firefox.settings.services.mozilla.com/v1/
54.230.111.65200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.65:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -1JDGPCRVQRaZS5b1qk3qJLOwdThPNXjaLpxjhHXYD4tgm4J4VsgoQ==
Age: 61143
culoscolegiales.blogspot.ae/
142.250.74.161302 Moved Temporarily 182 B URL HTTP/1.1 culoscolegiales.blogspot.ae/
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash ba86080777621a09e19345ae0657a619
6365b74d454b822f518e075b647a28ac6a1fa78c
c553cc97c5a16ab3e5a9f95e91a94b8ee3ea590419cae83ceda54973e5f0e4dd
GET / HTTP/1.1
Host: culoscolegiales.blogspot.ae
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Location: http://culoscolegiales.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Thu, 06 Oct 2022 08:46:21 GMT
Expires: Thu, 06 Oct 2022 08:46:21 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 182
Server: GSE
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash eabb7d9ffae717f7305d63c057755470
3b7f0baccfdbb8d9ffefa4a2215d4d6094be454a
ab48f17e54075e1ecf034278e82bcacd2e3689773186cc84fba9b79aac907294
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AB48F17E54075E1ECF034278E82BCACD2E3689773186CC84FBA9B79AAC907294"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2385
Expires: Thu, 06 Oct 2022 09:26:06 GMT
Date: Thu, 06 Oct 2022 08:46:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a1073a68ed38c8e3575e889224db944c
ee2a7a3e2da77a8540131f9ffaa0a20d4dd486bd
a9fb1f7ade7c8a79d2ee83e9b7215e66dc89ac733b11079297a8f4b9aceae1f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9FB1F7ADE7C8A79D2EE83E9B7215E66DC89AC733B11079297A8F4B9ACEAE1F5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2331
Expires: Thu, 06 Oct 2022 09:25:12 GMT
Date: Thu, 06 Oct 2022 08:46:21 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: USZ0zjfb2ttTYGyBSQHUH6NbWlUiMtfR6T9+HY7yy2CvHtBx4BohIenycy6hVvTu24WKQPZHiLQ=
x-amz-request-id: HQXWDTGN30JHENZP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 06 Oct 2022 08:30:42 GMT
age: 939
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 08:46:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
culoscolegiales.blogspot.com/
142.250.74.161301 Moved Permanently 182 B URL HTTP/1.1 culoscolegiales.blogspot.com/
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 1e61deebc6777cc7ee9036eabf610baa
69b701f88e71b3ed86b3e3b77bf65afb19863d3e
7bffe114da3afb631758b46875535a559c4c1b063a135f9394a0d2206d35590c
GET / HTTP/1.1
Host: culoscolegiales.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://culoscolegiales.blogspot.com/
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Thu, 06 Oct 2022 08:46:21 GMT
Expires: Thu, 06 Oct 2022 08:46:21 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 182
Server: GSE
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 36b1ec1ebfdbe3367fc1fde546d47281
a12333d6fdf5f29a25fcac13b21e4a4f45ca5ba6
c95cde94d5b12b299aecb89ed8b9a8ad30e46e4704a30ab8329742a396e00090
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.65200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.65:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 06 Oct 2022 08:29:41 GMT
Expires: Thu, 06 Oct 2022 09:00:46 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: F9DzFoK85AgjGvNmrVrBjanbKjeaoSTe_HPAm7JWzJbg3QsX05eP8A==
Age: 1000
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1561c6be7c89d1357a80d12de47b6e74
9a705277922ecca583c867af58b3efce099f83bd
e33dc034dbf4b3b627cd3c1af2d942e2ca5704ec9a4aad5c46ad39eb070e82ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5033
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:22 GMT
Last-Modified: Thu, 06 Oct 2022 07:22:29 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 36b1ec1ebfdbe3367fc1fde546d47281
a12333d6fdf5f29a25fcac13b21e4a4f45ca5ba6
c95cde94d5b12b299aecb89ed8b9a8ad30e46e4704a30ab8329742a396e00090
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
culoscolegiales.blogspot.com/
142.250.74.161200 OK 26 kB URL HTTP/2 culoscolegiales.blogspot.com/
IP 142.250.74.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1573)
Hash 0700e61740f9aeeb7b999f917e488e7e
9a21921950dbbf62cafce9ad388381b02de3b1d0
2da453d4c6075c94b11f5709c101eaeb19a33f84f7f0e342948002f9557d9d1a
GET / HTTP/1.1
Host: culoscolegiales.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Thu, 06 Oct 2022 08:46:21 GMT
date: Thu, 06 Oct 2022 08:46:21 GMT
cache-control: private, max-age=0
last-modified: Thu, 06 Oct 2022 05:49:07 GMT
etag: W/"e1db82d7405c220e5d164f425213f874b0d50c7a9d7e8b04b9909d77c4ea27cb"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 25937
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 29305d430d4a98929d99f493c8fa0e09
37e64cc35bce4869f3573c565fdd177dc4e128c0
0557db8eed6f9f794247c44d8b7a8cd99caf6716cc48932ce3b3c1d907493869
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
216.58.207.201200 OK 7.8 kB URL HTTP/2 www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
IP 216.58.207.201:0
File type ASCII text, with very long lines (35959)
Hash 5aa2d3297bdc86bc81322aedecbb5e79
1c0a3c007e41726e167e79b70ddea76198650884
feae1fac625d0f30b5f10fa00b62df1a5600cd2178062c427e55f289b29cc630
GET /static/v1/widgets/2975350028-css_bundle_v2.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7776
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 16:35:40 GMT
expires: Thu, 05 Oct 2023 16:35:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 04 Oct 2022 18:55:46 GMT
content-type: text/css
age: 58242
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 047374e90c9a1e02eb7294c0a9a316a2
3d043355314c0c408f547f1faafd3acd6d481f63
e01b0fb379931c35fd707f8cc75e2d6079f77fd5174c30b75934e130d68ed2a5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/829820975-widgets.js
216.58.207.201200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/829820975-widgets.js
IP 216.58.207.201:0
File type ASCII text, with very long lines (2221)
Hash b18547f3bc01f36c7dd3a6b6082feeb0
ca60d4a2bcd171bfe918249742cfde4223f0ba00
7666d4f1e68fda03543de42ac22d422822013499d6937cc08ae884bfdef3688b
GET /static/v1/widgets/829820975-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56806
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 02:07:50 GMT
expires: Thu, 05 Oct 2023 02:07:50 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 05 Oct 2022 00:52:39 GMT
content-type: text/javascript
age: 110312
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
apis.google.com/js/platform.js
142.250.74.174200 OK 20 kB URL HTTP/2 apis.google.com/js/platform.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1277)
Hash b5a31516be83fe4f962609045d824f88
939a49a9858bf23561279f9ca2d1941d3256c66f
edb661aa461800e97e3847608a8b2d81cfe345f69a6f84abaa001d8a60500328
GET /js/platform.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20361
date: Thu, 06 Oct 2022 08:46:22 GMT
expires: Thu, 06 Oct 2022 08:46:22 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "40c22a9ccbd70870"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/img/icon18_edit_allbkg.gif
216.58.207.201200 OK 162 B URL HTTP/2 resources.blogblog.com/img/icon18_edit_allbkg.gif
IP 216.58.207.201:0
File type GIF image data, version 89a, 18 x 18\012- data
Hash c991641178ff05adf0d004298b5eafa9
d8f6ce8ecd92b86d49849360f6b81ceb10b4c941
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
GET /img/icon18_edit_allbkg.gif HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 162
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:57:04 GMT
expires: Wed, 12 Oct 2022 19:57:04 GMT
cache-control: public, max-age=604800
last-modified: Wed, 05 Oct 2022 12:00:16 GMT
content-type: image/gif
age: 46158
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 58ac1b886710ef98c8b70a37dcc2b855
ed76f180385d65285525c3426857e1880e2817c8
7fd9a97b66875a6c87413705781a8800ab15e8faaeb821364914ca2d0dd9c890
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 58ac1b886710ef98c8b70a37dcc2b855
ed76f180385d65285525c3426857e1880e2817c8
7fd9a97b66875a6c87413705781a8800ab15e8faaeb821364914ca2d0dd9c890
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 58ac1b886710ef98c8b70a37dcc2b855
ed76f180385d65285525c3426857e1880e2817c8
7fd9a97b66875a6c87413705781a8800ab15e8faaeb821364914ca2d0dd9c890
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 58ac1b886710ef98c8b70a37dcc2b855
ed76f180385d65285525c3426857e1880e2817c8
7fd9a97b66875a6c87413705781a8800ab15e8faaeb821364914ca2d0dd9c890
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs
142.250.74.174200 OK 58 kB URL HTTP/2 apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs
IP 142.250.74.174:0
File type ASCII text, with very long lines (580)
Hash d70fcc84d705c565b31a5835c0938d5b
d28e5dc9fcc6239d67986df3205468072023d2d7
1d558c94793446aa6a7832dde0c39ed7d9c77fd963ffb738c460e4f7369a7f4e
GET /_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 57995
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 07:25:42 GMT
expires: Mon, 02 Oct 2023 07:25:42 GMT
cache-control: public, max-age=31536000
age: 350440
last-modified: Sat, 30 Jul 2022 15:17:53 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/img/share_buttons_20_3.png
216.58.207.201200 OK 5.1 kB URL HTTP/2 www.blogger.com/img/share_buttons_20_3.png
IP 216.58.207.201:0
File type PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash ad9999106d5f550920b586e8e1704e5a
93fd02c51166402a41f96509cd0ca3fb917877dd
3829a5b2ade7cfc416c80b8f3df71e49e68672875f025d525223978f5cee3fd3
GET /img/share_buttons_20_3.png HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 5080
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 20:46:12 GMT
expires: Wed, 12 Oct 2022 20:46:12 GMT
cache-control: public, max-age=604800
last-modified: Wed, 05 Oct 2022 00:52:39 GMT
content-type: image/png
age: 43210
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
resources.blogblog.com/blogblog/data/1kt/travel/bg_black_70.png
216.58.207.201200 OK 84 B URL HTTP/2 resources.blogblog.com/blogblog/data/1kt/travel/bg_black_70.png
IP 216.58.207.201:0
File type PNG image data, 5 x 5, 8-bit/color RGBA, interlaced\012- data
Hash 4fc6c14642616095c0b1c90baa826951
25cacf250fad4290661fe8849069769f4eb40aba
4f01951293a11116b89b6e19f70cb9b72b2e3a68b2005c75d1d9b8e7b85eb35a
GET /blogblog/data/1kt/travel/bg_black_70.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 84
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 21:45:24 GMT
expires: Wed, 12 Oct 2022 21:45:24 GMT
cache-control: public, max-age=604800
last-modified: Wed, 05 Oct 2022 17:03:17 GMT
content-type: image/png
age: 39658
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.189.157.130101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.157.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /2ixOtDaluXk0ZwHKBIJQQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mfuqUSafzpaiMf5cJ/0BkNbXxQg=
resources.blogblog.com/blogblog/data/1kt/travel/bg_black_50.png
216.58.207.201200 OK 83 B URL HTTP/2 resources.blogblog.com/blogblog/data/1kt/travel/bg_black_50.png
IP 216.58.207.201:0
File type PNG image data, 5 x 5, 8-bit/color RGBA, interlaced\012- data
Hash f7417b83fa976977f788364905aa5dd7
a6ede06565a88ef03ca33ad1b40a3c43e6c7f91f
8ad5d8cd8999e56275e12e5a5325b108bd15146fefe072af726fffecfe6ab862
GET /blogblog/data/1kt/travel/bg_black_50.png HTTP/1.1
Host: resources.blogblog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 83
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 17:39:44 GMT
expires: Wed, 12 Oct 2022 17:39:44 GMT
cache-control: public, max-age=604800
last-modified: Wed, 05 Oct 2022 10:47:45 GMT
content-type: image/png
age: 54398
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f9371f81e2eeeead7fe351a49f3b1c40
ae23d6c6c57dd7cf568c3a74594c377b7bb7df43
03c4ba0faa3199d061d1bb37df5d48ba6d81f77a83e243922075efc4d4acf456
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lh3.googleusercontent.com/blogger_img_proxy/ANbyha2vVEcBk1sh0oV2l7Xh1rpzvA5FW9_MH68Xl3lm6kStbuptqhUrJK79Ai5rGQAAi-gTygm5Aqtjgue3sGZGHs9V9xVmLOWT=s0-d
142.250.74.1200 OK 84 B URL HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/ANbyha2vVEcBk1sh0oV2l7Xh1rpzvA5FW9_MH68Xl3lm6kStbuptqhUrJK79Ai5rGQAAi-gTygm5Aqtjgue3sGZGHs9V9xVmLOWT=s0-d
IP 142.250.74.1:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash e12732f918e55a0732791ae45b5127ff
b23363d05af1da92755182795ca4aa3a88b65b3c
79723f3671d92fd798958f1190531681124cee91ac36ec9e795a69a99668510c
GET /blogger_img_proxy/ANbyha2vVEcBk1sh0oV2l7Xh1rpzvA5FW9_MH68Xl3lm6kStbuptqhUrJK79Ai5rGQAAi-gTygm5Aqtjgue3sGZGHs9V9xVmLOWT=s0-d HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: attachment;filename="unnamed.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 84
x-xss-protection: 0
date: Thu, 06 Oct 2022 08:12:43 GMT
expires: Fri, 07 Oct 2022 08:12:43 GMT
cache-control: public, max-age=86400, no-transform
content-type: image/png
age: 2019
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6c23d9e67394a07a0e6739f15bbb4da6
300223a40a6e04e01bc59585b83aa1ef847c2ee4
37241ae3a733b19d93e78c58aca4a5e6bdd8cb559e4a1a8eb570732f9684fb16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "37241AE3A733B19D93E78C58ACA4A5E6BDD8CB559E4A1A8EB570732F9684FB16"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6729
Expires: Thu, 06 Oct 2022 10:38:31 GMT
Date: Thu, 06 Oct 2022 08:46:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6c23d9e67394a07a0e6739f15bbb4da6
300223a40a6e04e01bc59585b83aa1ef847c2ee4
37241ae3a733b19d93e78c58aca4a5e6bdd8cb559e4a1a8eb570732f9684fb16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "37241AE3A733B19D93E78C58ACA4A5E6BDD8CB559E4A1A8EB570732F9684FB16"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6729
Expires: Thu, 06 Oct 2022 10:38:31 GMT
Date: Thu, 06 Oct 2022 08:46:22 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 58ac1b886710ef98c8b70a37dcc2b855
ed76f180385d65285525c3426857e1880e2817c8
7fd9a97b66875a6c87413705781a8800ab15e8faaeb821364914ca2d0dd9c890
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eac86f868b3967f1946c7f5fc712b25f
e2ae8eb09715a0af0791c085eb35bf66e0548e30
bceb14e7a478c0e34a0f1d8286eb954566c62051e996bc36189de922a76a6e06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/google_top_exp.js
142.250.74.2200 OK 67 B URL HTTP/2 pagead2.googlesyndication.com/pagead/js/google_top_exp.js
IP 142.250.74.2:0
Hash 9bbc3ca32ec951a484589ce0e6b4db73
753d6f6183b33b2dee5dde2208fca91c17f5bb13
b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
GET /pagead/js/google_top_exp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 67
x-xss-protection: 0
date: Wed, 05 Oct 2022 20:43:04 GMT
expires: Wed, 19 Oct 2022 20:43:04 GMT
cache-control: public, max-age=1209600
age: 43398
etag: 13036835877489095579
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eac86f868b3967f1946c7f5fc712b25f
e2ae8eb09715a0af0791c085eb35bf66e0548e30
bceb14e7a478c0e34a0f1d8286eb954566c62051e996bc36189de922a76a6e06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69013194a3c96cc3cd4c579abc6c9ba7
2d3621e636b7cd120c2f16a720e390fac8373563
be37d01f0b57b90b8d1260148ce2335230468131bc1036cce059b319542bff01
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BE37D01F0B57B90B8D1260148CE2335230468131BC1036CCE059B319542BFF01"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3559
Expires: Thu, 06 Oct 2022 09:45:41 GMT
Date: Thu, 06 Oct 2022 08:46:22 GMT
Connection: keep-alive
blogger.googleusercontent.com/img/a/AVvXsEgKpWIcmxUuh-9P4GW9mgqTRIZIKrFi09EZny2tJw36oJzivz6jE7Zk5obvz2uoX3iHpb_TgVSKxnvz7rZX3gVGFv3kw9nhH_FsPnYyMR-9OV5WGnaUmD6onF2QPq79eMvYKUDp72CnTfjEXNWJyi0fBFNcodCekJMk1fL0di1RMotczkg4Eil0q1M3-A=s320
142.250.74.1200 OK 64 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEgKpWIcmxUuh-9P4GW9mgqTRIZIKrFi09EZny2tJw36oJzivz6jE7Zk5obvz2uoX3iHpb_TgVSKxnvz7rZX3gVGFv3kw9nhH_FsPnYyMR-9OV5WGnaUmD6onF2QPq79eMvYKUDp72CnTfjEXNWJyi0fBFNcodCekJMk1fL0di1RMotczkg4Eil0q1M3-A=s320
IP 142.250.74.1:0
File type PNG image data, 320 x 180, 8-bit/color RGB, non-interlaced\012- data
Hash 3d9ca2aa3c3fbfe4d72e5f2bf79d5062
54620b2c23101449620472651544a88fdf168a4a
b22080e4c5594af0061d70d735a77db344eb3d2dc8d97a31716fc73d0a9d54f8
GET /img/a/AVvXsEgKpWIcmxUuh-9P4GW9mgqTRIZIKrFi09EZny2tJw36oJzivz6jE7Zk5obvz2uoX3iHpb_TgVSKxnvz7rZX3gVGFv3kw9nhH_FsPnYyMR-9OV5WGnaUmD6onF2QPq79eMvYKUDp72CnTfjEXNWJyi0fBFNcodCekJMk1fL0di1RMotczkg4Eil0q1M3-A=s320 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "vff0"
expires: Fri, 07 Oct 2022 08:46:22 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="descarga.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Thu, 06 Oct 2022 08:46:22 GMT
server: fife
content-length: 63567
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEgEBWbecJ2DaKl5ZAHsKOS3_STorSQWiZvxsgU_1XxIozljKd2_m4tIDTtc4TqTFL1y4HZcUb1s5OFlVEa8gF57NbjT6GLXLD7yKA_WI4d2SbR4_zBxHVSmWibJcjrCPpFDXahLa_WSq_6Zdm2CFgUCNOO-gC5L-Cj_6IHyFanFeKwaTf255v18FMGK=s72-c
142.250.74.1200 OK 2.2 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEgEBWbecJ2DaKl5ZAHsKOS3_STorSQWiZvxsgU_1XxIozljKd2_m4tIDTtc4TqTFL1y4HZcUb1s5OFlVEa8gF57NbjT6GLXLD7yKA_WI4d2SbR4_zBxHVSmWibJcjrCPpFDXahLa_WSq_6Zdm2CFgUCNOO-gC5L-Cj_6IHyFanFeKwaTf255v18FMGK=s72-c
IP 142.250.74.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash bf9c3c2eed145cdf0f83e32b08aaed12
615c69e7eeb720dc6d0806daa29e61519e4d4c5b
0a7934da11743792463a14b9474e543de307a9dc2059c2bfbb17590ea9df4ff7
GET /img/a/AVvXsEgEBWbecJ2DaKl5ZAHsKOS3_STorSQWiZvxsgU_1XxIozljKd2_m4tIDTtc4TqTFL1y4HZcUb1s5OFlVEa8gF57NbjT6GLXLD7yKA_WI4d2SbR4_zBxHVSmWibJcjrCPpFDXahLa_WSq_6Zdm2CFgUCNOO-gC5L-Cj_6IHyFanFeKwaTf255v18FMGK=s72-c HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v3a1"
expires: Fri, 07 Oct 2022 08:46:22 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="15728972509bl2h-640x480-3.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Thu, 06 Oct 2022 08:46:22 GMT
server: fife
content-length: 2239
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEj4r3p2n149PwRZRgJx0ZV1s5cXTYdKlpjY7-OtmosjCaEwa1ChTlsffvQ6NuZvo7oda2CIVZTKrf5au8_3_7I8z6QTsTZcd3JAWnX9lfyUjEK91puFJft4It4E_M8xQIR1qidZuVvhFv8QJ9orLZJVPi0t2vvN_oqKIhwBm4NNH8lGkxC_WneFvQeq=s72-c
142.250.74.1200 OK 2.2 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEj4r3p2n149PwRZRgJx0ZV1s5cXTYdKlpjY7-OtmosjCaEwa1ChTlsffvQ6NuZvo7oda2CIVZTKrf5au8_3_7I8z6QTsTZcd3JAWnX9lfyUjEK91puFJft4It4E_M8xQIR1qidZuVvhFv8QJ9orLZJVPi0t2vvN_oqKIhwBm4NNH8lGkxC_WneFvQeq=s72-c
IP 142.250.74.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash badf27802f96636522912dbc5fbc70f2
c71f104210deac7268b7aa7cd2293266d1332540
3758eba9ae45dd85d16b540825579cf11fd864d7b9e36f5d4dbf333377bcd8a8
GET /img/a/AVvXsEj4r3p2n149PwRZRgJx0ZV1s5cXTYdKlpjY7-OtmosjCaEwa1ChTlsffvQ6NuZvo7oda2CIVZTKrf5au8_3_7I8z6QTsTZcd3JAWnX9lfyUjEK91puFJft4It4E_M8xQIR1qidZuVvhFv8QJ9orLZJVPi0t2vvN_oqKIhwBm4NNH8lGkxC_WneFvQeq=s72-c HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v3a7"
expires: Fri, 07 Oct 2022 08:46:22 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Screenshot_2022-03-08-19-27-28-782_com.miui.videoplayer.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Thu, 06 Oct 2022 08:46:22 GMT
server: fife
content-length: 2218
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEgKpWIcmxUuh-9P4GW9mgqTRIZIKrFi09EZny2tJw36oJzivz6jE7Zk5obvz2uoX3iHpb_TgVSKxnvz7rZX3gVGFv3kw9nhH_FsPnYyMR-9OV5WGnaUmD6onF2QPq79eMvYKUDp72CnTfjEXNWJyi0fBFNcodCekJMk1fL0di1RMotczkg4Eil0q1M3-A=w72-h72-p-k-no-nu
142.250.74.1200 OK 10 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEgKpWIcmxUuh-9P4GW9mgqTRIZIKrFi09EZny2tJw36oJzivz6jE7Zk5obvz2uoX3iHpb_TgVSKxnvz7rZX3gVGFv3kw9nhH_FsPnYyMR-9OV5WGnaUmD6onF2QPq79eMvYKUDp72CnTfjEXNWJyi0fBFNcodCekJMk1fL0di1RMotczkg4Eil0q1M3-A=w72-h72-p-k-no-nu
IP 142.250.74.1:0
File type PNG image data, 72 x 72, 8-bit/color RGB, non-interlaced\012- data
Hash ff8145830e8c571a01e9b20939cad914
c9f6a40e12bd15c34b5fc27d0141cb323a92eecb
b10c3dea34feb1430d0ec59d4f436d9943bf6816fad339f40e3ac73272792d91
