benfly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://backupquest.top/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Sep 2022 18:25:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: shown1=0; expires=Mon, 26-Sep-2022 18:25:21 GMT; Max-Age=86400; secure; SameSite=None
used_ad2725887=1; expires=Mon, 26-Sep-2022 03:59:59 GMT; Max-Age=34478; path=/; secure; SameSite=None
total_impressions=1; expires=Mon, 26-Sep-2022 03:59:59 GMT; Max-Age=34478; secure; SameSite=None
used_c_57381=1; expires=Mon, 26-Sep-2022 18:25:21 GMT; Max-Age=86400; path=/; secure; SameSite=None
Expires: Sun, 01 Jan 2014 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Robots-Tag: noindex,nofollow
Access-Control-Allow-Origin: *
Content-Encoding: gzip
aff-a.advertica-cdn.com/generic/8385_43002EN-DW21-300X50.gif
200 OK 7.2 kB URL HTTP/1.1 aff-a.advertica-cdn.com/generic/8385_43002EN-DW21-300X50.gif
IP
ASN #201702 skHosting.eu s.r.o.
File type GIF image data, version 89a, 300 x 50\012- data
Hash e5b945e62fb7a3bdbf6ff3828d7083de
a744d3f4f1be7bcab948023bf60b226d1fa00052
e9f879f35a88cfab58a6468b355b402459ea599467477ac053c638949d27d6bc
GET /generic/8385_43002EN-DW21-300X50.gif HTTP/1.1
Host: aff-a.advertica-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://benfly.net/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 25 Sep 2022 18:25:21 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 28 Dec 2020 14:27:49 GMT
Vary: Accept-Encoding
ETag: W/"5fe9eb65-1d15"
Expires: Tue, 25 Oct 2022 18:25:21 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Origin: *
X-Cache: HIT
X-Server: cdnbts
Content-Encoding: gzip
uprimp.com/bnr.php?section=General&pub=995577&format=300x50&ga=g
200 OK 0 B URL HTTP/2 uprimp.com/bnr.php?section=General&pub=995577&format=300x50&ga=g
IP
ASN #201702 skHosting.eu s.r.o.
GET /bnr.php?section=General&pub=995577&format=300x50&ga=g HTTP/1.1
Host: uprimp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 18:25:18 GMT
content-type: application/javascript
expires: Sun, 25 Sep 2022 18:25:18 GMT
last-modified: Sun, 25 Sep 2022 18:25:18 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
X-Firefox-Spdy: h2
js.goodgoodstudy.biz/npm/popper.js@1.16.1/dist/umd/popper.min.js
200 OK 0 B URL HTTP/2 js.goodgoodstudy.biz/npm/popper.js@1.16.1/dist/umd/popper.min.js
IP
GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1
Host: js.goodgoodstudy.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 18:25:18 GMT
content-type: application/javascript
last-modified: Fri, 16 Apr 2021 01:43:03 GMT
vary: Accept-Encoding
etag: W/"6078eba7-52f4"
expires: Mon, 26 Sep 2022 06:25:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oOludbPbkSWSHaEE7DDA6Wdm4xPa7v4WhHoD5249C8hVy7N41kPeoXGDonnT1TjjzX%2B9AWpLcakBtCajVH7SRsPF%2FTq2Yn%2FTF1apWzi7mo9n3AmRoXm7bGhohjzU3RXMTlhuwReXew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7505cd39ddd3b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js.goodgoodstudy.biz/npm/jquery@3.6.0/dist/jquery.min.js
200 OK 0 B URL HTTP/2 js.goodgoodstudy.biz/npm/jquery@3.6.0/dist/jquery.min.js
IP
GET /npm/jquery@3.6.0/dist/jquery.min.js HTTP/1.1
Host: js.goodgoodstudy.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 18:25:19 GMT
content-type: application/javascript
last-modified: Wed, 14 Apr 2021 06:26:22 GMT
vary: Accept-Encoding
etag: W/"60768b0e-15d9d"
expires: Mon, 26 Sep 2022 06:25:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VnTVXnjxslo%2BbkGc7w5jcAXKTtjIkNPzArV7KTFQNAwCpcjF8QY3gO10zYabTnCP5HPPkC8ZOFRO%2BrCaCn7nK3Fw7xQQblZNxaue29amTDfB1ry94sShqCyv3gExHq40WmVOwIDbcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7505cd39ddddb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js.goodgoodstudy.biz/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
200 OK 0 B URL HTTP/2 js.goodgoodstudy.biz/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP
GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: js.goodgoodstudy.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://backupquest.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 18:25:19 GMT
content-type: text/css
last-modified: Wed, 14 Apr 2021 02:50:45 GMT
vary: Accept-Encoding
etag: W/"60765885-27687"
expires: Mon, 26 Sep 2022 06:25:18 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oi2SrO8r2C6%2BD8VVNFAV%2BUyTK2m5oUAwuXkAmXUYUC4j8GSs4k%2F1GqESSbWU9lac8WSVpRKhxo%2FpnuJUOhIZ6G1vto73GTV4lxiJeBjnTxy4MJQ0ZEdIFVORbnWZR8DoxT7Iox4Jzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7505cd39cdb9b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
172.67.177.17
104.18.21.226
185.66.200.127
23.36.76.226
93.184.220.29
103.235.46.191