GET /img/a/AVvXsEgKpWIcmxUuh-9P4GW9mgqTRIZIKrFi09EZny2tJw36oJzivz6jE7Zk5obvz2uoX3iHpb_TgVSKxnvz7rZX3gVGFv3kw9nhH_FsPnYyMR-9OV5WGnaUmD6onF2QPq79eMvYKUDp72CnTfjEXNWJyi0fBFNcodCekJMk1fL0di1RMotczkg4Eil0q1M3-A=w72-h72-p-k-no-nu HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "vff0"
expires: Fri, 07 Oct 2022 08:46:22 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="descarga.png"
content-type: image/png
vary: Origin
x-content-type-options: nosniff
date: Thu, 06 Oct 2022 08:46:22 GMT
server: fife
content-length: 10012
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/blogin.g?blogspotURL=https://culoscolegiales.blogspot.com/&type=blog
216.58.207.201302 Found 282 B URL HTTP/2 www.blogger.com/blogin.g?blogspotURL=https://culoscolegiales.blogspot.com/&type=blog
IP 216.58.207.201:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (354)
Hash a0e4484f9d31d83a3536d8c86fa46225
ca35e37328ba430419c2d942eacc98082e4b5371
29e4a5b57a9c1360f46cca333ce3476cec0a6a039dfcaba5c2242c42e50d1103
GET /blogin.g?blogspotURL=https://culoscolegiales.blogspot.com/&type=blog HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
location: https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://culoscolegiales.blogspot.com/%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://culoscolegiales.blogspot.com/%26type%3Dblog%26bpli%3D1&go=true
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Thu, 06 Oct 2022 08:46:22 GMT
expires: Thu, 06 Oct 2022 08:46:22 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 282
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.blogger.com/dyn-css/authorization.css?targetBlogID=1769144491528371542&zx=f1ec28c8-0a30-45f3-b50f-a765d85c1c4f
216.58.207.201200 OK 21 B URL HTTP/2 www.blogger.com/dyn-css/authorization.css?targetBlogID=1769144491528371542&zx=f1ec28c8-0a30-45f3-b50f-a765d85c1c4f
IP 216.58.207.201:0
File type very short file (no magic)
Hash a62e4d501434033d5d177e67d3aafdd0
34f7300c9ed47334cf10826d57af785321e3138b
b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
GET /dyn-css/authorization.css?targetBlogID=1769144491528371542&zx=f1ec28c8-0a30-45f3-b50f-a765d85c1c4f HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 06 Oct 2022 08:46:22 GMT
last-modified: Thu, 06 Oct 2022 08:46:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEi-E9h5J8Wpg23lKPBmDWfknzg7VA_mkPM_hcRJtLOmu6jOLZkyt8KyN4coQ0gl8VSw9Q9f5Q61CpTmvUL1d1grwpGZ4UxnSG7XWJl7UOCqWNZap3Nz4nGPVZWj5OdkPbQbuipwTZXByGdpnkE-T-a2PCU_fknpvx35yATRAE9RFHYD7ZqCWFZUVkKH=s72-c
142.250.74.1200 OK 2.3 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEi-E9h5J8Wpg23lKPBmDWfknzg7VA_mkPM_hcRJtLOmu6jOLZkyt8KyN4coQ0gl8VSw9Q9f5Q61CpTmvUL1d1grwpGZ4UxnSG7XWJl7UOCqWNZap3Nz4nGPVZWj5OdkPbQbuipwTZXByGdpnkE-T-a2PCU_fknpvx35yATRAE9RFHYD7ZqCWFZUVkKH=s72-c
IP 142.250.74.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash 0c87a2fbb4ee91f79eb5f799d17a2768
186b257b3466ce38766f7a9c8c991f79e721eb02
86e22909a78456dd4382a3564886436dab06c82cab8fd2797b291b605064e111
GET /img/a/AVvXsEi-E9h5J8Wpg23lKPBmDWfknzg7VA_mkPM_hcRJtLOmu6jOLZkyt8KyN4coQ0gl8VSw9Q9f5Q61CpTmvUL1d1grwpGZ4UxnSG7XWJl7UOCqWNZap3Nz4nGPVZWj5OdkPbQbuipwTZXByGdpnkE-T-a2PCU_fknpvx35yATRAE9RFHYD7ZqCWFZUVkKH=s72-c HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v3a3"
expires: Fri, 07 Oct 2022 08:46:22 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="1572897325ziw9f-640x480-5.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Thu, 06 Oct 2022 08:46:22 GMT
server: fife
content-length: 2282
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEjDyNwj7jrCDjHmgnDDTxJpforkAQXM0uBO0YFRQa8JQb8sN5KP_jTRX9z42_9V4mA-CfK-9xtpR587FKzXFXw5cD5D-g9OD_75-vAM-YNQBMJmciqcMilYQg3jRlLRIfEsMh0qapAt08zrB7fyPF7UszIPCWQqdB7WkExLI9KQnJwMxN_jtyKEI2tHxg=s72-c
142.250.74.1200 OK 2.4 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEjDyNwj7jrCDjHmgnDDTxJpforkAQXM0uBO0YFRQa8JQb8sN5KP_jTRX9z42_9V4mA-CfK-9xtpR587FKzXFXw5cD5D-g9OD_75-vAM-YNQBMJmciqcMilYQg3jRlLRIfEsMh0qapAt08zrB7fyPF7UszIPCWQqdB7WkExLI9KQnJwMxN_jtyKEI2tHxg=s72-c
IP 142.250.74.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash f49e354dbbe1f994e753c0f6a011cd73
25312bc312bc4e1f69207757f3bca740b67429a7
4e2289b479d6a73bb4e19df5be77bf23ab643bfac1d8a8f08f03318fc0ef1539
GET /img/a/AVvXsEjDyNwj7jrCDjHmgnDDTxJpforkAQXM0uBO0YFRQa8JQb8sN5KP_jTRX9z42_9V4mA-CfK-9xtpR587FKzXFXw5cD5D-g9OD_75-vAM-YNQBMJmciqcMilYQg3jRlLRIfEsMh0qapAt08zrB7fyPF7UszIPCWQqdB7WkExLI9KQnJwMxN_jtyKEI2tHxg=s72-c HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v3a9"
expires: Fri, 07 Oct 2022 08:46:22 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="IMG_20220308_193818.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Thu, 06 Oct 2022 08:46:22 GMT
server: fife
content-length: 2367
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
blogger.googleusercontent.com/img/a/AVvXsEgTuHj6wNyGQ5Hsy56uKj-cT99y1l7fhQ0yCtMUtPDd_AMYmcc7QSTr2LxKLjTiJyEymd33_-l3vaUTW5Oz0M2pTBbWQMZH0SwEMvrpl6X977bCB_12zE2E0SR23Ym9Azz66W4yG6-5vRU6voVExm6QlWwZUT17wwZN-DuweEJm8G8wclWeKn1ZQk8gXQ=s72-c
142.250.74.1200 OK 2.6 kB URL HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEgTuHj6wNyGQ5Hsy56uKj-cT99y1l7fhQ0yCtMUtPDd_AMYmcc7QSTr2LxKLjTiJyEymd33_-l3vaUTW5Oz0M2pTBbWQMZH0SwEMvrpl6X977bCB_12zE2E0SR23Ym9Azz66W4yG6-5vRU6voVExm6QlWwZUT17wwZN-DuweEJm8G8wclWeKn1ZQk8gXQ=s72-c
IP 142.250.74.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Hash c8e98b4d4f40e5b817d41be46dd02160
168b2142812267d55c90e750b220ff664822a46c
242949c57f441516251191214630cf2f7473c937d0b680926d3cee9cad099335
GET /img/a/AVvXsEgTuHj6wNyGQ5Hsy56uKj-cT99y1l7fhQ0yCtMUtPDd_AMYmcc7QSTr2LxKLjTiJyEymd33_-l3vaUTW5Oz0M2pTBbWQMZH0SwEMvrpl6X977bCB_12zE2E0SR23Ym9Azz66W4yG6-5vRU6voVExm6QlWwZUT17wwZN-DuweEJm8G8wclWeKn1ZQk8gXQ=s72-c HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v39f"
expires: Fri, 07 Oct 2022 08:46:22 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="1573591329e9vjf-640x480-2.jpg"
content-type: image/jpeg
vary: Origin
x-content-type-options: nosniff
date: Thu, 06 Oct 2022 08:46:22 GMT
server: fife
content-length: 2569
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 075c0849a5739bda75763e3740fd5079
c59fbd5865bacc3857fcdfae28c7eaaa7ca1972b
24b54121bcf5221650c3127ee28ef7f92524d391f75639c1ad25d678e7a99d2a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://culoscolegiales.blogspot.com/%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://culoscolegiales.blogspot.com/%26type%3Dblog%26bpli%3D1&go=true
216.58.207.237302 Found 232 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://culoscolegiales.blogspot.com/%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://culoscolegiales.blogspot.com/%26type%3Dblog%26bpli%3D1&go=true
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 366fe9288fe050c2d8a62c84e4c02437
a12d8a9cc348f47b1e6b6d0ef2a610773bdad152
fa6f038a77b755c13164bff7edd639651a924bdebebadec5ecedc151030cc972
GET /ServiceLogin?passive=true&continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://culoscolegiales.blogspot.com/%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://culoscolegiales.blogspot.com/%26type%3Dblog%26bpli%3D1&go=true HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://culoscolegiales.blogspot.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 06 Oct 2022 08:46:23 GMT
location: https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&type=blog&bpli=1
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce--p_kxQU3yXVpbHCKIAKrTQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 232
server: GSE
set-cookie: __Host-GAPS=1:u0cdBaeAz4LH8uo8TKSpfjfjbEXcgA:X5-_C_umyGPOWGMH;Path=/;Expires=Sat, 05-Oct-2024 08:46:23 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 281 B IP 104.18.32.68:0
Hash 657d92af47f407aa6cc3e08da2abea33
387486c88a9b8c8505cb10fd315b2364559cc9e5
e0a15447d4e6fafcdeb3044e55c341e65fe6fd7645da21c7a2d32b0492a51530
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:23 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Tue, 04 Oct 2022 01:05:14 GMT
Expires: Tue, 11 Oct 2022 01:05:13 GMT
Etag: "387486c88a9b8c8505cb10fd315b2364559cc9e5"
Cache-Control: max-age=403729,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 755d20520accb4fa-OSL
hqq.to/cdn-cgi/trace
190.115.19.71404 Not Found 3.2 kB IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 83ad159d12561d94bb058b907f8e62b2
7c254aefdd8abdf03c390b50f68a9c5a0d9131eb
f0bb83a0960b58abd29a2b5e5007f33ce423630b176b789ced2a9727b4810e58
GET /cdn-cgi/trace HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://hqq.to/e/NFdaMGxSdE5DNTJHSzVublgyZzFVQT09
Cookie: uid=1g20I_goZPb*FjkfMigtxFUZ4sJ4*o9I
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: ddos-guard
set-cookie: __ddg1_=IGXdWESxrdgPh5uK1r3u; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:22 GMT
date: Thu, 06 Oct 2022 08:46:22 GMT
content-type: text/html; charset=UTF-8
x-origin-location: /
x-cache-status-inferno: MISS
x-inferno-location: /
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 29b8791ddb85f0c48ff80d93ea64387b
717490e133424d9552eebc9a9bf97e6159fc3182
945392d23eb59582ac7b133c1f3d503f38122e8f69ca9649c02377807208582b
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:23 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Mon, 10 Oct 2022 07:21:35 GMT
ETag: "717490e133424d9552eebc9a9bf97e6159fc3182"
Last-Modified: Thu, 06 Oct 2022 07:21:36 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2880
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755d20537b43b505-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 281 B IP 104.18.32.68:0
Hash 657d92af47f407aa6cc3e08da2abea33
387486c88a9b8c8505cb10fd315b2364559cc9e5
e0a15447d4e6fafcdeb3044e55c341e65fe6fd7645da21c7a2d32b0492a51530
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:23 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Tue, 04 Oct 2022 01:05:14 GMT
Expires: Tue, 11 Oct 2022 01:05:13 GMT
Etag: "387486c88a9b8c8505cb10fd315b2364559cc9e5"
Cache-Control: max-age=403729,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 755d2051dba2b4f7-OSL
h4ahsm.cfeucdn.com/video_short.mp4
84.16.243.193206 Partial Content 3.1 kB URL HTTP/1.1 h4ahsm.cfeucdn.com/video_short.mp4
IP 84.16.243.193:0
ASN #28753 Leaseweb Deutschland GmbH
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 639ec085afd48ff720cb1716bb09c075
04789db6677b1e59ae5b2c8c3b565f7ad8bf5c52
7e3c990c8c3e6ad1a07710e7032c1ff22975d6322937e80b0446a07de1b227cb
GET /video_short.mp4 HTTP/1.1
Host: h4ahsm.cfeucdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Date: Thu, 06 Oct 2022 08:46:22 GMT
Content-Type: video/mp4
Content-Length: 3078
Last-Modified: Sat, 03 Apr 2021 21:17:34 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "6068db6e-c06"
server: YouTube Frontend Proxy
Expires: Sat, 05 Nov 2022 08:46:22 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Origin,Range
Access-Control-Expose-Headers: Content-Range,Content-Length,ETag
Content-Range: bytes 0-3077/3078
mc.yandex.ru/metrika/tag.js
87.250.250.119200 OK 72 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.250.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Hash 7a68c8644032413981e4ba5bc0d66c4a
2d46ca8055e8577ae7138140e34a6e633434973c
e0573e9a9cbfc3f00a921fa64c50270f5941a1ebb253ab70af2cc0dac45cb0d5
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 72341
date: Thu, 06 Oct 2022 08:46:23 GMT
access-control-allow-origin: *
etag: "633be002-11a95"
expires: Thu, 06 Oct 2022 09:46:23 GMT
last-modified: Tue, 04 Oct 2022 10:25:54 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2c8c83acc2acc0f92d1fcd8221eaf32a
c153c9445923663d98eb26f3904f92878d5015f5
5f4995ec190f108c2461ae49f4ee10734ae3338c9ed9b4683e3cfa794fcccf55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F4995EC190F108C2461AE49F4EE10734AE3338C9ED9B4683E3CFA794FCCCF55"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5270
Expires: Thu, 06 Oct 2022 10:14:13 GMT
Date: Thu, 06 Oct 2022 08:46:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2497
Expires: Thu, 06 Oct 2022 09:28:00 GMT
Date: Thu, 06 Oct 2022 08:46:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2497
Expires: Thu, 06 Oct 2022 09:28:00 GMT
Date: Thu, 06 Oct 2022 08:46:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2497
Expires: Thu, 06 Oct 2022 09:28:00 GMT
Date: Thu, 06 Oct 2022 08:46:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2497
Expires: Thu, 06 Oct 2022 09:28:00 GMT
Date: Thu, 06 Oct 2022 08:46:23 GMT
Connection: keep-alive
hqq.to/cdn-cgi/trace
190.115.19.71404 Not Found 7.5 kB IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d4fb225b0515bc9f5ee59263426ee8cf
222f58cbabacd23d4e3ba64847ce4d2565fd38b8
fc14cc4aa5d6783019743059fc932a8498e34b92279b926648d0b42faae5bd86
GET /cdn-cgi/trace HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://hqq.to/e/cE53anNaYVJxVFlNNG5JK25ZNjhsdz09
Cookie: uid=1g20I_goZPb*FjkfMigtxFUZ4sJ4*o9I
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: ddos-guard
set-cookie: __ddg1_=IcZY0NvfMLE0bCnoKvQf; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:23 GMT
date: Thu, 06 Oct 2022 08:46:22 GMT
content-type: text/html; charset=UTF-8
x-origin-location: /
x-cache-status-inferno: MISS
x-inferno-location: /
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4fc2ddd86450d64d3fb659ab4e78be58
bbe71936b78a8c34d03ab87948dc840b35c6948f
84a760397a5912bd05f61bc8a953c13a88a677e2d17fbbf74bdf7d7ff4d3942f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10158
x-amzn-requestid: def1fc7e-8008-466f-9271-20fa1ab0fa5a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaqZCH7doAMFcPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a8aa0-7fd2fb1249366f2277d719d6;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 07:09:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aeOU8fGkf5uHuYZ79k17EzxiFnwm0_z7SeZJElgwECzRyhR2N_SYJA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 03:50:38 GMT
age: 17745
etag: "bbe71936b78a8c34d03ab87948dc840b35c6948f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hqq.to/js/adv/fuckadblock.js?2
190.115.19.71200 OK 15 kB URL HTTP/2 hqq.to/js/adv/fuckadblock.js?2
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with CRLF line terminators
Hash 060e4cb02269f08616c241fd7b57aec6
34ae7bd3ae7b74d410c46ac91b975fe4eaa662ef
62d7ab711fa7f7ae08f6534f959e6484f5328cc53881375c12ba94fbd77f5c2d
GET /js/adv/fuckadblock.js?2 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/NFdaMGxSdE5DNTJHSzVublgyZzFVQT09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=pYlqN8fNVlF3oLeZC9eq; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:22 GMT
date: Thu, 06 Oct 2022 08:46:21 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2019 17:39:04 GMT
etag: W/"5d656ab8-369e"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
testingmetriksbre.ru/netu.php
104.26.1.119200 OK 7.8 kB URL HTTP/2 testingmetriksbre.ru/netu.php
IP 104.26.1.119:0
File type ASCII text, with CRLF line terminators
Hash 778f0af7eaf5805ff7bcfa896720cb11
8903a30311740866ad501046bc761de46e439a0e
5d2576a444ee9a4b526d6e7376d6a52a759dccd0464fc4c73bcf9515b008d4f2
GET /netu.php HTTP/1.1
Host: testingmetriksbre.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:22 GMT
content-type: application/javascript
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EG1l1Qopz48DsN8cODHg6UCyxh1Tta6%2BObLz08gBk83C2SacgFcC3%2FQX%2FrshUghI24oVqli5%2FTNc790jzTLEYbjS1eAl%2FyMbXvsxkEEKHxQl4eWaWkX0bn%2FRoY2ySpMBBRmn8AZy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d205028ab0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
hqq.to/js/embed.205.js?736
190.115.19.71200 OK 48 kB URL HTTP/2 hqq.to/js/embed.205.js?736
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type Unicode text, UTF-8 text, with very long lines (3414)
Hash 8eea68252aebc086f20615447f157b2f
f9bdc31d743885c4daeb57d0a4babf086bbac8d9
2dc078ebc3d803462634eea760dc3d52fe0fef535ffae96ed9952e10d6a5bff5
GET /js/embed.205.js?736 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/NFdaMGxSdE5DNTJHSzVublgyZzFVQT09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=INIH1QBP4l1nUMczDplq; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:22 GMT
date: Thu, 06 Oct 2022 08:46:21 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 04 Aug 2022 18:07:34 GMT
etag: W/"62ec0ae6-298ce"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
hqq.to/e/cE53anNaYVJxVFlNNG5JK25ZNjhsdz09
190.115.19.71200 OK 48 kB URL HTTP/2 hqq.to/e/cE53anNaYVJxVFlNNG5JK25ZNjhsdz09
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 0c048b752ef0a9e1b6ae5d298a539357
c5647777bb4fbb3b6343903fb7399d86ed591bf6
49caf12f38ab84cd9fde8a9589e6604c52d4ea81763d08db855c910c550aeabf
GET /e/cE53anNaYVJxVFlNNG5JK25ZNjhsdz09 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=kFKiDa7Tj4RhWQjo1cp7; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:22 GMT
date: Thu, 06 Oct 2022 08:46:22 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//hqq.to>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//signal.netu.tv>; rel=dns-prefetch; crossorigin,<//wss.commentsengine.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//deliver.vkcdnservice.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
content-encoding: gzip
x-cache-status-inferno: MISS
x-inferno-location: player
x-inferno-limit-req: DELAYED
X-Firefox-Spdy: h2
alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
192.243.61.225200 OK 11 kB URL HTTP/1.1 alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (32144), with no line terminators
Hash e168f1c881ba80f3a4fe11a35f285711
d0004fe87d8fd84aa1ad500dd4385512cc127532
0f2f5a4eb2959e2ab7ed8aa10725f2dd48566feda0f590ddacfc1c5428e262cd
Analyzer Verdict Alert quad9 Sinkholed
GET /a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js HTTP/1.1
Host: alleviatepracticableaddicted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 06 Oct 2022 08:46:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1aeef04462de7932ef9feb884612a0ad
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/metrika/advert.gif
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Thu, 06 Oct 2022 08:46:23 GMT
access-control-allow-origin: *
etag: "633be002-2b"
expires: Thu, 06 Oct 2022 09:46:23 GMT
accept-ranges: bytes
last-modified: Tue, 04 Oct 2022 10:25:54 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
87.250.250.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 3b0be9796f83c652316f73c075879d16
6a072a8211a13765122b1cec8f0ff2a327e61747
ada324f225a6ac8201cf552cdfc0a80ae2b1079e8133024590d48d5822d9f1f9
GET /watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Thu, 06 Oct 2022 08:46:23 GMT
access-control-allow-origin: https://hqq.to
set-cookie: yandexuid=2582265211665045983; Expires=Fri, 06-Oct-2023 08:46:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=2582265211665045983; Expires=Fri, 06-Oct-2023 08:46:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1161938061665045983; Path=/; SameSite=None; Secure
i=lLXlEOHoWkc2qbrJ9Y1uEedled/3ihN1wxwSmDzwRCFfJntnkoGDNwHODqjtbsBvFL9NfSELeob+w1mh2le+uFV8it0=; Expires=Sun, 03-Oct-2032 08:46:21 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696581983.yrts.1665045983#1696581983.yrtsi.1665045983; Expires=Fri, 06-Oct-2023 08:46:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:23 GMT
last-modified: Thu, 06-Oct-2022 08:46:23 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
192.243.61.225200 OK 11 kB URL HTTP/1.1 alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (32162), with no line terminators
Hash eb2fe507a24d3bb047e71c1fea985f0d
0aad304c89158eaa1a9f2ceaae1daae6f85b8eb3
4562658fa8a1f6eaad61496a2e80315c4267caadd1671f150e718bb86b7e384c
Analyzer Verdict Alert quad9 Sinkholed
GET /a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js HTTP/1.1
Host: alleviatepracticableaddicted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 06 Oct 2022 08:46:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bcc93cb1c69dfd123008343a0d5d1322
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
mc.yandex.ru/watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FcE53anNaYVJxVFlNNG5JK25ZNjhsdz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A102983297%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A274723271%3Arqn%3A3%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C110%2C1%2C%2C%2C%2C1047%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)re(1)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
87.250.250.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FcE53anNaYVJxVFlNNG5JK25ZNjhsdz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A102983297%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A274723271%3Arqn%3A3%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C110%2C1%2C%2C%2C%2C1047%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)re(1)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash d81114b586f9e1f4496c0b029c486679
48e153b0dbe94ea7a38180a3fb821f247ac6f126
06d981a8fce6a527e0b704b488842f99532a2df0041d81fd0747f4e3854e0e3e
GET /watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FcE53anNaYVJxVFlNNG5JK25ZNjhsdz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A102983297%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A274723271%3Arqn%3A3%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C110%2C1%2C%2C%2C%2C1047%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)re(1)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FcE53anNaYVJxVFlNNG5JK25ZNjhsdz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A102983297%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A274723271%3Arqn%3A3%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C110%2C1%2C%2C%2C%2C1047%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29re%281%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Thu, 06 Oct 2022 08:46:23 GMT
access-control-allow-origin: https://hqq.to
set-cookie: yandexuid=3836497201665045983; Expires=Fri, 06-Oct-2023 08:46:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=3836497201665045983; Expires=Fri, 06-Oct-2023 08:46:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1441945711665045983; Path=/; SameSite=None; Secure
i=EimuDBxTz5ZobdCWe88pDJIilBEamhrgOYqQp8GyWl8EOBf0YMhLH6Qo11Klyfh+YpEqvJ9tnHrl7dhTvnU8hY1D+ME=; Expires=Sun, 03-Oct-2032 08:46:23 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696581983.yrts.1665045983#1696581983.yrtsi.1665045983; Expires=Fri, 06-Oct-2023 08:46:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:23 GMT
last-modified: Thu, 06-Oct-2022 08:46:23 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash b2f846c37619c646c6164f4293aa696a
7f57a0e1eb799abad4d8f7dba2e023100de527e3
3823148e60eda2c18f8b59150fc70e9eb8a6afbd59f0b590a020c4a4ab53a6fc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 08:46:23 GMT
Last-Modified: Thu, 06 Oct 2022 06:58:49 GMT
Server: ECS (nyb/1D1C)
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dwfjG-C0hiMBzcCxwQC2b9N5UhpxuxmtW2Ror1wyhVemNRYPwtF-cg==
Age: 6454
alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
192.243.61.225200 OK 11 kB URL HTTP/1.1 alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (32126), with no line terminators
Hash 03157e71db504cf6a8ff1bdfdb90dcc7
6817b19e223d723108b3649bb508f7b9239196df
6af36e2b9991cdc428b56d1a00a9019b2de45e63ae686d68c0a3ef763f82d3a0
Analyzer Verdict Alert quad9 Sinkholed
GET /a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js HTTP/1.1
Host: alleviatepracticableaddicted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 06 Oct 2022 08:46:23 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f920badda62778715eb90114721aa293
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
3.67.146.56200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.67.146.56:0
File type ASCII text, with no line terminators
Hash 1c21e4934b27bafeea57089d5fb3be2c
62c82db54082ae3a5c3fe1104c93dbf47ba81fd6
2ef4c4444e57836913c94d78e99fd352ed54cae99e47a8cef5b08b3df74f6272
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:23 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://hqq.to
access-control-allow-credentials: true
set-cookie: uid_id2=fe49cda6-27ea-4298-bcd5-5e1757aef82b:1:1; expires=Sun, 03 Oct 2032 08:46:23 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.67.146.56200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.67.146.56:0
File type ASCII text, with no line terminators
Hash 1c21e4934b27bafeea57089d5fb3be2c
62c82db54082ae3a5c3fe1104c93dbf47ba81fd6
2ef4c4444e57836913c94d78e99fd352ed54cae99e47a8cef5b08b3df74f6272
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Cookie: uid_id2=fe49cda6-27ea-4298-bcd5-5e1757aef82b:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:23 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://hqq.to
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash b2f846c37619c646c6164f4293aa696a
7f57a0e1eb799abad4d8f7dba2e023100de527e3
3823148e60eda2c18f8b59150fc70e9eb8a6afbd59f0b590a020c4a4ab53a6fc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 08:46:23 GMT
Last-Modified: Thu, 06 Oct 2022 07:33:50 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: O0l8e585JiJGXv8dk9NRsYl1bsmY_XwUOPodz-ZkQDk2P-ckGGnwKw==
Age: 4353
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b0e8a79f3e381ab34a44278947ac7c7e
70d01e6fdc8565c661b6ae8c5a043ddf2da16530
885a8c234fca85e6f6bb3e8fcab6672b9a9742b5d3f74681b17a330fa295d549
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 40a4de06678d96242b71d5318f2fd4ef
546a7d1d92df81916f14155943427b5453ae3924
aed9af25ae57c181702a137d48cb00f5b30297180161451de3b628359dc9ec6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b0e8a79f3e381ab34a44278947ac7c7e
70d01e6fdc8565c661b6ae8c5a043ddf2da16530
885a8c234fca85e6f6bb3e8fcab6672b9a9742b5d3f74681b17a330fa295d549
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
simplewebanalysis.com/stats
3.67.146.56200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.67.146.56:0
File type ASCII text, with no line terminators
Hash 02e9c1c528123cb5a3b2a3d3da16b462
abc8b20cebca9be1ca50976d3deb2a877ff579d8
dd049e348a1e1650f39331777048043fd64eabeacfc9608f83a47f93822e76e3
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:23 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://hqq.to
access-control-allow-credentials: true
set-cookie: uid_id2=c5d4e1be-b68b-474d-b977-bb38db1f4529:2:1; expires=Sun, 03 Oct 2032 08:46:23 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f763a685d14b05b6ced9792151da30b8
b25be5359245be857ffa1bddcb197cb771a36a45
505ad6dc6417d58207f0d68862c4423f4611660ccc6afe165fd3ec2ccb1c893d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/css/maia.css
142.250.74.164200 OK 12 kB URL HTTP/2 www.google.com/css/maia.css
IP 142.250.74.164:0
File type Unicode text, UTF-8 text, with very long lines (43499), with no line terminators
Hash bbb96f1e62e3f84502664d603d4ecbfc
684db7b7626d997e41d11716107d25824f322983
fcb969338fcac7f4d33a5f51945c6756d58881b82572604863fd8c0f3b1840c7
GET /css/maia.css HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 12181
date: Thu, 06 Oct 2022 08:46:23 GMT
expires: Thu, 06 Oct 2022 08:46:23 GMT
cache-control: private, max-age=0
last-modified: Mon, 25 May 2020 08:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f763a685d14b05b6ced9792151da30b8
b25be5359245be857ffa1bddcb197cb771a36a45
505ad6dc6417d58207f0d68862c4423f4611660ccc6afe165fd3ec2ccb1c893d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
87.250.250.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash a1488f608283333bcd0a70e71ead4e52
a5fa2505373d74b8f27934472acd702009bc902c
5b4f3f1ec2578b3818e71224f515f14d5653f65883dc52a4f11944654243c085
GET /watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Referer: https://hqq.to/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Thu, 06 Oct 2022 08:46:23 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://hqq.to
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:23 GMT
last-modified: Thu, 06-Oct-2022 08:46:23 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
104.16.122.175200 OK 44 kB URL HTTP/2 unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
IP 104.16.122.175:0
Hash 1872aedf95eaf32667f9e50c735c44d0
fb87551a5e2fca8d8d6e7180e6d6e66dc5e6d25b
2e86c2c946f95671be70bb7667f015cf30edf013cafb9fc6f05d5ba32a3a6d42
GET /jquery.cookie@1.4.1/jquery.cookie.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:22 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sun, 27 Apr 2014 20:04:54 GMT
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
via: 1.1 fly.io
fly-request-id: 01G75513388K1MR4R8RW1AYXTV-fra
cf-cache-status: HIT
age: 8089483
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 755d2050097eb527-OSL
content-encoding: br
X-Firefox-Spdy: h2
zap.buzz/lxAR5ZJ
172.67.213.33302 Found 765 B IP 172.67.213.33:0
Hash 9c7ce4cc47b8e609932b966b732d736d
c4103aa64a8a54e86dec7dec2d08e9ef8c7aba25
f8cafe2da5ba357ea07ba110f78415e7902a04749993163be5ea176d9df7b8d5
GET /lxAR5ZJ HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 06 Oct 2022 08:46:23 GMT
content-type: text/html; charset=utf-8
location: https://q.cachegorilla.com/r?fid=B79SGewuO6N
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Yz6V3w.5FB9iblEC1ceGizlWzslQVhY6O4; Expires=Thu, 06 Oct 2022 09:16:23 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kVwvPsLvF4zhonywzHw0UsgLaKRkq2BQfO8BfRok9lK6826j3XMFOppIP3No0Tv3lq9gArhcyD0B6rQqwgT6%2Fso5faszHtMq1Tkl%2F7ZGTKeIc%2FIt3rTJstxWWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2057be53b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
zap.buzz/Jr1zAzZ
172.67.213.33302 Found 17 kB IP 172.67.213.33:0
Hash eb0685e4d99428298f4c93076f2ff261
a5bf95eea6d8c5fe4d9ab5e3e57d71c8d18e5275
4c71c5f6cb9d0169998a4d31ca957d88f538351d8114dbe04387abbd1b72b0a3
GET /Jr1zAzZ HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 06 Oct 2022 08:46:24 GMT
content-type: text/html; charset=utf-8
location: https://xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Yz6V3w.5FB9iblEC1ceGizlWzslQVhY6O4; Expires=Thu, 06 Oct 2022 09:16:23 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tID66iHpWXAbTekewuEB4mVMPoYX3fLGxwzAc2E4im%2FeiPFfryUs0fOnkayPzYON7XpBIqbNqn3dS%2FEjsNgGu0HInUBJBey8m46JdcEbEJCZ9Md1xk2t9%2BsJ9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2057ce64b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.gstatic.com/og/_/js/k=og.qtm.en_US.F9GLv3vJthY.O/rt=j/m=q_dnp,q_pc,qmd,qcwid,qapid/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtt/d=1/ed=1/rs=AA2YrTudCw2XotoVCZRHW0V_ffgR5WCCig
142.250.74.163200 OK 50 kB URL HTTP/2 www.gstatic.com/og/_/js/k=og.qtm.en_US.F9GLv3vJthY.O/rt=j/m=q_dnp,q_pc,qmd,qcwid,qapid/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtt/d=1/ed=1/rs=AA2YrTudCw2XotoVCZRHW0V_ffgR5WCCig
IP 142.250.74.163:0
File type ASCII text, with very long lines (581)
Hash 1e2aa0b53af173cba15b536913fb1de0
d1c92b9012a0dbb47279ecde99b4639156e2f46f
cb9d072d8459abcce2c36f27c3955c11d03fd051a53d1cddde1ae07283830f29
GET /og/_/js/k=og.qtm.en_US.F9GLv3vJthY.O/rt=j/m=q_dnp,q_pc,qmd,qcwid,qapid/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtt/d=1/ed=1/rs=AA2YrTudCw2XotoVCZRHW0V_ffgR5WCCig HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/one-google-eng
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="one-google-eng"
report-to: {"group":"one-google-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/one-google-eng"}]}
content-length: 49543
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 11:12:51 GMT
expires: Thu, 05 Oct 2023 11:12:51 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 22 Sep 2022 01:34:29 GMT
content-type: text/javascript; charset=UTF-8
age: 77613
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.blogger.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:34:08 GMT
expires: Thu, 05 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 47536
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
142.250.74.163200 OK 663 B URL HTTP/2 www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
IP 142.250.74.163:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1660), with no line terminators
Hash d3ec4b74ea0887aeff93ed6767748dc8
95aac504eb982d2806af370586b681cdd7b8877a
303c26d0404d542bfbdd1bf05e7ae0f103a017c0f97870ef6993d0747fd88573
GET /images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 663
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 06 Oct 2022 02:22:30 GMT
expires: Fri, 06 Oct 2023 02:22:30 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
content-type: image/svg+xml
age: 23034
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/og/_/ss/k=og.qtm.3ZnPO48TzCU.L.F4.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTu0rNo6SDTCqCiWpPou-Sxcja_u8A
142.250.74.163200 OK 307 B URL HTTP/2 www.gstatic.com/og/_/ss/k=og.qtm.3ZnPO48TzCU.L.F4.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTu0rNo6SDTCqCiWpPou-Sxcja_u8A
IP 142.250.74.163:0
File type ASCII text, with very long lines (452), with no line terminators
Hash 2777f95ca1bc48d1ff75cc2a959df913
b26a0c763346fc783c77e2fa9092bbb20efc7ebe
dfbbc6cfa66a2027486bccd0f0c2e7f85cc5f81c872ff0e4402aade7288ec09b
GET /og/_/ss/k=og.qtm.3ZnPO48TzCU.L.F4.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhlo,qhmn,qhpc,qhpr,qhsf,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTu0rNo6SDTCqCiWpPou-Sxcja_u8A HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/one-google-eng
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="one-google-eng"
report-to: {"group":"one-google-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/one-google-eng"}]}
content-length: 307
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 12:58:49 GMT
expires: Thu, 05 Oct 2023 12:58:49 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 22 Sep 2022 10:50:51 GMT
content-type: text/css; charset=UTF-8
age: 71255
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b6badfc2a136c9b5931dd143593037b7
8ebcb89e7e0741b0c629d730ea04dbf1195a3701
2e166abb32f01a4f9a8452465d9f6a12f5e8de561ed5a549102277f52004f1ac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2E166ABB32F01A4F9A8452465D9F6A12F5E8DE561ED5A549102277F52004F1AC"
Last-Modified: Thu, 06 Oct 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14060
Expires: Thu, 06 Oct 2022 12:40:44 GMT
Date: Thu, 06 Oct 2022 08:46:24 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0b3583bada6a90ca23d9af1db7f0b361
80070b13219a6df5dde7a2b7c84df33381d268b8
70efc800ed2f1acee19ccc88dbafa7724c0f00d9b7cda191d69cf69c1a38a98f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "70EFC800ED2F1ACEE19CCC88DBAFA7724C0F00D9B7CDA191D69CF69C1A38A98F"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2015
Expires: Thu, 06 Oct 2022 09:19:59 GMT
Date: Thu, 06 Oct 2022 08:46:24 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash ebe1325e2882e526f65529210fe4815b
2771ff8b78fb0a0a619c4a7ca4686df27bee58c7
847d6a022aa34aa2519975c725ea4b77690cfd07d9a41f900792ad69ba346939
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:24 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 04 Oct 2022 13:50:03 GMT
Expires: Tue, 11 Oct 2022 13:50:02 GMT
Etag: "2771ff8b78fb0a0a619c4a7ca4686df27bee58c7"
Cache-Control: max-age=449617,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 755d20599c70b4fa-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash ebe1325e2882e526f65529210fe4815b
2771ff8b78fb0a0a619c4a7ca4686df27bee58c7
847d6a022aa34aa2519975c725ea4b77690cfd07d9a41f900792ad69ba346939
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:24 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 04 Oct 2022 13:50:03 GMT
Expires: Tue, 11 Oct 2022 13:50:02 GMT
Etag: "2771ff8b78fb0a0a619c4a7ca4686df27bee58c7"
Cache-Control: max-age=449617,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 755d2059aca5b4f7-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c490179cd35c2ef97c7a3e88da33fdde
0ac10c898337f6f8cdc3e52a485971baa8d8932d
f4645ef05e4331447d890497b91f05bb6b03cd0261e5a06317f0d7b50cb96239
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4645EF05E4331447D890497B91F05BB6B03CD0261E5A06317F0D7B50CB96239"
Last-Modified: Thu, 06 Oct 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13969
Expires: Thu, 06 Oct 2022 12:39:13 GMT
Date: Thu, 06 Oct 2022 08:46:24 GMT
Connection: keep-alive
mc.yandex.ru/watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29rqnl%282%29ti%282%29
87.250.250.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29rqnl%282%29ti%282%29
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash c18b48f530fcd90d63dafe7f38aa3160
c610362971c0a974d45d947c58ac6f1111b9b121
cebda469f0254479b4bacf25d1c7fc58252fb980c31bd8c7155039ca5ee5167a
GET /watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29rqnl%282%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Referer: https://hqq.to/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Thu, 06 Oct 2022 08:46:24 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://hqq.to
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:24 GMT
last-modified: Thu, 06-Oct-2022 08:46:24 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A509266591%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C%2C%2C%2C603%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29rqnl%282%29ti%282%29
87.250.250.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A509266591%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C%2C%2C%2C603%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29rqnl%282%29ti%282%29
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 60604bc1fa167112a403ba3d0b951bae
e19c79f282a6915fcb8694440912c7c74cff1245
081dfab13cbd2bebd0985321661199117814a89b0c2287d9ec7cb475e0b70485
GET /watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A509266591%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C%2C%2C%2C603%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29rqnl%282%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Referer: https://hqq.to/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Thu, 06 Oct 2022 08:46:24 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://hqq.to
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:24 GMT
last-modified: Thu, 06-Oct-2022 08:46:24 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
174.137.133.17200 OK 0 B URL HTTP/1.1 xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=457657&auth=p12tC3&pubid=152420 HTTP/1.1
Host: xml.poprtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:24 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
seatsrehearseinitial.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
192.243.61.225200 OK 29 kB URL HTTP/1.1 seatsrehearseinitial.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash d3ab192e4e92d6552d951f27438bb622
3771e917ce8e4e2cb392c0a9532d6f85660a5752
dbf8dc32f949ae2d958a2a96e6f36df26099bb54be9e443961bdaf27fc1e8980
GET /0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js HTTP/1.1
Host: seatsrehearseinitial.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 06 Oct 2022 08:46:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9dfd76c4cdfeaf0b84c553c7a7bc8ed5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
interesteddeterminedeurope.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
192.243.59.12200 OK 29 kB URL HTTP/1.1 interesteddeterminedeurope.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 63bb82bf20f5fc4e2581b7aef6d7e23d
1858642135cd6c2523a71bd65eea62c4e3a4f736
42f460070afb956718def1d954c93fc44617efb6ad172ba90c0e9a4985840250
Analyzer Verdict Alert quad9 Sinkholed
GET /0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js HTTP/1.1
Host: interesteddeterminedeurope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 06 Oct 2022 08:46:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8ceeaa5f83b654fb216635ae45c13295
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 61e5079a0e6812f78348c7a622279320
5295836d509d9eaee1c31bd129d08b65d0860a89
ff528b3e3551facb4aaf40f7c4befd70da4e707d5aed4bc9b49ca7905791f14d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "FF528B3E3551FACB4AAF40F7C4BEFD70DA4E707D5AED4BC9B49CA7905791F14D"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11534
Expires: Thu, 06 Oct 2022 11:58:38 GMT
Date: Thu, 06 Oct 2022 08:46:24 GMT
Connection: keep-alive
xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
174.137.133.17200 OK 0 B URL HTTP/1.1 xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=457657&auth=p12tC3&pubid=152420 HTTP/1.1
Host: xml.poprtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:24 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
174.137.133.17200 OK 358 B URL HTTP/1.1 xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9c18fbb45e7da4c8641e8d2c66cb5368
c5c07db05f641074937c0c28493358eb5c76b417
09a4e8d437cac168ea59752927a87a85a906f03035fe8ab1de859a417fc46b3c
GET /redirect?feed=457657&auth=p12tC3&pubid=152420 HTTP/1.1
Host: xml.poprtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:24 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
motivessuggest.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
192.243.59.12200 OK 29 kB URL HTTP/1.1 motivessuggest.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 4234235782e61a420d503b4ff9bccd15
efb800449f434c173ab883da10755691b444c657
ab2a1c1ef62d56b84bbebf3cd41d1fa7ffdf6e91d171f4b2b813b10d61d9b579
GET /0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js HTTP/1.1
Host: motivessuggest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 06 Oct 2022 08:46:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5d89a893677deaad243adc4f93f4c10c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
interesteddeterminedeurope.com/sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e
192.243.59.12200 OK 2.4 kB URL HTTP/1.1 interesteddeterminedeurope.com/sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5579), with no line terminators
Hash 779f9fe284c8579d66f76b588d1af4e8
926e3a5754a7fd55a2f8668b43805915407f304e
33ea81adc6a61a8c35b625000bc4b17a06081df53bbbf2ae42141bf440387598
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e HTTP/1.1
Host: interesteddeterminedeurope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 06 Oct 2022 08:46:24 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://hqq.to
Access-Control-Allow-Origin: https://hqq.to
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17334956; expires=Fri, 07 Oct 2022 08:46:24 GMT; secure; SameSite=None
pdhtkv=true; expires=Fri, 07 Oct 2022 08:46:24 GMT; secure; SameSite=None
uncs=1; expires=Fri, 07 Oct 2022 08:46:24 GMT; secure; SameSite=None
pdhtkv29=true; expires=Fri, 07 Oct 2022 08:46:24 GMT; secure; SameSite=None
uncs29=1; expires=Fri, 07 Oct 2022 08:46:24 GMT; secure; SameSite=None
sleca6b0b8925d9b3a4154c035c24b4ed97e=[3396716]; expires=Thu, 06 Oct 2022 08:46:29 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0d4ae4e10e22a2332f28c4334b2433ea
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
6.adsco.re/
104.17.167.186200 OK 0 B IP 104.17.167.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://culoscolegiales.blogspot.com
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:24 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://culoscolegiales.blogspot.com
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 755d205d08b7b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?lang=no&family=Product+Sans|Roboto:400,700
142.250.74.10200 OK 4.0 kB URL HTTP/2 fonts.googleapis.com/css?lang=no&family=Product+Sans|Roboto:400,700
IP 142.250.74.10:0
File type ASCII text, with very long lines (5763)
Hash a59d4b3b698e0b7116c50d3da55975ec
01a13cae9fe311ddfd8f10f4f02928095f7fffeb
c531bcd1c79327f48c2e500dce4f9c0a17b1f0be15e8b6c95fd90eaddf3e01c6
GET /css?lang=no&family=Product+Sans|Roboto:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 06 Oct 2022 08:46:23 GMT
date: Thu, 06 Oct 2022 08:46:23 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://culoscolegiales.blogspot.com
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://culoscolegiales.blogspot.com
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 61e5079a0e6812f78348c7a622279320
5295836d509d9eaee1c31bd129d08b65d0860a89
ff528b3e3551facb4aaf40f7c4befd70da4e707d5aed4bc9b49ca7905791f14d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "FF528B3E3551FACB4AAF40F7C4BEFD70DA4E707D5AED4BC9B49CA7905791F14D"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11534
Expires: Thu, 06 Oct 2022 11:58:38 GMT
Date: Thu, 06 Oct 2022 08:46:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cda9919b2970e3720fec6953dd71ea78
49b86f05a3cc6eba4ac3cd5e70d1987e5b2e5878
d5d13a306ae21604d21737777b0f3d4e9107a3285d3630919de6a1d7d349fbd3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D5D13A306AE21604D21737777B0F3D4E9107A3285D3630919DE6A1D7D349FBD3"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1898
Expires: Thu, 06 Oct 2022 09:18:03 GMT
Date: Thu, 06 Oct 2022 08:46:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0ca8a19b67c1e138d69c55f0e3a496ca
b7b476e425aadcfce607936d3d33558553ee203a
5166a734da8356a1295d45a38b27401ad091adb26b2c4f16ee2f3e9326a5cfd2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5166A734DA8356A1295D45A38B27401AD091ADB26B2C4F16EE2F3E9326A5CFD2"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3974
Expires: Thu, 06 Oct 2022 09:52:39 GMT
Date: Thu, 06 Oct 2022 08:46:25 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 5ee0cdd53a4fe31d87edb1f74b25d5e1
f2796523cd8f58166a0ec07a5e48de6a53bcb992
33b837dc7f60a1ef50a2c0f2b6b0cb57012204c2e9cf39d70a1d717f2c325f52
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 08:46:25 GMT
Last-Modified: Thu, 06 Oct 2022 08:39:45 GMT
Server: ECS (dcb/7EED)
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lIkt5awB65EgG--BrVSg5HQniklcbdKaBzUMorkKqKyVKnAxIWhUqQ==
Age: 400
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 77813dae498fa3d28a5590f0a6d54f05
d05b47e7e68968dfc32d06693cde8b8e9789f28d
5c1576ea01d7446b3be388a8d9403fb9cd49a24b34d2de5f00b155e96e37f134
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C1576EA01D7446B3BE388A8D9403FB9CD49A24B34D2DE5F00B155E96E37F134"
Last-Modified: Tue, 04 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14018
Expires: Thu, 06 Oct 2022 12:40:03 GMT
Date: Thu, 06 Oct 2022 08:46:25 GMT
Connection: keep-alive
j4ts2dv6exjs.n4.adsco.re/
38.132.109.186200 OK 0 B URL HTTP/1.1 j4ts2dv6exjs.n4.adsco.re/
IP 38.132.109.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: j4ts2dv6exjs.n4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://culoscolegiales.blogspot.com
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:25 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
peeredgerman.com/pixel/purst?dl=0&th=0&sc=0&rs=2158&rd=2158&fd=881&bv=22.8.v.2&tmpl=136
173.233.137.52200 OK 0 B URL HTTP/1.1 peeredgerman.com/pixel/purst?dl=0&th=0&sc=0&rs=2158&rd=2158&fd=881&bv=22.8.v.2&tmpl=136
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2158&rd=2158&fd=881&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: peeredgerman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 06 Oct 2022 08:46:25 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
c.srvpcn.com/click?id=ccv9bo3jdlhsd82e0ic0&e=03c8f024-2476-46c9-a295-a89dd7501d03&px=34
52.5.2.113303 See Other 0 B URL HTTP/2 c.srvpcn.com/click?id=ccv9bo3jdlhsd82e0ic0&e=03c8f024-2476-46c9-a295-a89dd7501d03&px=34
IP 52.5.2.113:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?id=ccv9bo3jdlhsd82e0ic0&e=03c8f024-2476-46c9-a295-a89dd7501d03&px=34 HTTP/1.1
Host: c.srvpcn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 303 See Other
date: Thu, 06 Oct 2022 08:46:25 GMT
content-length: 0
location: http://irene-eux.com/zcvisitor/5bb9f8b4-4553-11ed-be30-1241ddaf2f1b/e3e39f70-3459-11e9-9a51-0a15cb739170?campaignid=ea2166c0-40b1-11ed-8ee2-0a918cbcbb97
X-Firefox-Spdy: h2
specialityharmoniousgypsy.com/pixel/purst?dl=0&th=0&sc=0&rs=2215&rd=2215&fd=836&bv=22.8.v.2&tmpl=136
192.243.59.13200 OK 0 B URL HTTP/1.1 specialityharmoniousgypsy.com/pixel/purst?dl=0&th=0&sc=0&rs=2215&rd=2215&fd=836&bv=22.8.v.2&tmpl=136
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=2215&rd=2215&fd=836&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: specialityharmoniousgypsy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 06 Oct 2022 08:46:25 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash bdd48b857ff5a92132842b38654f4d16
1e466f90578411c33ba2b50320fe3ca5d40751bc
65e0df31d01c498958e02e960442a033b2c0e2caeb50a95960ced0b2d6dac55c
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:25 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 10 Oct 2022 06:40:47 GMT
ETag: "1e466f90578411c33ba2b50320fe3ca5d40751bc"
Last-Modified: Thu, 06 Oct 2022 06:40:48 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755d2060daf1b4f3-OSL
adsco.re/p
162.252.214.5200 OK 172 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash 42e0fe5701763a08f07d237d9ba6d4fd
5ef3134d90d26de61855c11d3996be1b04f9ac56
bf4afc90dd079ea734bee8004218648b25c96f318bbb39b069d53a3e7d1fcbf6
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1737
Origin: https://culoscolegiales.blogspot.com
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: https://culoscolegiales.blogspot.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
hqq.to/cdn-cgi/trace
190.115.19.71404 Not Found 375 B IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f15851c0dd2937e47b14fa78b9d2a607
1bc347fbb30a73cc3253088bc7fed9a25be27298
fa9a77d3d0763517c168c6a09aca47fe78f892b6e5516e2206a04b61c724d51e
GET /cdn-cgi/trace HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://hqq.to/e/WTFmbUFGTUFNcStkYkFuV3lJY2F3Zz09
Cookie: uid=1g20I_goZPb*FjkfMigtxFUZ4sJ4*o9I; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c5d4e1be-b68b-474d-b977-bb38db1f4529%3A2%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: ddos-guard
set-cookie: __ddg1_=FHNmWWVXiNhBOpkXLL8O; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:25 GMT
date: Thu, 06 Oct 2022 08:46:24 GMT
content-type: text/html; charset=UTF-8
x-origin-location: /
x-cache-status-inferno: MISS
x-inferno-location: /
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
192.243.61.225200 OK 11 kB URL HTTP/1.1 alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (32126), with no line terminators
Hash 6829a5806e2fa3cc2e88154e9556c6bd
0174a2cf511818d991a9a9a2ebcdbc3ba4a1360b
d6af956cb2a86cd15ead142bb76405e9e5199176e1fef24b2e8cc2616b7dd075
Analyzer Verdict Alert quad9 Sinkholed
GET /a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js HTTP/1.1
Host: alleviatepracticableaddicted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 06 Oct 2022 08:46:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ba5d03470337310b6e331a82f9b71f92
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d0597a5e98092de15ca6f20d0f8454d5
e7261e87a8606fbbe8712526e5fbe9fb21417afd
93b3a37060323cd1dbf941510cb60124e6f2b302d254b8a479a398066be9b67e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1041
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:25 GMT
Last-Modified: Thu, 06 Oct 2022 08:29:04 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
q.cachegorilla.com/r?fid=B79SGewuO6N
104.21.51.225302 Found 503 B URL HTTP/2 q.cachegorilla.com/r?fid=B79SGewuO6N
IP 104.21.51.225:0
Hash d8998203f9650170f450f4e8d2f650d6
ee15a2a9fb624d4e7e2136ce79f2e2ba2af1d2e5
1f126c0a7dfc9fc263422be9ba165da3d0fdffbd858a07e315b3d27cbc78f7c2
GET /r?fid=B79SGewuO6N HTTP/1.1
Host: q.cachegorilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 06 Oct 2022 08:46:24 GMT
location: http://c.cachegorilla.com/cf?id=6449762864267253921&sid=B79SGewuO6N&subid=0000&fid=18894&redir=1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86d3pAkS9eLQJ5r8MxLptgD7UZMfHq6th5xQt6DypkkwXKrgOHJbBT%2Bt5MSzlFLqc0T0IvdYftGQRKaAgWhSFur0wjP9d62wP2WegdRJU%2FwhmwglUtenlV0aeydjyGyS42a7oFw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20584a3cb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9b1914e702d9edf1b2f241cadd82026a
11d8599b1ffb646583ea9c2e58527a62099b9aca
a981de3a5425beba86b32a0900cd71c7fae780de6424d6789a57889ca91fac6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A981DE3A5425BEBA86B32A0900CD71C7FAE780DE6424D6789A57889CA91FAC6F"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5732
Expires: Thu, 06 Oct 2022 10:21:57 GMT
Date: Thu, 06 Oct 2022 08:46:25 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 8e08fc7ced012af6fdfb1268f29696e0
7774bf3d66eef5452840bbe3d423747913aea429
b4ad63b194e1b8be667d23a076c0ca59c6e41f4e3251d57108ed522ab46d1a8b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 08:46:25 GMT
Last-Modified: Thu, 06 Oct 2022 07:31:42 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: epqy6B-BnAQL9YWBT79fOXT66I1djgenodsvsB8fX8bkyNIyFVnoXw==
Age: 4483
testingmetriksbre.ru/netu.php
104.26.1.119200 OK 274 B URL HTTP/2 testingmetriksbre.ru/netu.php
IP 104.26.1.119:0
File type ASCII text, with CRLF line terminators
Hash 5e0ee207cfffefa12fdb7fe5cce95ad1
c733cb4fb0a98a5c788d3a31f8bc63e4c528ff3d
d9c286adaf73f78a6a664c6ff754530cfe21c581584581eb8561daf3f3567328
GET /netu.php HTTP/1.1
Host: testingmetriksbre.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:25 GMT
content-type: application/javascript
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oL0ry8voY7n8DEw1fL1xXwwpXNxzo3NfZUNa27CK%2BS9Jo7gEaRPAJcndjROQStLgr6I8jep5d6ptySm%2BJv9rDVl372iSFKjD8ygIZsY%2BhizeBtB5%2F6B21zKuF6ezTHFV4mYpG1V5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20604f950b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
seatsrehearseinitial.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scVRd9lQx8gW%2Bjko2i0gsXCk5PVXV1VbcBgzGOBCeZkChxI%2Fp%2Bdc9zXtervFfV1TMLGRKULNuF%2B5rTMxmigyi4TZCeQBYDQtrVgA7%2BCYqQlQvpzmDrheLeU%2Bcszj33fbFdHBMfBT26eNlsKq3pUrPu1179MAjO1VZUWgxqg1b8cRydq9n%2BG%2B247r9We1fydbMU%2BoHvB35QW1ZWdsxgaUpCZfvtoN7261FYD5oRBva%2F2BUeHPUg%2BsfkOSgxWXjonYXiY6S97y5Kt56b7PV3eoWmubHoi70P0vXUlCl687FjPXTSvRM1jHu8%2FAAm3Z3Zhen%2FI2RqQrxHD8DSvROTYP2dmU%2BmIVMw8X%2BU%2FTGkHkPRMbi5DSUeE4ALXFlF2rt7xdiSbjxl6ZSdkIUnf0KVE7Lw61mkvW8vaDWoXTe6yJVJHQadCmowhuqOkRUHyDdPQZUH4PktKPETWXqygrS3s%2Bq0gRJHr3Rk1OaCxothIuliFLZbi4yL5mJTBkkzobLTCtksIKXGUJ0xtByCOg%2FF9FMeio6HIvPQE0c1HgRB4gtO%2FVab84ZIJIuFH9CkE9DAj1so%2BHSHIfJsCK6H4HYLmd3CuhrCFj%2FCrVVwwoPLCfqiQikJSkdQUoJSEZQ5QdmvdoV2oavuCu0KFpz08KQ3qpHJu9t01%2BRdmZLt7Jg8Ow3OO3NrH%2BvyqEZj5rNWO2yKNmvQKGhG3G80eRixSIp2IuFUBeVOzdbcVBPy4v06MjUh%2F%2FvoFzB6AKcPwNUzoMVLoOUoCX3QtVHU8rGZ7lNR6Hxx7ebNem4gTIUsX0C%2B4W3rY%2FL87ICNG79D8sPzn7DLkz%2Fu%2FQVuK2S2wqfqIUFX3xldMyXZuWZKR75fzXLVU5t0etzrOc3l6a%2FfkxulseLSRTe89xafEtNx%2F33p8hWaCpV2HfnmghJC2mVjuST3L7kbkl0t3NqFwqZFtnL17eVLvcxK55RJx6BqQsijQ3A1IWd%2B2J292xc%2B%2FwzKjmGLCr3ikJwUlDkAz7bgsrl%2FZ07D6rmGZR7KohrZkM1%2FakWg5RxTVsH9C7P5vO3uoGtfBs1vI%2B1V6NsKfV2B6iFccXqUZ%2Fbw%2FM%2BNWYFpb8S09XaYtvrLp%2BE6dVRLGg2fxu1mkCRUJiwKW504EJSGURzGMW0gdxP%2B5le%2F%2FQ0AAP%2F%2FAQAA%2F%2F9FcRD%2FggQAAA%3D%3D
192.243.61.225200 OK 7 B URL HTTP/1.1 seatsrehearseinitial.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scVRd9lQx8gW%2Bjko2i0gsXCk5PVXV1VbcBgzGOBCeZkChxI%2Fp%2Bdc9zXtervFfV1TMLGRKULNuF%2B5rTMxmigyi4TZCeQBYDQtrVgA7%2BCYqQlQvpzmDrheLeU%2Bcszj33fbFdHBMfBT26eNlsKq3pUrPu1179MAjO1VZUWgxqg1b8cRydq9n%2BG%2B247r9We1fydbMU%2BoHvB35QW1ZWdsxgaUpCZfvtoN7261FYD5oRBva%2F2BUeHPUg%2BsfkOSgxWXjonYXiY6S97y5Kt56b7PV3eoWmubHoi70P0vXUlCl687FjPXTSvRM1jHu8%2FAAm3Z3Zhen%2FI2RqQrxHD8DSvROTYP2dmU%2BmIVMw8X%2BU%2FTGkHkPRMbi5DSUeE4ALXFlF2rt7xdiSbjxl6ZSdkIUnf0KVE7Lw61mkvW8vaDWoXTe6yJVJHQadCmowhuqOkRUHyDdPQZUH4PktKPETWXqygrS3s%2Bq0gRJHr3Rk1OaCxothIuliFLZbi4yL5mJTBkkzobLTCtksIKXGUJ0xtByCOg%2FF9FMeio6HIvPQE0c1HgRB4gtO%2FVab84ZIJIuFH9CkE9DAj1so%2BHSHIfJsCK6H4HYLmd3CuhrCFj%2FCrVVwwoPLCfqiQikJSkdQUoJSEZQ5QdmvdoV2oavuCu0KFpz08KQ3qpHJu9t01%2BRdmZLt7Jg8Ow3OO3NrH%2BvyqEZj5rNWO2yKNmvQKGhG3G80eRixSIp2IuFUBeVOzdbcVBPy4v06MjUh%2F%2FvoFzB6AKcPwNUzoMVLoOUoCX3QtVHU8rGZ7lNR6Hxx7ebNem4gTIUsX0C%2B4W3rY%2FL87ICNG79D8sPzn7DLkz%2Fu%2FQVuK2S2wqfqIUFX3xldMyXZuWZKR75fzXLVU5t0etzrOc3l6a%2FfkxulseLSRTe89xafEtNx%2F33p8hWaCpV2HfnmghJC2mVjuST3L7kbkl0t3NqFwqZFtnL17eVLvcxK55RJx6BqQsijQ3A1IWd%2B2J292xc%2B%2FwzKjmGLCr3ikJwUlDkAz7bgsrl%2FZ07D6rmGZR7KohrZkM1%2FakWg5RxTVsH9C7P5vO3uoGtfBs1vI%2B1V6NsKfV2B6iFccXqUZ%2Fbw%2FM%2BNWYFpb8S09XaYtvrLp%2BE6dVRLGg2fxu1mkCRUJiwKW504EJSGURzGMW0gdxP%2B5le%2F%2FQ0AAP%2F%2FAQAA%2F%2F9FcRD%2FggQAAA%3D%3D
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scVRd9lQx8gW%2Bjko2i0gsXCk5PVXV1VbcBgzGOBCeZkChxI%2Fp%2Bdc9zXtervFfV1TMLGRKULNuF%2B5rTMxmigyi4TZCeQBYDQtrVgA7%2BCYqQlQvpzmDrheLeU%2Bcszj33fbFdHBMfBT26eNlsKq3pUrPu1179MAjO1VZUWgxqg1b8cRydq9n%2BG%2B247r9We1fydbMU%2BoHvB35QW1ZWdsxgaUpCZfvtoN7261FYD5oRBva%2F2BUeHPUg%2BsfkOSgxWXjonYXiY6S97y5Kt56b7PV3eoWmubHoi70P0vXUlCl687FjPXTSvRM1jHu8%2FAAm3Z3Zhen%2FI2RqQrxHD8DSvROTYP2dmU%2BmIVMw8X%2BU%2FTGkHkPRMbi5DSUeE4ALXFlF2rt7xdiSbjxl6ZSdkIUnf0KVE7Lw61mkvW8vaDWoXTe6yJVJHQadCmowhuqOkRUHyDdPQZUH4PktKPETWXqygrS3s%2Bq0gRJHr3Rk1OaCxothIuliFLZbi4yL5mJTBkkzobLTCtksIKXGUJ0xtByCOg%2FF9FMeio6HIvPQE0c1HgRB4gtO%2FVab84ZIJIuFH9CkE9DAj1so%2BHSHIfJsCK6H4HYLmd3CuhrCFj%2FCrVVwwoPLCfqiQikJSkdQUoJSEZQ5QdmvdoV2oavuCu0KFpz08KQ3qpHJu9t01%2BRdmZLt7Jg8Ow3OO3NrH%2BvyqEZj5rNWO2yKNmvQKGhG3G80eRixSIp2IuFUBeVOzdbcVBPy4v06MjUh%2F%2FvoFzB6AKcPwNUzoMVLoOUoCX3QtVHU8rGZ7lNR6Hxx7ebNem4gTIUsX0C%2B4W3rY%2FL87ICNG79D8sPzn7DLkz%2Fu%2FQVuK2S2wqfqIUFX3xldMyXZuWZKR75fzXLVU5t0etzrOc3l6a%2FfkxulseLSRTe89xafEtNx%2F33p8hWaCpV2HfnmghJC2mVjuST3L7kbkl0t3NqFwqZFtnL17eVLvcxK55RJx6BqQsijQ3A1IWd%2B2J292xc%2B%2FwzKjmGLCr3ikJwUlDkAz7bgsrl%2FZ07D6rmGZR7KohrZkM1%2FakWg5RxTVsH9C7P5vO3uoGtfBs1vI%2B1V6NsKfV2B6iFccXqUZ%2Fbw%2FM%2BNWYFpb8S09XaYtvrLp%2BE6dVRLGg2fxu1mkCRUJiwKW504EJSGURzGMW0gdxP%2B5le%2F%2FQ0AAP%2F%2FAQAA%2F%2F9FcRD%2FggQAAA%3D%3D HTTP/1.1
Host: seatsrehearseinitial.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Cookie: u_pl=17334956; uid_id2=fe49cda6-27ea-4298-bcd5-5e1757aef82b:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca6b0b8925d9b3a4154c035c24b4ed97e=[3364848]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 06 Oct 2022 08:46:25 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 510978e13c8bd097239c6bc38d32cd89
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 6dd2ee0a876c107474e076f8ae20478b
aebbc15b368f7a2548ac0830b2d48ad9997e26ad
21a64c03287a69edb25e834922bd87ea90d6ac212f5c2d7a5ddfc653cce2a349
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 04 Oct 2022 16:42:41 GMT
Expires: Tue, 11 Oct 2022 16:42:40 GMT
Etag: "aebbc15b368f7a2548ac0830b2d48ad9997e26ad"
Cache-Control: max-age=459974,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 755d20609cc3b4fa-OSL
click-v4.junmediadirect1.com/click?i=Rtj9tBmuVzs_0
198.134.116.17302 Found 0 B URL HTTP/1.1 click-v4.junmediadirect1.com/click?i=Rtj9tBmuVzs_0
IP 198.134.116.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=Rtj9tBmuVzs_0 HTTP/1.1
Host: click-v4.junmediadirect1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:25 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Set-Cookie: x3328587=1513662782; Domain=.expmdiadi.com
Location: https://filter.explorads.com/filter?q=dolly&i=JwCVq6Y0n10_0&ci=5389431221754927468&t=2093000793&h=11
Pragma: no-cache
xml.revrtb.net/redirect?feed=389295&auth=ANAKRj&pubid=150077
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.revrtb.net/redirect?feed=389295&auth=ANAKRj&pubid=150077
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=389295&auth=ANAKRj&pubid=150077 HTTP/1.1
Host: xml.revrtb.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxperts.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:25 GMT
Content-Length: 0
Connection: keep-alive
Location: https://www.revrtb.com/
notifyoutspoken.com/pixel/purst?dl=0&th=0&sc=0&rs=2377&rd=2377&fd=879&bv=22.8.v.2&tmpl=136
192.243.59.13200 OK 0 B URL HTTP/1.1 notifyoutspoken.com/pixel/purst?dl=0&th=0&sc=0&rs=2377&rd=2377&fd=879&bv=22.8.v.2&tmpl=136
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2377&rd=2377&fd=879&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: notifyoutspoken.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 06 Oct 2022 08:46:25 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
mc.yandex.ru/watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FWTFmbUFGTUFNcStkYkFuV3lJY2F3Zz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A1010956966%3Az%3A0%3Ai%3A20221006084625%3Aet%3A1665045986%3Arn%3A771604107%3Arqn%3A4%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C130%2C1%2C%2C%2C%2C3071%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045986%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29re%281%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
87.250.250.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FWTFmbUFGTUFNcStkYkFuV3lJY2F3Zz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A1010956966%3Az%3A0%3Ai%3A20221006084625%3Aet%3A1665045986%3Arn%3A771604107%3Arqn%3A4%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C130%2C1%2C%2C%2C%2C3071%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045986%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29re%281%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash bc6da7f11178903ded8611cd8fcdd5de
d06f57327ce065379175759a7a070182cafff07d
3fc905ceea6ac0e91ce7842179b999dc314bb7147fc7d0cd5c15ac419284e1c1
GET /watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FWTFmbUFGTUFNcStkYkFuV3lJY2F3Zz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A1010956966%3Az%3A0%3Ai%3A20221006084625%3Aet%3A1665045986%3Arn%3A771604107%3Arqn%3A4%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C130%2C1%2C%2C%2C%2C3071%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045986%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29re%281%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Referer: https://hqq.to/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Thu, 06 Oct 2022 08:46:25 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://hqq.to
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:25 GMT
last-modified: Thu, 06-Oct-2022 08:46:25 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 2.0 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash ab0b69ecc457884953c27bd662d24ac9
2a0567e51c3d47adc896d9a90dad918a8a8f9edb
ae35911037bbc5b9350dc97ea5cd8cee73b221d2d7e9835f2da554704ff53297
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:25 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 10 Oct 2022 06:39:01 GMT
ETag: "461bb6c1caf3311f193cb3d594e21492f32f81f5"
Last-Modified: Thu, 06 Oct 2022 06:39:02 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2110
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755d20645f36b4f3-OSL
www.revrtb.com/
104.21.44.209200 OK 4.4 kB IP 104.21.44.209:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (302)
Hash a51e8eed910fd61162dcd8e3eaba0378
5766f18f4ed1679f534871aae1232cc7def8fb68
3a2f032c4668450d337a38bc8f089013fd81443cf90d15502161b71c69434add
GET / HTTP/1.1
Host: www.revrtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxperts.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:25 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BNQtgq17kN5a1IhF2Yr2kLHIvEDBBcNWTB9EnhPGpcyNuMepXcRq6BnOdADVirdoN4XrPs%2Fnn16iBl%2ByGS0pfpajEnhSLnkLDx614HK7DFMkHR1TguOkyVr5Ml5LDpIweQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20638cc40af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
j4ts2dv6exjs.s4.adsco.re/
185.200.116.90200 OK 0 B URL HTTP/1.1 j4ts2dv6exjs.s4.adsco.re/
IP 185.200.116.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: j4ts2dv6exjs.s4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://culoscolegiales.blogspot.com
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:25 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 7e5272e48f101bbd6e6761bc2cf93af1
94a5bf3ab80ebb0c7803855098f257bd6d83c771
96eff1bebdfbca239ac918290229f0f93b72aa3d6b8ac03dd63500a384206896
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:26 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 02 Oct 2022 23:22:15 GMT
Expires: Sun, 09 Oct 2022 23:22:14 GMT
Etag: "94a5bf3ab80ebb0c7803855098f257bd6d83c771"
Cache-Control: max-age=311147,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 755d2064faabb4f7-OSL
filter.explorads.com/filter?q=dolly&i=JwCVq6Y0n10_0&ci=5389431221754927468&t=2093000793&h=11
198.134.116.30200 OK 5.4 kB URL HTTP/1.1 filter.explorads.com/filter?q=dolly&i=JwCVq6Y0n10_0&ci=5389431221754927468&t=2093000793&h=11
IP 198.134.116.30:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (534)
Hash e186032cac05c0a4a441caed717a84a5
d4f8f78680852fcfe4dab8c8db9e63b215fad152
53fe154ca3d137901e4041dd883d01a35172d3fd367b78be8841135283354103
GET /filter?q=dolly&i=JwCVq6Y0n10_0&ci=5389431221754927468&t=2093000793&h=11 HTTP/1.1
Host: filter.explorads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 5385
Connection: keep-alive
Cache-Control: no-store
Age: 0
Set-Cookie: c-398672133=-1513662782
x3328587=1513662782; Domain=.explorads.com
Pragma: no-cache
woodbeesdainty.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
192.243.59.20200 OK 29 kB URL HTTP/1.1 woodbeesdainty.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 4234235782e61a420d503b4ff9bccd15
efb800449f434c173ab883da10755691b444c657
ab2a1c1ef62d56b84bbebf3cd41d1fa7ffdf6e91d171f4b2b813b10d61d9b579
Analyzer Verdict Alert quad9 Sinkholed
GET /0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js HTTP/1.1
Host: woodbeesdainty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 06 Oct 2022 08:46:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 58c3a6e44b8dbaa238281f19cf48d05c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
xml.popmonetizer.com/redirect?feed=453690&auth=51bnE2&pubid=150133
174.137.133.18302 Found 0 B URL HTTP/1.1 xml.popmonetizer.com/redirect?feed=453690&auth=51bnE2&pubid=150133
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=453690&auth=51bnE2&pubid=150133 HTTP/1.1
Host: xml.popmonetizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxperts.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://news24.media/?s&country=no
Pragma: no-cache
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4bd610954d1cad0675c2010a63e9c018
bd7e8708e02d74c5d7534a48221c9314530917f6
3b51bf349c5fc0841b5ee253093aa1dfabb8271f84bbb0eee07836dec331c1cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B51BF349C5FC0841B5EE253093AA1DFABB8271F84BBB0EEE07836DEC331C1CD"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3563
Expires: Thu, 06 Oct 2022 09:45:49 GMT
Date: Thu, 06 Oct 2022 08:46:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4bd610954d1cad0675c2010a63e9c018
bd7e8708e02d74c5d7534a48221c9314530917f6
3b51bf349c5fc0841b5ee253093aa1dfabb8271f84bbb0eee07836dec331c1cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B51BF349C5FC0841B5EE253093AA1DFABB8271F84BBB0EEE07836DEC331C1CD"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3563
Expires: Thu, 06 Oct 2022 09:45:49 GMT
Date: Thu, 06 Oct 2022 08:46:26 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 42fca9b641d006ec53362c0d9db20c79
3275b162e70c80ca39fb3016d899bf393f12177c
d64c30c52c0aefc513cc503aa1a4ec001a4b865a3844f1c557a8c0e298842092
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:26 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 10 Oct 2022 05:55:58 GMT
ETag: "3275b162e70c80ca39fb3016d899bf393f12177c"
Last-Modified: Thu, 06 Oct 2022 05:55:59 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2977
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755d2067eb3fb4f3-OSL
notifyoutspoken.com/pixel/purst?dl=0&th=0&sc=0&rs=4035&rd=4035&fd=850&bv=22.8.v.2&tmpl=136
192.243.59.13200 OK 0 B URL HTTP/1.1 notifyoutspoken.com/pixel/purst?dl=0&th=0&sc=0&rs=4035&rd=4035&fd=850&bv=22.8.v.2&tmpl=136
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=4035&rd=4035&fd=850&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: notifyoutspoken.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 06 Oct 2022 08:46:26 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
unseenreport.com/pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 06 Oct 2022 08:46:26 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 07c1e58ca21c8d1334818dc987f9ad28
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 06 Oct 2022 08:46:26 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 69f6f2af550879b3b122cab451f3ea32
Strict-Transport-Security: max-age=0; includeSubdomains
alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
192.243.61.225200 OK 11 kB URL HTTP/1.1 alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (32129), with no line terminators
Hash 91ffdb662616c1a006d1cc718c8ac7b9
48def1aa92c9afe4b75c0a7b3b12e8adfa7121e3
713049589194c67a2a4e7e70a8ed0936919f37ff9835ae018ab2e391bd594578
Analyzer Verdict Alert quad9 Sinkholed
GET /a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js HTTP/1.1
Host: alleviatepracticableaddicted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Thu, 06 Oct 2022 08:46:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 318146bb26f226cd37afa801c06f84e3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
click-v4.expmdiadi.com/click2?i=JwCVq6Y0n10_0&ci=5389431221754927468&j=rv%3Db%26ss%3D1280x1024%26ws%3D1920x1080%26wp%3D0x0%26ce%3D0%26ck%3Djc%26cv%3D1459%26cs%3D0%26fr%3D1%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D1%26rf%3D%26lo%3Dfilter.explorads.com%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28X11%253B%2BLinux%2Bx86_64%253B%2Brv%253A96.0%29%2BGecko%252F20100101%2BFirefox%252F96.0%26nd%3D2%26to%3Dnull
198.134.116.17302 Found 0 B URL HTTP/1.1 click-v4.expmdiadi.com/click2?i=JwCVq6Y0n10_0&ci=5389431221754927468&j=rv%3Db%26ss%3D1280x1024%26ws%3D1920x1080%26wp%3D0x0%26ce%3D0%26ck%3Djc%26cv%3D1459%26cs%3D0%26fr%3D1%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D1%26rf%3D%26lo%3Dfilter.explorads.com%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28X11%253B%2BLinux%2Bx86_64%253B%2Brv%253A96.0%29%2BGecko%252F20100101%2BFirefox%252F96.0%26nd%3D2%26to%3Dnull
IP 198.134.116.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click2?i=JwCVq6Y0n10_0&ci=5389431221754927468&j=rv%3Db%26ss%3D1280x1024%26ws%3D1920x1080%26wp%3D0x0%26ce%3D0%26ck%3Djc%26cv%3D1459%26cs%3D0%26fr%3D1%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D1%26rf%3D%26lo%3Dfilter.explorads.com%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28X11%253B%2BLinux%2Bx86_64%253B%2Brv%253A96.0%29%2BGecko%252F20100101%2BFirefox%252F96.0%26nd%3D2%26to%3Dnull HTTP/1.1
Host: click-v4.expmdiadi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://filter.explorads.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://t4.goldensevenseas.net/l.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&s=459974_472160&pid=JwCVq6Y0n10_0
Pragma: no-cache
news24.media/?s&country=no
104.21.87.38307 Temporary Redirect 2.1 kB URL HTTP/2 news24.media/?s&country=no
IP 104.21.87.38:0
Hash 85152603384fb03bd67e96856b1a9549
78dc1edcc83c42d9b1753886ccaae6a2707fce9e
510bbd206f7c714f92b2bb136e691d4d4739163643f79681a65147deea8f1272
GET /?s&country=no HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxperts.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Thu, 06 Oct 2022 08:46:26 GMT
content-type: text/html
location: https://news24.media/?country=no&s&__r=1.4dc364d74f41c6a33256ea086946f8a1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SChMuuW9WPAaYQH3Wd5ivddNibkezIQHeY8uafruMtJEDqitEbLdbiGFeNGErhgFJCBO%2B%2BU08e3famIAfw6w8ydMjcb4AC7HD2hLUJDgabniTlU90%2Bl48%2B9WpG4dhWM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20676bc40b51-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ajfnee.com/p/waWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsInNyYyI6Mn0=eyJ.js
104.21.32.174200 OK 71 kB URL HTTP/2 ajfnee.com/p/waWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsInNyYyI6Mn0=eyJ.js
IP 104.21.32.174:0
File type ASCII text, with very long lines (65371)
Hash b09e8372268b941e77261705e612ee6b
5fe674771248269350a1a97f0f86a246a5217655
4019b9ef0a570a83e35fa93af7aa7b575ce16a13484a817c77a6a6044b1a9f92
GET /p/waWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsInNyYyI6Mn0=eyJ.js HTTP/1.1
Host: ajfnee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:26 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://news24.media
e-tag: e01998f93cb3ba2384f64a5b5090ac47
cache-control: max-age=14400
cf-cache-status: HIT
age: 7027
last-modified: Thu, 06 Oct 2022 06:49:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2F0wV4gGyjIQ9fOSNKQY5pK0MyWTEMjbvcb9w3fzl02ZIpU1%2F6tdpsZf16ytuN973Xzq2vKNWZUpT1hSvntKJ1P7qfFHd2EISd0VKGp0SFxLpMnpvbc2Msr2iKtP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2069af1d1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
174.137.133.17200 OK 0 B URL HTTP/1.1 xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=457657&auth=p12tC3&pubid=152420 HTTP/1.1
Host: xml.poprtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aa57afff10f5f2fae269852c025c82cf
5b4bebae8a171ff3b37d319ee94eaf6e6245efea
f0566da870e39ec64855d7c72c3e12810c46263e1c48c0bb393930c77dbbcc90
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F0566DA870E39EC64855D7C72C3E12810C46263E1C48C0BB393930C77DBBCC90"
Last-Modified: Wed, 05 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13887
Expires: Thu, 06 Oct 2022 12:37:54 GMT
Date: Thu, 06 Oct 2022 08:46:27 GMT
Connection: keep-alive
xml.revrtb.net/redirect?feed=389295&auth=ANAKRj&pubid=150077
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.revrtb.net/redirect?feed=389295&auth=ANAKRj&pubid=150077
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=389295&auth=ANAKRj&pubid=150077 HTTP/1.1
Host: xml.revrtb.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxperts.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:26 GMT
Content-Length: 0
Connection: keep-alive
Location: https://www.revrtb.com/
testingmetriksbre.ru/netu.php
104.26.1.119200 OK 11 kB URL HTTP/2 testingmetriksbre.ru/netu.php
IP 104.26.1.119:0
File type ASCII text, with very long lines (32068)
Hash bd0966c5d6a3e7596253b73edb61d486
97f511cf409677e0642f4652b1fe0ea8739e3a55
e0f41bbce3966419e03603ce716760a48086e9daef5f2c273c0c2280a8d8d1f9
GET /netu.php HTTP/1.1
Host: testingmetriksbre.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:26 GMT
content-type: application/javascript
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rmDTGiJmRk2UA9jIfgAgvGWxiG6QccCzUGdO0XV5DS1GarMuBkVmUEiO60IvZ8JZQm%2FTQmkgix8VbtjVMun%2BtO3XiHuItro6EzuCTU4xsgyHxqpKR7g7ewIvevK0uLKh2kasxk0T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2067decf0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:36:49 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 207422639
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=83000255
190.115.19.71200 OK 30 kB URL HTTP/2 hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=83000255
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash e5677b098da6ae865ef9a52f5a2f9c3e
9a014693ffcff12ffe1613732f22cce12657679b
b46477eb758b95f1bfda37844efdcd5e637a079b41f8b2ff2f9cd98b4aee300b
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=83000255 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/RVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09
Cookie: uid=1g20I_goZPb*FjkfMigtxFUZ4sJ4*o9I; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c5d4e1be-b68b-474d-b977-bb38db1f4529%3A2%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=2; pbpr0tpuw4isk85t8yg3jb2lj5vqf=seatsrehearseinitial.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=hLEgDVwnKTh1nxDbJgnb; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:26 GMT
date: Thu, 06 Oct 2022 08:46:26 GMT
content-type: application/json
access-control-allow-origin: *
x-inferno-location: banner
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
woodbeesdainty.com/pixel/purst?dl=0&th=0&sc=0&rs=4701&rd=4701&fd=237&bv=22.8.v.2&tmpl=136
192.243.59.20200 OK 294 B URL HTTP/1.1 woodbeesdainty.com/pixel/purst?dl=0&th=0&sc=0&rs=4701&rd=4701&fd=237&bv=22.8.v.2&tmpl=136
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 038f738e0e0d31c62789ba53006041f6
440ec4b858992a7fcae83a063b2ba03c31c9a424
6f731759b3b3cde4307686c54f4bdc3412ce4b65b8129764dba8a1755096a1dd
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=4701&rd=4701&fd=237&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: woodbeesdainty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 06 Oct 2022 08:46:27 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=0&if=1&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv
185.162.85.14200 OK 843 B URL HTTP/2 kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=0&if=1&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv
IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
Hash 81ff3d1a94897b4dd3d4e566eaa5ddf5
b664fc004bb6a95908f5784d92120041bd686783
79257f8e0a765cd91f5f417343d80a33f6dffe0bf468e09f7a37b1d358d148c1
GET /cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=0&if=1&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv HTTP/1.1
Host: kiynew.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 06 Oct 2022 08:46:27 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
www.good-trading.com/index.php?good-n
104.21.27.74200 OK 16 kB URL HTTP/2 www.good-trading.com/index.php?good-n
IP 104.21.27.74:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2103), with CRLF line terminators
Hash 5e7313520d4632118eb5e5f843e58688
00ed1a69eb1ef2544a2bcd7cfa1f59c4f16c218e
a3d497e0b5b407649164d4c444c9045bc4054f6a23290a010bc644f6b4170f3e
Analyzer Verdict Alert fortinet Phishing
GET /index.php?good-n HTTP/1.1
Host: www.good-trading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:26 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3
expires: Sun, 01 Jan 2014 00:00:00 GMT
pragma: no-cache
cache-control: no-cache, must-revalidate
referrer-policy: origin
set-cookie: goodtrading=1; expires=Fri, 07-Oct-2022 08:46:26 GMT; Max-Age=86400; path=/; domain=.good-trading.com; secure; SameSite=None
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c6E2VP0QAXKN7Aa4ZZwRjhjhWePFwtzF8wh8nyz%2FtKLfb3D07vXRlnkix5GH%2FdTDg%2BqXaXbzDZNzlxix9PnsRIR9RURtuK68BC%2Bef1Y3goKINHNbyHTUQTv7RzPb9pjXs1cAEoM3kw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20698e7fb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 862 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9f240b145645515de628bd5835e84871
5c077b6889b1e09b2627b6814e9267f2348423f2
33b7060cdc13fa96adcb617ba06342d64d041ac8c41db394deca5c9de188c485
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "585D29B8C316EDBC624934B88AF9C273A815C89A7BFCA014175FC9BCB991A2A2"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5884
Expires: Thu, 06 Oct 2022 10:24:31 GMT
Date: Thu, 06 Oct 2022 08:46:27 GMT
Connection: keep-alive
s4.histats.com/stats/0.php?4580204&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m&@n0&@ohttps%3A%2F%2Fpopxperts.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:86853994&@b3:1665045987&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fnews24.media%2F%3Fcountry%3Dno%26s&@w
192.99.8.34200 OK 53 B URL HTTP/1.1 s4.histats.com/stats/0.php?4580204&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m&@n0&@ohttps%3A%2F%2Fpopxperts.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:86853994&@b3:1665045987&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fnews24.media%2F%3Fcountry%3Dno%26s&@w
IP 192.99.8.34:0
File type ASCII text, with no line terminators
Hash 519fa9d401ef314bf6bc97e6e94c57c6
fd90317e3474c618b001e3ede31a8722627e3d38
e47f6430a3a73d858dedd37d9d848e71ecebbae42104e59b68fca3fd304212a0
GET /stats/0.php?4580204&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m&@n0&@ohttps%3A%2F%2Fpopxperts.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:86853994&@b3:1665045987&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fnews24.media%2F%3Fcountry%3Dno%26s&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:27 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 53
Connection: close
popxperts.com/w3ar3w1n
172.67.145.76200 OK 45 kB IP 172.67.145.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 53c28755af5de9a256d574e449a20378
f73d97744318c4b813c92c12777a8a33561a213e
ca403bb7068a9a7d5fcc7fbeb0ea529a9b84be34e52b8e53e6f34d384f9585eb
GET /w3ar3w1n HTTP/1.1
Host: popxperts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:24 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fqa%2Bv3Jp3BpDcSuoBm1yuqKF4p3JSMDssotMYoBtjl0UJjAPWVsG2t2KyASLlYF0Amveuvum1JOePT5amN2ybuJhe1RK6HO2pyqMvY3vqfAJ%2BAwHrHlb6rVQ23%2FswYO%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d205a9fd71c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 341072f5b69fb6aec42cf44a15c37727
2c72a34417ae0b96fce8b0878c7c2b398ba83a77
ab9f704a06f85c18d59fb825a975ab770e01eeaa2a83559d4e5d6916bd2bba41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AB9F704A06F85C18D59FB825A975AB770E01EEAA2A83559D4E5D6916BD2BBA41"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17072
Expires: Thu, 06 Oct 2022 13:30:59 GMT
Date: Thu, 06 Oct 2022 08:46:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 341072f5b69fb6aec42cf44a15c37727
2c72a34417ae0b96fce8b0878c7c2b398ba83a77
ab9f704a06f85c18d59fb825a975ab770e01eeaa2a83559d4e5d6916bd2bba41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AB9F704A06F85C18D59FB825A975AB770E01EEAA2A83559D4E5D6916BD2BBA41"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17072
Expires: Thu, 06 Oct 2022 13:30:59 GMT
Date: Thu, 06 Oct 2022 08:46:27 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 82604e4e5c75a2a61c78d2309118b616
fafc0350fe411524623d76a5fe80a200490ac000
51393b5a0219061fbd30eebd42eaff0a3b56c4f8701f4d81a087839d55fe0036
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2022 15:12:53 GMT
Expires: Wed, 12 Oct 2022 15:12:52 GMT
Etag: "fafc0350fe411524623d76a5fe80a200490ac000"
Cache-Control: max-age=540983,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 755d2071bff7b4fa-OSL
syndication.realsrv.com/splash.php?idzone=3981938
95.211.229.247200 OK 2.6 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=3981938
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1550)
Hash 8e7441a291718d348dc8f28e16323680
a547e31eec9c4fc514c51970d686f0fd30f4313e
f301933a983fc5e37986281a6f15b79cac65bb6d3f48f33505c0a69f00609ad1
GET /splash.php?idzone=3981938 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633e95e42d07b7.280027871658391749%22%3B%7D; expires=Sat, 05 Oct 2024 08:46:28 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C3981938%7C75947208%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cgood-trading.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Fri, 07 Oct 2022 08:46:28 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://www.good-trading.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
unseenreport.com/pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 65be3de8ae5da71c57160f7a0a8d8fef
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f0f93ca3f8c4bc1811b877d8a739a3b2
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ffc46e54875bf9ecc5dc8b3ce5ccbd46
26a66b019ff463c29d44c83e6dfb7979e1a419af
fdbbd8b58dce8cc10f91e815436706c828808732585b3640e9cce27ed579cd92
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FDBBD8B58DCE8CC10F91E815436706C828808732585B3640E9CCE27ED579CD92"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13024
Expires: Thu, 06 Oct 2022 12:23:32 GMT
Date: Thu, 06 Oct 2022 08:46:28 GMT
Connection: keep-alive
api.codetabs.com/v1/proxy/?quest=http://audience.xml.ppcmate.com/?pubid=746528&subid=time&feedid=a2191&req=bitcoin&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&ref=https://www.bitcoin.com&num=10&iab_category=5
104.21.2.232200 OK 0 B URL HTTP/2 api.codetabs.com/v1/proxy/?quest=http://audience.xml.ppcmate.com/?pubid=746528&subid=time&feedid=a2191&req=bitcoin&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&ref=https://www.bitcoin.com&num=10&iab_category=5
IP 104.21.2.232:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/proxy/?quest=http://audience.xml.ppcmate.com/?pubid=746528&subid=time&feedid=a2191&req=bitcoin&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&ref=https://www.bitcoin.com&num=10&iab_category=5 HTTP/1.1
Host: api.codetabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-length: 0
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UQWuFo5Rxizw6GVSJ5bZNS5WcrTOQpD2FKx8I7h7YH2WaIGPOeNrF3OQBiYrrwAdBRWFhOQd8o9QNBoxm%2FO8oyLicvnmq%2FFn%2FTJNFwCFyTvY4cgXf2fyvWVEyfZPfgsqGLkf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071dcad0b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
redirect3.online/flurryad.html
104.21.39.111200 OK 1.6 kB URL HTTP/2 redirect3.online/flurryad.html
IP 104.21.39.111:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 740c4957212ec936d4738a41edf62e1c
5c99741f1a0dfe69ab34e9433eb284b792105673
a9ddd90f0eb5719c9962f96a61913d3cd745ed58e8d3b695399097c36e05f283
GET /flurryad.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2252
last-modified: Thu, 06 Oct 2022 08:08:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2FaNEK65%2FwEd%2B47X37bb55iOABpsUelKuMLqhiZKS6ncTCBWA7y812BMH%2BxujQYh4hnL%2BgqIOqwp%2BxXfCtbv64pp0Mtc3jcs%2Fl%2BSXDgR%2BLCQmBATC3k3CPReoDMQHO1Dlkrj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071ca95b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/js/video.counters.2.js?117
190.115.19.71200 OK 484 B URL HTTP/2 hqq.to/js/video.counters.2.js?117
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash c2c1cc7ec47758ab1257a45b16234b61
1012db47f0faa9ef9eea3e8b4621ba85452b9a9c
1f1c31f6cbc8fbf20bbe8f68cd49f7fe1bd504abb901d834ab53e52487080eb9
GET /js/video.counters.2.js?117 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/NFdaMGxSdE5DNTJHSzVublgyZzFVQT09
Cookie: uid=1g20I_goZPb*FjkfMigtxFUZ4sJ4*o9I; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c5d4e1be-b68b-474d-b977-bb38db1f4529%3A2%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=2; pbpr0tpuw4isk85t8yg3jb2lj5vqf=seatsrehearseinitial.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=JjWA6fuAlsDhtiI4qdpO; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:28 GMT
date: Thu, 06 Oct 2022 08:46:27 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 06 Feb 2022 19:35:56 GMT
etag: W/"6200231c-2b8"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
counter.yadro.ru/hit?rhttps%3A//culoscolegiales.blogspot.com/;s1280*1024*24;uhttps%3A//hqq.to/e/RVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09;0.8408530915375309
88.212.202.52200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit?rhttps%3A//culoscolegiales.blogspot.com/;s1280*1024*24;uhttps%3A//hqq.to/e/RVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09;0.8408530915375309
IP 88.212.202.52:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit?rhttps%3A//culoscolegiales.blogspot.com/;s1280*1024*24;uhttps%3A//hqq.to/e/RVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09;0.8408530915375309 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Tue, 05 Oct 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
api.codetabs.com/v1/proxy/?quest=http://audience.xml.ppcmate.com/?pubid=746528&subid=time&feedid=a1638&req=bitcoin&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&ref=https://www.bitcoin.com&num=10&iab_category=58
104.21.2.232200 OK 0 B URL HTTP/2 api.codetabs.com/v1/proxy/?quest=http://audience.xml.ppcmate.com/?pubid=746528&subid=time&feedid=a1638&req=bitcoin&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&ref=https://www.bitcoin.com&num=10&iab_category=58
IP 104.21.2.232:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/proxy/?quest=http://audience.xml.ppcmate.com/?pubid=746528&subid=time&feedid=a1638&req=bitcoin&useragent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0&ip=91.90.42.154&ref=https://www.bitcoin.com&num=10&iab_category=58 HTTP/1.1
Host: api.codetabs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-length: 0
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L1Sl9sUkl3cZHLiGD%2BnOVZV%2BfocqrQHSRQ%2FBwxIZ9RdHSkm1UNfl64WCMoebbaFhMCgQLw7bzcmWVEu%2FstcJaVnsSS%2BVi%2BgTkJqgB%2B7EScVctudU2a9CjiMyoMPiMUYMO0U7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071dcac0b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=59380444
190.115.19.71200 OK 44 B URL HTTP/2 hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=59380444
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type JSON data\012- , ASCII text, with no line terminators
Hash 4872e7b72f3063ac1a0e58e211490071
bfdb9e1471d7265abe765cddf04150c9f908d5fa
a3975e3bc164812565b44b5c9bb6eb37eaacf3ff33d02a131aa39902e715a686
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=59380444 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/cE53anNaYVJxVFlNNG5JK25ZNjhsdz09
Cookie: uid=1g20I_goZPb*FjkfMigtxFUZ4sJ4*o9I; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c5d4e1be-b68b-474d-b977-bb38db1f4529%3A2%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=2; pbpr0tpuw4isk85t8yg3jb2lj5vqf=seatsrehearseinitial.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=TKhr8Otiq1zvKpnkhqFI; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:27 GMT
date: Thu, 06 Oct 2022 08:46:27 GMT
content-type: application/json
access-control-allow-origin: *
x-inferno-location: banner
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 1b349fbd86ee5f0dc26e0dbeb8f1c673
6fbdd8d8ab0e09c4290423b636dbbbbbfe5628ab
d1ee2e7056518523a683ebb0012923daac69ae77ec7b0a10c045118d9128bd57
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 10 Oct 2022 06:24:15 GMT
ETag: "6fbdd8d8ab0e09c4290423b636dbbbbbfe5628ab"
Last-Modified: Thu, 06 Oct 2022 06:24:16 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755d2074bb41b4f3-OSL
xml.ctrtraffic.com/redirect?feed=441588&auth=6H5Hgo&subid=adult&query=adult&url=adult.com
198.134.116.18200 OK 3.9 kB URL HTTP/1.1 xml.ctrtraffic.com/redirect?feed=441588&auth=6H5Hgo&subid=adult&query=adult&url=adult.com
IP 198.134.116.18:0
ASN #27257 WEBAIR-INTERNET
Hash 6d06e72311db08211a412259d2cb0aa7
af1577de38216d7cf999e8e90c16d066e68bb751
fa67e093153df062b75bfa88495f0b1ac8592d3c7000bde0d5f6b311a7c72cd8
GET /redirect?feed=441588&auth=6H5Hgo&subid=adult&query=adult&url=adult.com HTTP/1.1
Host: xml.ctrtraffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
mc.yandex.ru/watch/54046198/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A216640334%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C3262%2C3262%2C6%2C597%3Aeu%3A1%3Ans%3A1665045982361%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
87.250.250.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/54046198/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A216640334%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C3262%2C3262%2C6%2C597%3Aeu%3A1%3Ans%3A1665045982361%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 5b86dbb4544bc55149d6ed31982a6f46
f5f548104d22780e847c2da68a2c0f063a044df6
11d380436246a9538ab3a56fe7e611f383b963623a9f6fb4c8e2bb244e4bdc13
GET /watch/54046198/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A216640334%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C3262%2C3262%2C6%2C597%3Aeu%3A1%3Ans%3A1665045982361%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Referer: https://hqq.to/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Thu, 06 Oct 2022 08:46:28 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://hqq.to
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:28 GMT
last-modified: Thu, 06-Oct-2022 08:46:28 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
thenetwork18.net/direct.php
172.67.191.234200 OK 1.6 kB URL HTTP/2 thenetwork18.net/direct.php
IP 172.67.191.234:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0746200bcaeda2241dd71aee25e85035
fecfbec5a477aa2b724f20870d1fdf8dc3e7cd64
4e2482cc32c02f2ae8c03bd36a6a1ebe542fe4ae34879991ac0e9921f661ccf8
GET /direct.php HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3
referrer-policy: no-referrer
vary: Accept-Encoding
x-iplb-request-id: A29EDEF0:C614_D5BA2113:0050_633E95E3_821C:A744
x-iplb-instance: 30850
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=puUPiN8ui%2FwAyL9FBpeJuruCn2Tl2j3Rna6vQCzcWJj4OoydbVeBDNd9B7cxoUiURwddmcVopkZIv8BD8wrsosYGokB3JyHjbXLzJvRJWP46yOpKusrzPlkUfVYVrbwvr8ZB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20704e06fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.thenetwork18.com/redirect?feed=417207&auth=WBnpsR&subid=main&query=main&url=main.com
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.thenetwork18.com/redirect?feed=417207&auth=WBnpsR&subid=main&query=main&url=main.com
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=417207&auth=WBnpsR&subid=main&query=main&url=main.com HTTP/1.1
Host: xml.thenetwork18.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Length: 0
Connection: keep-alive
Location: http://mediacpm.pl/v.php?user=13428
click.mediacpc.com/redirect?feed=441599&auth=8VxsIi&subid=mediaadult&query=adult&url=mediaadult.com
174.137.133.18200 OK 0 B URL HTTP/1.1 click.mediacpc.com/redirect?feed=441599&auth=8VxsIi&subid=mediaadult&query=adult&url=mediaadult.com
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441599&auth=8VxsIi&subid=mediaadult&query=adult&url=mediaadult.com HTTP/1.1
Host: click.mediacpc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.ctrtraffic.com/redirect?feed=441587&auth=S50kJu&subid=popm&query=popm&url=popm.com
198.134.116.18200 OK 0 B URL HTTP/1.1 xml.ctrtraffic.com/redirect?feed=441587&auth=S50kJu&subid=popm&query=popm&url=popm.com
IP 198.134.116.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441587&auth=S50kJu&subid=popm&query=popm&url=popm.com HTTP/1.1
Host: xml.ctrtraffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
mc.yandex.ru/watch/54046198/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A179726018%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C4318%2C4319%2C6%2C603%3Aeu%3A1%3Ans%3A1665045982360%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29re%281%29aw%281%29rqnt%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
87.250.250.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/54046198/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A179726018%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C4318%2C4319%2C6%2C603%3Aeu%3A1%3Ans%3A1665045982360%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29re%281%29aw%281%29rqnt%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 311c8b2dd6b0f15e2eaf7bab8515df00
c61229dd25799309095bb1f23bed0d9495c9a143
b7e10797c05856a7426136f6a2b75e5c137f33fd6d139435a7bf835f218177dc
GET /watch/54046198/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A179726018%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C4318%2C4319%2C6%2C603%3Aeu%3A1%3Ans%3A1665045982360%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29re%281%29aw%281%29rqnt%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Referer: https://hqq.to/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Thu, 06 Oct 2022 08:46:28 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://hqq.to
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:28 GMT
last-modified: Thu, 06-Oct-2022 08:46:28 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
q.xmlrtb.com/r?fid=k2mHN2AHw88
172.64.101.31302 Found 1.4 kB URL HTTP/2 q.xmlrtb.com/r?fid=k2mHN2AHw88
IP 172.64.101.31:0
Hash 4f31bee39533cd3bd967a2e6604be335
200f52198af7786970917d1177652083e75ce8e2
539fd17dba84e57780ea77f12d0fb1149f20b78b1d85d943a71a4a3b205bac9d
GET /r?fid=k2mHN2AHw88 HTTP/1.1
Host: q.xmlrtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 06 Oct 2022 08:46:24 GMT
location: https://popxperts.com/w3ar3w1n
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AwZnFJxFY8wqZt94OSoISwo%2B49qG9%2BLpA975odkOqsQmatmg8CGCCirlCiSvT3ZQRx401rWkQ1qJ0siI7jVOOGhen7GpMhwHYlZOE19c%2BLHb9i0KKFABNdrjO2InL5I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2058999d75e3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.ad-good.com/infinitym.html?1
188.114.96.1200 OK 684 B URL HTTP/2 www.ad-good.com/infinitym.html?1
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash e5f2723e939b1afacb6d5f4289fc99e6
d870fff923b38d2db8937a7014ce5266c9c21bec
b3622bc5bbb45f2af43f5e9f352054d0f393e811ed2f54a56f36b6ac3bed4a82
GET /infinitym.html?1 HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 693
last-modified: Thu, 06 Oct 2022 08:34:55 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tu2n9rktvIjz1EapVZkMhdw4kKAPAHtf5YDPbecJD%2FswNPu4EOUiXzw3mx7oniTvjliiJZExxLOqP1fLtOQpNdiJMlhGPjVX9e%2F7SkrZNpbO2LlERR8G7eATw3rWKi4mJKs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071fa36fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 4f31bee39533cd3bd967a2e6604be335
200f52198af7786970917d1177652083e75ce8e2
539fd17dba84e57780ea77f12d0fb1149f20b78b1d85d943a71a4a3b205bac9d
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 10 Oct 2022 06:15:05 GMT
ETag: "200f52198af7786970917d1177652083e75ce8e2"
Last-Modified: Thu, 06 Oct 2022 06:15:06 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755d20765d89b4f3-OSL
click.mediacpc.com/redirect?feed=441597&auth=K62AKr&subid=mediamain&query=main&url=media.com
174.137.133.18302 Found 0 B URL HTTP/1.1 click.mediacpc.com/redirect?feed=441597&auth=K62AKr&subid=mediamain&query=main&url=media.com
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441597&auth=K62AKr&subid=mediamain&query=main&url=media.com HTTP/1.1
Host: click.mediacpc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cadrctlnk.com/in/p/?spot_id=75615&cat=25&sub_id=88
Pragma: no-cache
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e7285bc2e0bbbd74b112442ad8fc9400
f46e2e9d7d9c8769d8506e41444a47c5f9e6694d
f56b336d377249fb7cc5476b5538f335029343cad0471b101c50aeca8768dbe7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F56B336D377249FB7CC5476B5538F335029343CAD0471B101C50AECA8768DBE7"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7071
Expires: Thu, 06 Oct 2022 10:44:19 GMT
Date: Thu, 06 Oct 2022 08:46:28 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash c602121b6735a463b82c3385861bc48b
570fa365c884a3db01d6b5cfacfd71c274727a10
8e888170113748cefa31d5df5cfc95dc9e1901153646d546406f87e2566b185c
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 10 Oct 2022 06:06:40 GMT
ETag: "570fa365c884a3db01d6b5cfacfd71c274727a10"
Last-Modified: Thu, 06 Oct 2022 06:06:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3284
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755d2076bf1e0b06-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash c602121b6735a463b82c3385861bc48b
570fa365c884a3db01d6b5cfacfd71c274727a10
8e888170113748cefa31d5df5cfc95dc9e1901153646d546406f87e2566b185c
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 10 Oct 2022 06:06:40 GMT
ETag: "570fa365c884a3db01d6b5cfacfd71c274727a10"
Last-Modified: Thu, 06 Oct 2022 06:06:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3284
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755d2076ddf9b4f3-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a1de5f6b346b2d10028942b8e322cca4
93cf9e2544479a0b8e7295787e51ccb6031c1a0a
a088d4ca9238a4e6c3bc414b1fc1e47ea4d36d3b916db1035f89e14f11aec860
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A088D4CA9238A4E6C3BC414B1FC1E47EA4D36D3B916DB1035F89E14F11AEC860"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13290
Expires: Thu, 06 Oct 2022 12:27:58 GMT
Date: Thu, 06 Oct 2022 08:46:28 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 6897d7a5f4763978f4db3c1210c0d576
25a8da7df33f18428b71cb4c37b9f24ba64cabf7
110528567ccab0a68ff954c89750544e87b74f1dd4c10a4ec54962021e3ded93
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:28 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 10 Oct 2022 06:11:25 GMT
ETag: "25a8da7df33f18428b71cb4c37b9f24ba64cabf7"
Last-Modified: Thu, 06 Oct 2022 06:11:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755d2076df310b06-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0f414ecd6f8f7f0842dd708ea43c9530
db30b086aa0fa11c03504c77e6b43f129116b008
c97b4e37426f2406b917f3452c620eb85d09d4ec96a7a4532d126dfbe81e13bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C97B4E37426F2406B917F3452C620EB85D09D4EC96A7A4532D126DFBE81E13BC"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10446
Expires: Thu, 06 Oct 2022 11:40:34 GMT
Date: Thu, 06 Oct 2022 08:46:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7c1de5316dad6f567e62b0ca14d25252
d6be9ce37ab137e81bc841fef10cd7bcab878ef6
b1b2341ae33d49eb5e67a4b1c0d8f1576dc8310f49aca1b02d4f92b8ce33c2e3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B1B2341AE33D49EB5E67A4B1C0D8F1576DC8310F49ACA1B02D4F92B8CE33C2E3"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10648
Expires: Thu, 06 Oct 2022 11:43:56 GMT
Date: Thu, 06 Oct 2022 08:46:28 GMT
Connection: keep-alive
cdn.tubecorp.com/vs/vs.js
45.133.44.24200 OK 16 kB URL HTTP/2 cdn.tubecorp.com/vs/vs.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash cdb73de1432cce4265f701ec50951844
3f1a961903cab258b31373dc25cb81daca6a3ea3
57e4007e189ef8b681b9286ffed0d40e76e9c3d385ecb8d1c712f1887c15bc5b
GET /vs/vs.js HTTP/1.1
Host: cdn.tubecorp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:27 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.20.1
last-modified: Fri, 26 Feb 2021 08:59:15 GMT
etag: W/"6038b863-b46b"
cache-control: max-age=3600
x-request-id: e07a8c5e4f2b0b8b4d0d7fdeb26353fa
content-encoding: gzip
expires: Thu, 06 Oct 2022 09:46:27 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
xml.infinity-info.com/redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com
174.137.133.16200 OK 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.adzgame.com/redirect?feed=436085&auth=r2BL6s&subid=adzgame&query=adzgame&url=adzgame.com
173.239.53.18200 OK 0 B URL HTTP/1.1 xml.adzgame.com/redirect?feed=436085&auth=r2BL6s&subid=adzgame&query=adzgame&url=adzgame.com
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=436085&auth=r2BL6s&subid=adzgame&query=adzgame&url=adzgame.com HTTP/1.1
Host: xml.adzgame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
ctrtraffic.me/follow.html
104.21.85.229200 OK 11 kB URL HTTP/2 ctrtraffic.me/follow.html
IP 104.21.85.229:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f2acc5a9ebc3b0488231bb4e062c9846
9859780f72c5fb7e189fe1ec43b4dc78ac93aed6
5656ef0f49368fe6eb905c2ecef37870264599b542aa11d3df7883cd6600ae58
GET /follow.html HTTP/1.1
Host: ctrtraffic.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:27 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 6691
last-modified: Thu, 06 Oct 2022 06:54:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wQft3LE0ryTn2G4eS7kNsqKn1Vc%2FSafb%2FKj%2BT9fdGRXdo1ENT8WAGPmg%2FfrI0uP3oIuIexca9HHqteYx1ZvB%2Fv%2BNad%2Fg7Dtu47pmNo3D3u07E%2FyD4MVD3fTo6fquNS3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2070a8c6b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a07bc5ea8c6c51e8855cd3a8b921ab04
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
192.243.59.12200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=c5d4e1be-b68b-474d-b977-bb38db1f4529&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=8 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fa8498b61cc17d8e6fc607769c23b2aa
Strict-Transport-Security: max-age=0; includeSubdomains
xml.adxfactory.com/redirect?feed=470044&auth=01aQpq&subid=adxa&query=adxa&url=adxfactory.com
173.239.53.17200 OK 0 B URL HTTP/1.1 xml.adxfactory.com/redirect?feed=470044&auth=01aQpq&subid=adxa&query=adxa&url=adxfactory.com
IP 173.239.53.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=470044&auth=01aQpq&subid=adxa&query=adxa&url=adxfactory.com HTTP/1.1
Host: xml.adxfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
votreimc.com/purem.html
172.64.101.38200 OK 34 kB IP 172.64.101.38:0
File type ASCII text, with very long lines (32072)
Hash c7af82599697f2c6a5e8be6a2c7880e7
f07caa2bf670502aebf2612c4f6b6ee1ef68b879
2dc0f69d7aef90269cf2f85b80e1a830c7b5b0a3c9d83e0e1270d676f1f6878b
GET /purem.html HTTP/1.1
Host: votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 5591
last-modified: Thu, 06 Oct 2022 07:13:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R6x1s8D9OzLT52YK8SOffVlhROLvVlCckQ5cNaS4fggrlYus6nF4ezxKSPf1ZN3NBM76aGd6xaWXfivR4xyr16QrI%2BL%2BAft9blZGTzEXkO6VCFOfrTO%2BKCTZFL6oANk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071daf64071-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.zaimads.com/redirect?feed=449093&auth=hakPcP&subid=zaimads&query=stream&url=zaimads.com
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.zaimads.com/redirect?feed=449093&auth=hakPcP&subid=zaimads&query=stream&url=zaimads.com
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=449093&auth=hakPcP&subid=zaimads&query=stream&url=zaimads.com HTTP/1.1
Host: xml.zaimads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cadrctlnk.com/in/p/?spot_id=77735&cat=25&sub_id=88
Pragma: no-cache
xml.flurryad.com/redirect?feed=437642&auth=qKgbOv&subid=flurryad&query=flurryad&url=flurryad.com
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.flurryad.com/redirect?feed=437642&auth=qKgbOv&subid=flurryad&query=flurryad&url=flurryad.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=437642&auth=qKgbOv&subid=flurryad&query=flurryad&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Location: https://mediacpm.pl/v.php?user=13428
xml.popmonetizer.com/redirect?feed=453690&auth=51bnE2&pubid=150133
174.137.133.18302 Found 0 B URL HTTP/1.1 xml.popmonetizer.com/redirect?feed=453690&auth=51bnE2&pubid=150133
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=453690&auth=51bnE2&pubid=150133 HTTP/1.1
Host: xml.popmonetizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxperts.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://news24.media/?s&country=no
Pragma: no-cache
vast.yomeno.xyz/?tcid=15375
109.206.163.116200 OK 1.6 kB URL HTTP/2 vast.yomeno.xyz/?tcid=15375
IP 109.206.163.116:0
Hash 8522dc9806d850114835a2c8e51c1f1f
102d70814b15595c3b6bcc6e7cbb7f05279a82ed
7eabe902e947885b8d0a41b1c0fbf4ae666bc4eaa8b01fbe32908582ac62848d
GET /?tcid=15375 HTTP/1.1
Host: vast.yomeno.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Oct 2022 08:46:27 GMT
content-type: text/xml;charset=UTF-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.good-trading.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,
access-control-expose-headers: Content-Length,Content-Range
content-encoding: gzip
X-Firefox-Spdy: h2
xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com
174.137.133.16200 OK 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.adxfactory.com/redirect?feed=470039&auth=iR4kYN&subid=adx&query=adx&url=adxfactory.com
173.239.53.17302 Found 0 B URL HTTP/1.1 xml.adxfactory.com/redirect?feed=470039&auth=iR4kYN&subid=adx&query=adx&url=adxfactory.com
IP 173.239.53.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=470039&auth=iR4kYN&subid=adx&query=adx&url=adxfactory.com HTTP/1.1
Host: xml.adxfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://t4.goldensevenseas.net/l.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&s=404114_470039&pid=yufBnI0wpU0_0
Pragma: no-cache
xml.flurryad.com/redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.flurryad.com/redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://t4.goldensevenseas.net/l.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&s=405137_437634&pid=goUlpByRsmI_0
Pragma: no-cache
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash d8c57ea0e7c6aed33a1ba14afb8dcfee
af3f74a1fb85a51ed0860ab1ebb78eb15627bdca
b3796ed630032954a9433071fa62078daef914af766e0580393364e17d6124c6
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 10 Oct 2022 05:38:08 GMT
ETag: "af3f74a1fb85a51ed0860ab1ebb78eb15627bdca"
Last-Modified: Thu, 06 Oct 2022 05:38:09 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755d2078d8c4b4f3-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash d8c57ea0e7c6aed33a1ba14afb8dcfee
af3f74a1fb85a51ed0860ab1ebb78eb15627bdca
b3796ed630032954a9433071fa62078daef914af766e0580393364e17d6124c6
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 10 Oct 2022 05:38:08 GMT
ETag: "af3f74a1fb85a51ed0860ab1ebb78eb15627bdca"
Last-Modified: Thu, 06 Oct 2022 05:38:09 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755d2078e9290b06-OSL
xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
174.137.133.17200 OK 0 B URL HTTP/1.1 xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=457657&auth=p12tC3&pubid=152420 HTTP/1.1
Host: xml.poprtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
www.ad-good.com/infinitygeo.html?1
188.114.96.1200 OK 225 B URL HTTP/2 www.ad-good.com/infinitygeo.html?1
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash c2c0efb850d11bcb6fac52b70ccb0fbd
2284cbf3c4725470ba3381d8fef1ba51be9edcf7
8c88db6133503f790c9648403b6a3a24017f2ceb2f109becb6ccd67e329f67e5
GET /infinitygeo.html?1 HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6178
last-modified: Thu, 06 Oct 2022 07:03:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VIJ%2FZh0dFa%2BnF6ton8zSe5dYMCwyUGMn%2FQGM2XsDvJDSzbDiP2%2BHZbX1OH%2FVNXKmh45sYE%2BPVwH9snxaffAk1l8Opm%2Bg9GT9S9jHLMNRKdQ1jnOWINjx87mRn8uXtnjEh9c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071ca1efab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.zaimads.com/redirect?feed=449092&auth=Rr6ulY&subid=zaimadsad&query=streamad&url=zaimadsad.com
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.zaimads.com/redirect?feed=449092&auth=Rr6ulY&subid=zaimadsad&query=streamad&url=zaimadsad.com
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=449092&auth=Rr6ulY&subid=zaimadsad&query=streamad&url=zaimadsad.com HTTP/1.1
Host: xml.zaimads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://t4.goldensevenseas.net/l.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&s=429535_449092&pid=b*lN2YW7tH8_0
Pragma: no-cache
xml.infinity-info.com/redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com
174.137.133.16200 OK 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.adzgame.com/redirect?feed=436086&auth=7bONam&subid=adzgamea&query=adzgamea&url=adzgame.com
173.239.53.18302 Found 0 B URL HTTP/1.1 xml.adzgame.com/redirect?feed=436086&auth=7bONam&subid=adzgamea&query=adzgamea&url=adzgame.com
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=436086&auth=7bONam&subid=adzgamea&query=adzgamea&url=adzgame.com HTTP/1.1
Host: xml.adzgame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cadrctlnk.com/in/p/?spot_id=75903&cat=25&sub_id=88
Pragma: no-cache
mc.yandex.ru/watch/54046198?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A216640334%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C3262%2C3262%2C6%2C597%3Aeu%3A1%3Ans%3A1665045982361%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)ecs(1)fip(1)rqnl(1)ti(2)
87.250.250.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/54046198?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A216640334%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C3262%2C3262%2C6%2C597%3Aeu%3A1%3Ans%3A1665045982361%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)ecs(1)fip(1)rqnl(1)ti(2)
IP 87.250.250.119:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch/54046198?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A216640334%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C3262%2C3262%2C6%2C597%3Aeu%3A1%3Ans%3A1665045982361%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)ecs(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/54046198/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A216640334%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C3262%2C3262%2C6%2C597%3Aeu%3A1%3Ans%3A1665045982361%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
date: Thu, 06 Oct 2022 08:46:28 GMT
access-control-allow-origin: https://hqq.to
set-cookie: yandexuid=4415842271665045988; Expires=Fri, 06-Oct-2023 08:46:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=4415842271665045988; Expires=Fri, 06-Oct-2023 08:46:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1910957591665045988; Path=/; SameSite=None; Secure
i=9sZUWQ4zuUhwNz0AZp0ME7TpmMe53Jqjxod6EgxRHMJKNz70sT3YeMlsoPNBbXA8rXGrDvvvET3YuFhGFgbx3tdKF7U=; Expires=Sun, 03-Oct-2032 08:46:26 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696581988.yrts.1665045988#1696581988.yrtsi.1665045988; Expires=Fri, 06-Oct-2023 08:46:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:28 GMT
last-modified: Thu, 06-Oct-2022 08:46:28 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
redirect3.online/adx.html
104.21.39.111200 OK 155 B URL HTTP/2 redirect3.online/adx.html
IP 104.21.39.111:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash d26ac92d68293c37f4926f2e7efe7891
70118623ea58fba35ae550dbf4fd751f5c8dff8a
815712076e9f811aa60a679906f8b8bed00f86f726d1765ee7a97a7662946ca2
GET /adx.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2824
last-modified: Thu, 06 Oct 2022 07:59:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l4XuKTqIRK%2FA7OuviAurVZEr11JfkKyYC2pZLakOVhukRgrStBKrnWNcqc8JRO2mpdOIC7qVKovotuzZhfkTP%2FUxlk486N2aySvF2%2FZj56M7c2GxSKC0qMUKzgTQ%2FvUfnlFY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071eabab4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com
174.137.133.16200 OK 371 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 03c96eedadc14f12180f806ec61d58eb
31c588f9934d1722903ec432f0e9303a15e275e6
e65c528fc681523ff493a39724add4754bf5d4a1c15b504fcfc512bc5e3269ea
GET /redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
ctrtraffic.me/following.html
104.21.85.229200 OK 190 kB URL HTTP/2 ctrtraffic.me/following.html
IP 104.21.85.229:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size 190 kB (189939 bytes)
Hash 08b72b3aefef3c76dc8632ed8d12b270
7de41cbdfc6c0b9326b6735e9a64091ec2c8b27a
4edb4c388e1647858e90e3fbcd40fb45e50d130b18c82ecadf9a4d92c141389f
GET /following.html HTTP/1.1
Host: ctrtraffic.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:27 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 996
last-modified: Thu, 06 Oct 2022 08:29:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YXPTGaLFfa7DnhQOSeiOz5dlkD1aedtCtRaX8%2FF%2FFN7QUFSorWAltSXpjhlfIgAdpfu0xVJ8VTDEgdjsnCpn75AQc8IlV59pDrns6HYyIBMdVdHGjPWw4RVDHDvBuOlx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2070587cb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.eximdigital.com/redirect?feed=445013&auth=umnz4X&subid=eximdigital&query=eximdigital&url=eximdigital.com
173.239.53.22200 OK 0 B URL HTTP/1.1 xml.eximdigital.com/redirect?feed=445013&auth=umnz4X&subid=eximdigital&query=eximdigital&url=eximdigital.com
IP 173.239.53.22:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=445013&auth=umnz4X&subid=eximdigital&query=eximdigital&url=eximdigital.com HTTP/1.1
Host: xml.eximdigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
www.ad-good.com/infinitym.html
188.114.96.1200 OK 181 B URL HTTP/2 www.ad-good.com/infinitym.html
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 2a3f4a347c60feacf16e60e9c2a8e4a7
38d6897ce032b56d850699af051dc536ce4c731b
7ef01610a399eccdcc0b3b7cbbeb6f97c1130b8b6014e8dd4a5f11a909d04d0e
GET /infinitym.html HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 693
last-modified: Thu, 06 Oct 2022 08:34:55 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83T2JL1vAm0hahqwFn8YMBIIJEgv4VyLU%2B7g4krZ69bVEtTIXstQgXgE%2BB4yyGcpibvdCDKwZkPCk7x2IkjLszPbDP9rEmr260kwlpojRNKlvxMP1IhEfNowOXuxZOMsgpQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071fa34fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
themes.googleusercontent.com/static/fonts/sourcesanspro/v7/ODelI1aHBYDBqgeIAH2zlBM0YzuT7MdOe03otPbuUS0.woff
142.250.74.1200 OK 27 kB URL HTTP/2 themes.googleusercontent.com/static/fonts/sourcesanspro/v7/ODelI1aHBYDBqgeIAH2zlBM0YzuT7MdOe03otPbuUS0.woff
IP 142.250.74.1:0
File type Web Open Font Format, TrueType, length 27248, version 1.1\012- data
Hash c4f39c8cef7f1746da98c25e82b76f29
d368079e8789e98ad4831b570e096ba28ed365d6
13ae7e5a59de6cef3c3cedeaa348b17157b3cbc2b1bc9607c6d84ced4d137269
GET /static/fonts/sourcesanspro/v7/ODelI1aHBYDBqgeIAH2zlBM0YzuT7MdOe03otPbuUS0.woff HTTP/1.1
Host: themes.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: null
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
timing-allow-origin: *
content-length: 27248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:17:26 GMT
expires: Thu, 05 Oct 2023 19:17:26 GMT
cache-control: public, max-age=31536000
age: 48543
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: font/woff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mc.yandex.ru/watch/54046198?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FcE53anNaYVJxVFlNNG5JK25ZNjhsdz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A102983297%3Az%3A0%3Ai%3A20221006084629%3Aet%3A1665045989%3Arn%3A432079138%3Arqn%3A3%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C110%2C1%2C4889%2C4889%2C6%2C1047%3Aeu%3A1%3Ans%3A1665045982360%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045989%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)re(1)aw(1)rqnt(1)ecs(1)fip(1)rqnl(1)ti(2)
87.250.250.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/54046198?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FcE53anNaYVJxVFlNNG5JK25ZNjhsdz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A102983297%3Az%3A0%3Ai%3A20221006084629%3Aet%3A1665045989%3Arn%3A432079138%3Arqn%3A3%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C110%2C1%2C4889%2C4889%2C6%2C1047%3Aeu%3A1%3Ans%3A1665045982360%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045989%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)re(1)aw(1)rqnt(1)ecs(1)fip(1)rqnl(1)ti(2)
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash de30dcc87fb19b96f9274b28fcee8175
dbf682fb22a8310514102d470bd5bfbe786db2cf
b351a506b797d401e1bc8738abf2a3a3887b07702dd986866b7327b5b4b8f719
GET /watch/54046198?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FcE53anNaYVJxVFlNNG5JK25ZNjhsdz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A102983297%3Az%3A0%3Ai%3A20221006084629%3Aet%3A1665045989%3Arn%3A432079138%3Arqn%3A3%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C110%2C1%2C4889%2C4889%2C6%2C1047%3Aeu%3A1%3Ans%3A1665045982360%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045989%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)re(1)aw(1)rqnt(1)ecs(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/54046198/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FcE53anNaYVJxVFlNNG5JK25ZNjhsdz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A102983297%3Az%3A0%3Ai%3A20221006084629%3Aet%3A1665045989%3Arn%3A432079138%3Arqn%3A3%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C110%2C1%2C4889%2C4889%2C6%2C1047%3Aeu%3A1%3Ans%3A1665045982360%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045989%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29re%281%29aw%281%29rqnt%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
date: Thu, 06 Oct 2022 08:46:29 GMT
access-control-allow-origin: https://hqq.to
set-cookie: yandexuid=7034132161665045989; Expires=Fri, 06-Oct-2023 08:46:29 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=7034132161665045989; Expires=Fri, 06-Oct-2023 08:46:29 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2242394171665045989; Path=/; SameSite=None; Secure
i=lOEY9HepdEeREDLHuD3ZHL7wVoR07jKnqQXcemhhiWQ1jrN8UhnoyI0aJevypuHD7i8++g6X1tqPZqNgYR3j72jrSzQ=; Expires=Sun, 03-Oct-2032 08:46:25 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696581989.yrts.1665045989#1696581989.yrtsi.1665045989; Expires=Fri, 06-Oct-2023 08:46:29 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:29 GMT
last-modified: Thu, 06-Oct-2022 08:46:29 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
xml.infinity-info.com/redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=best+deals&url=infinity-info.com
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.infinity-info.com/redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Oct 2022 08:46:29 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cadrctlnk.com/in/p/?spot_id=73663&cat=25&sub_id=88
Pragma: no-cache
tracking.dating-clicks.com/57386a49-99c5-4b44-a080-16578d64d5bd?pubfeed=379211&subid=456943_446695
18.192.108.151302 Found 0 B URL HTTP/2 tracking.dating-clicks.com/57386a49-99c5-4b44-a080-16578d64d5bd?pubfeed=379211&subid=456943_446695
IP 18.192.108.151:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /57386a49-99c5-4b44-a080-16578d64d5bd?pubfeed=379211&subid=456943_446695 HTTP/1.1
Host: tracking.dating-clicks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 06 Oct 2022 08:46:29 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://tracking.dating-clicks.com/1a0b57be-c980-40a8-9b13-5fbb50a765dc
pragma: no-cache
set-cookie: 57386a49-99c5-4b44-a080-16578d64d5bd-v4=zou2oquArmfhek7qCxoLU9dTQvAJKxY9v7s73ZTINsA; Max-Age=86400; Expires=Fri, 07-Oct-2022 08:46:29 GMT; Domain=tracking.dating-clicks.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=KLmeqk1QTb4IvqBf7IBDYiHT9LUcchn6tIRGFtceD5jgqZuoFK6UtMzt4vSyfvM4qQtLF7kG8dfJz4gePOLVa3S08lQN4N4T9EXmhX9pkCsMxUKaeIvLY94f%2BJ%2F0vBS8mmKWrW7yYlgwT%2F%2B6CCRCzA%3D%3D; Max-Age=31536000; Expires=Fri, 06-Oct-2023 08:46:29 GMT; Domain=tracking.dating-clicks.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 903e11372ad6889856f98f84c3f5de98
b88168367e1841e9be65f0e3f35417e9064e96c7
17e96944f3c60b6f93ecbde0902055f213f762db92b049f7bfdd938a736afe90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5408
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 08:46:29 GMT
Last-Modified: Thu, 06 Oct 2022 07:16:21 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
tracking.dating-clicks.com/1a0b57be-c980-40a8-9b13-5fbb50a765dc
18.192.108.151302 Found 0 B URL HTTP/2 tracking.dating-clicks.com/1a0b57be-c980-40a8-9b13-5fbb50a765dc
IP 18.192.108.151:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1a0b57be-c980-40a8-9b13-5fbb50a765dc HTTP/1.1
Host: tracking.dating-clicks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 57386a49-99c5-4b44-a080-16578d64d5bd-v4=zou2oquArmfhek7qCxoLU9dTQvAJKxY9v7s73ZTINsA; cc-v4=KLmeqk1QTb4IvqBf7IBDYiHT9LUcchn6tIRGFtceD5jgqZuoFK6UtMzt4vSyfvM4qQtLF7kG8dfJz4gePOLVa3S08lQN4N4T9EXmhX9pkCsMxUKaeIvLY94f%2BJ%2F0vBS8mmKWrW7yYlgwT%2F%2B6CCRCzA%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Thu, 06 Oct 2022 08:46:29 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://thiswickednest.co/?wu93qtnlnt1900ij26ls00aa
pragma: no-cache
set-cookie: 1a0b57be-c980-40a8-9b13-5fbb50a765dc-v4=iYjOqjLcS8W9zo0VFMXgRUOd5Wj9_ihGaceCwlbG-m4; Max-Age=86400; Expires=Fri, 07-Oct-2022 08:46:29 GMT; Domain=tracking.dating-clicks.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=R3kQEXlZE%2FgUHGusj8VU33iaqoJpZxAWH8faEHIhi0%2F4AB%2BqVJM%2FI5ZfltKFwT3mQeLO8Ued8esKoxyxsH8BGq7Fhzi%2BWFiRBZ22lElCQGEqDPE2UQ3S7i6T1yP74JZ5oT203zIyf1Uy8awLXftEMQ%3D%3D; Max-Age=31536000; Expires=Fri, 06-Oct-2023 08:46:29 GMT; Domain=tracking.dating-clicks.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
mc.yandex.ru/watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A509266591%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C%2C%2C%2C603%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)re(1)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
87.250.250.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A509266591%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C%2C%2C%2C603%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)re(1)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 87.250.250.119:0
GET /watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A509266591%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C%2C%2C%2C603%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)re(1)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A509266591%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C%2C%2C%2C603%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29re%281%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Thu, 06 Oct 2022 08:46:23 GMT
access-control-allow-origin: https://hqq.to
set-cookie: yandexuid=1957321121665045983; Expires=Fri, 06-Oct-2023 08:46:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=1957321121665045983; Expires=Fri, 06-Oct-2023 08:46:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2658090081665045983; Path=/; SameSite=None; Secure
i=W2omAhv77awLCoZNZcPY6eG9iu5V08a0iokSLx3524r7TZHO2QJBMn6ICpd4sVho2NG8guAFePAo4tHFgR1CY9l0IEU=; Expires=Sun, 03-Oct-2032 08:46:17 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696581983.yrts.1665045983#1696581983.yrtsi.1665045983; Expires=Fri, 06-Oct-2023 08:46:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:23 GMT
last-modified: Thu, 06-Oct-2022 08:46:23 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300
IP 142.250.74.10:0
GET /css?family=Open+Sans:300 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 06 Oct 2022 08:46:23 GMT
date: Thu, 06 Oct 2022 08:46:23 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mc.yandex.ru/watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A509266591%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C%2C%2C%2C603%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)rqnl(2)ti(2)
87.250.250.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A509266591%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C%2C%2C%2C603%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)rqnl(2)ti(2)
IP 87.250.250.119:0
GET /watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A509266591%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C%2C%2C%2C603%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)rqnl(2)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A509266591%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C%2C%2C%2C603%3Ans%3A1665045982360%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29rqnl%282%29ti%282%29
date: Thu, 06 Oct 2022 08:46:24 GMT
access-control-allow-origin: https://hqq.to
set-cookie: yandexuid=8311508341665045984; Expires=Fri, 06-Oct-2023 08:46:24 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=8311508341665045984; Expires=Fri, 06-Oct-2023 08:46:24 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1626059521665045984; Path=/; SameSite=None; Secure
i=DfWf73EZgxAxbbQfxT42upBMQE8AbhdOiYuMjZwjkclBksoqRERwsWiS6JZWEY1cfXRaJqToPEAtEIeWG/kg8KGayO4=; Expires=Sun, 03-Oct-2032 08:46:24 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696581984.yrts.1665045984#1696581984.yrtsi.1665045984; Expires=Fri, 06-Oct-2023 08:46:24 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:24 GMT
last-modified: Thu, 06-Oct-2022 08:46:24 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
hqq.to/e/WTFmbUFGTUFNcStkYkFuV3lJY2F3Zz09
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/e/WTFmbUFGTUFNcStkYkFuV3lJY2F3Zz09
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /e/WTFmbUFGTUFNcStkYkFuV3lJY2F3Zz09 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=qe6Fd80Az5xDD7myoWRt; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:22 GMT
date: Thu, 06 Oct 2022 08:46:24 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//hqq.to>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//signal.netu.tv>; rel=dns-prefetch; crossorigin,<//wss.commentsengine.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//deliver.vkcdnservice.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
content-encoding: gzip
x-cache-status-inferno: MISS
x-inferno-location: player
x-inferno-limit-req: DELAYED
X-Firefox-Spdy: h2
ctrtraffic.me/mediam.html
104.21.85.229200 OK 0 B URL HTTP/2 ctrtraffic.me/mediam.html
IP 104.21.85.229:0
GET /mediam.html HTTP/1.1
Host: ctrtraffic.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:27 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 6691
last-modified: Thu, 06 Oct 2022 06:54:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DG9%2FQs%2FfYlaCOw%2FPdCgqHbxpgZvNn8oqDPbi9Yc45ReuByeD668ctRtHM8PXNVO7OjgK4RvgvtziPcDG%2FHpwIjKLZTTseAOxKwPnmsIGPl4%2BKMMX%2FGawPfDlIbtrSNQs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20707892b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
votreimc.com/main.html
172.64.101.38200 OK 0 B IP 172.64.101.38:0
GET /main.html HTTP/1.1
Host: votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 5591
last-modified: Thu, 06 Oct 2022 07:13:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nUhV4w2qwQFMpABBdPJnE4V1nwFcU6XRMoBTYgXDqzPh3TRTXvi7IEmgeauSgiFRGshoPkSNixoJqtLv%2B5OC4jo3L3FnF5DMJcEATemSpo16Clyss4Bmkz222lJrBVE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20717a8d4071-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.votreimc.com/adzgameadu.html
172.64.101.38200 OK 0 B URL HTTP/2 www.votreimc.com/adzgameadu.html
IP 172.64.101.38:0
GET /adzgameadu.html HTTP/1.1
Host: www.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 5599
last-modified: Thu, 06 Oct 2022 07:13:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BMXRF0GQrpMs%2FU8R%2Fg1bTrCjU1jlppZpsjCkrYX9jfIj8L%2FTL%2B76wISKiMZTHUZV07ma%2BC4OmC9ASPSSALO0s92z2DTS5rCwm6bzEgxEk7zMjzb3QPM88PoU8vBgvJBtZRCB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2072288a76f9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ctrtraffic.me/mediaa.html
104.21.85.229200 OK 0 B URL HTTP/2 ctrtraffic.me/mediaa.html
IP 104.21.85.229:0
GET /mediaa.html HTTP/1.1
Host: ctrtraffic.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:27 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 6885
last-modified: Thu, 06 Oct 2022 06:51:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FgSMWCLcCXP2b2tXcQvJxfQTG%2FnPH2ZoRswZmOUiIf68RUTcbSEezFFLnJxtVBMGEmndnSsbBqLWIjWDXoMEp28MBUaEixoQHB3U1OXVDnFgWrMdwEniiUnQw5IH7LoO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d207088aab50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.ad-good.com/infinitya.html?1
188.114.96.1200 OK 0 B URL HTTP/2 www.ad-good.com/infinitya.html?1
IP 188.114.96.1:0
GET /infinitya.html?1 HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1969
last-modified: Thu, 06 Oct 2022 08:13:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oHndiYoKjl9%2BJT7WbYPtrZFNYr5uN0PjmAPWOWpa96E%2F5gFqmLb50KKghQ4Z6qpVX2nadNSghnR7BiSe3e5riKvgteAK%2Fvvk9sTB4b9GCKjmbAEbiMb8OB5mwNneSJXAgFc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071ca1dfab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.ad-good.com/infinitya.html
188.114.96.1200 OK 0 B URL HTTP/2 www.ad-good.com/infinitya.html
IP 188.114.96.1:0
GET /infinitya.html HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 693
last-modified: Thu, 06 Oct 2022 08:34:55 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OD9rijR0inGd2xyTXybi1wXrOVAejN%2Bt4R2Ir2pVdqALlPu4AD0T08KbpbsCBzkr0HRRKsAhYk7%2FxlQnZH7ZER4sjLolMkC6zAalaK9bQEcX9w%2Bud0XbeWMcMwmfh%2Bbz5w0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071ca1afab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adhitzads.com/1037686
172.64.99.18200 OK 0 B IP 172.64.99.18:0
GET /1037686 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:29 GMT
content-type: text/html
vary: Accept-Encoding
expires: Thu, 06 Oct 2022 09:46:29 GMT
cache-control: max-age=3600, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eSeiwLRDxwyqzUPiuwwcDXKxJ5TiNBR8%2F0BLI0W%2FNxro1plRGcDv6XsGCkjRyesfSLd%2BUcv%2BuwmWzvXMY096iaBmqKhNVUUrwBzLwc51vZpjgZhn3HGqoztOQo7XFNfz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d207cfef172f6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
q.xmlrtb.com/r?fid=k2mHN2AHw88
172.64.101.31302 Found 0 B URL HTTP/2 q.xmlrtb.com/r?fid=k2mHN2AHw88
IP 172.64.101.31:0
GET /r?fid=k2mHN2AHw88 HTTP/1.1
Host: q.xmlrtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 06 Oct 2022 08:46:26 GMT
location: https://popxperts.com/w3ar3w1n
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cd8Nq%2FCjJSKOKpZI7rxel5lkZbMznz2PEz%2BRP%2BoNLy5k5jTAsxNbracn1gUfuZZMjU0rIZwumZA7DXgN88bemQniA%2FoLDdzTrxL1H8Ja7vY1Yep4aYY0RSw1YOF09V4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d205a8c7f75e3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.ad-good.com/infinitygeo.html
188.114.96.1200 OK 0 B URL HTTP/2 www.ad-good.com/infinitygeo.html
IP 188.114.96.1:0
GET /infinitygeo.html HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6178
last-modified: Thu, 06 Oct 2022 07:03:30 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F2me2LyxAWIEsTYv1y9zXox1WBzJLzFoGgUP36ZWHTfrL3UH48rHF9YYQeCeb9sgOL69%2FYuCdOIoD4TKmf7Iq3AabmF0cln40C9GmhbKerwM3DgLFru17rNrf2Tf%2BWvfNnw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071ca1cfab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/e/RVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/e/RVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /e/RVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=Kd46SUZjz380ZJ7MsDFK; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:22 GMT
date: Thu, 06 Oct 2022 08:46:21 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//hqq.to>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//signal.netu.tv>; rel=dns-prefetch; crossorigin,<//wss.commentsengine.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//deliver.vkcdnservice.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
content-encoding: gzip
x-cache-status-inferno: MISS
x-inferno-location: player
x-inferno-limit-req: PASSED
X-Firefox-Spdy: h2
thenetwork18.net/direct.html
172.67.191.234200 OK 0 B URL HTTP/2 thenetwork18.net/direct.html
IP 172.67.191.234:0
GET /direct.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:27 GMT
content-type: text/html
vary: Accept-Encoding
x-iplb-request-id: A29EDEF8:26CA_D5BA2113:0050_633E8D17_12AFB:2A9B5
x-iplb-instance: 30877
cache-control: max-age=14400
cf-cache-status: HIT
age: 2252
last-modified: Thu, 06 Oct 2022 08:08:55 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dMAinv1W402xzwmNFhc%2FXNqSVJbLoiYOvvQQGPL3HHYHpXNGOwa8lCYWNGuqi9tgMIB3kTmXvn%2Bx5ZwQthNkBN6OyI2JgKXA%2FcK0mv0fO9NR27xl6KVSZ6FnPJfjChOEox99"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20701de8fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cadrctlnk.com/in/p/?spot_id=77735&cat=25&sub_id=88
109.206.181.2200 OK 0 B URL HTTP/2 cadrctlnk.com/in/p/?spot_id=77735&cat=25&sub_id=88
IP 109.206.181.2:0
Analyzer Verdict Alert quad9 Sinkholed
GET /in/p/?spot_id=77735&cat=25&sub_id=88 HTTP/1.1
Host: cadrctlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 1095.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Oct 2022 08:46:29 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
vary: Accept-Encoding, *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 1095.0=1; expires=Fri, 07 Oct 2022 08:46:29 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=2&if=0&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv
185.162.85.14200 OK 0 B URL HTTP/2 kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=2&if=0&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv
IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
GET /cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=2&if=0&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv HTTP/1.1
Host: kiynew.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 06 Oct 2022 08:46:27 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
adhitzads.com/1036911
172.64.99.18200 OK 0 B IP 172.64.99.18:0
GET /1036911 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:29 GMT
content-type: text/html
vary: Accept-Encoding
expires: Thu, 06 Oct 2022 09:46:29 GMT
cache-control: max-age=3600, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rl6VUXNwapSrlTPmk0zpCuxzsllrGHKOaTqksNwekFrwMMF4jw6qIwz6kNzlA2EM1g0tpEpScXDrQUr7Jccl6r%2FxobbdRSiwlMfU7E36Q263zVTOa5tEgPsTkYOdcX1D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d207d0f0672f6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=2&if=0&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv
185.162.85.14200 OK 0 B URL HTTP/2 kiynew.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=2&if=0&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv
IP 185.162.85.14:0
ASN #39572 DataWeb Global Group B.V.
GET /cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=2&if=0&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv HTTP/1.1
Host: kiynew.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 06 Oct 2022 08:46:30 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=27435521
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=27435521
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=27435521 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/RVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09
Cookie: uid=1g20I_goZPb*FjkfMigtxFUZ4sJ4*o9I; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c5d4e1be-b68b-474d-b977-bb38db1f4529%3A2%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=2; pbpr0tpuw4isk85t8yg3jb2lj5vqf=seatsrehearseinitial.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=jYrwBQGA64LosxZ1EOxA; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:26 GMT
date: Thu, 06 Oct 2022 08:46:26 GMT
content-type: application/json
access-control-allow-origin: *
x-inferno-location: banner
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
votreimc.com/adu.html
172.64.101.38200 OK 0 B IP 172.64.101.38:0
GET /adu.html HTTP/1.1
Host: votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 2769
last-modified: Thu, 06 Oct 2022 08:00:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cXYXQhHYYSrfh0F5NyUUvABYB%2FUxjJoPwoLrA6DRFQ5OdLF8mb4hOqxqhcm7wXBbsTnhJKm%2BpziXHvS2epDoQHj2HOJ83%2FBaO3wHqngfb3i97idoEC%2FZ89yyt5JWN94%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20717a7f4071-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)rqnl(2)ti(2)
87.250.250.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)rqnl(2)ti(2)
IP 87.250.250.119:0
GET /watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr(14)rqnl(2)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FNFdaMGxSdE5DNTJHSzVublgyZzFVQT09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1444264969226%3Ahid%3A622185625%3Az%3A0%3Ai%3A20221006084623%3Aet%3A1665045984%3Arn%3A884931395%3Arqn%3A1%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C278%2C0%2C%2C%2C%2C597%3Ans%3A1665045982361%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A2%3Ast%3A1665045984%3At%3AVideo%20player&t=gdpr%2814%29rqnl%282%29ti%282%29
date: Thu, 06 Oct 2022 08:46:24 GMT
access-control-allow-origin: https://hqq.to
set-cookie: yandexuid=7927575351665045984; Expires=Fri, 06-Oct-2023 08:46:24 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=7927575351665045984; Expires=Fri, 06-Oct-2023 08:46:24 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1940255831665045984; Path=/; SameSite=None; Secure
i=Chq0cuVq4ZvVz/cQduVjssmUBeBibXvyBnjq3iBP7eCBW+3Qwwz2VNuKVdI2zZVpvaPg34TgfyLijMT72lgOLMwtmjM=; Expires=Sun, 03-Oct-2032 08:46:20 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696581984.yrts.1665045984#1696581984.yrtsi.1665045984; Expires=Fri, 06-Oct-2023 08:46:24 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:24 GMT
last-modified: Thu, 06-Oct-2022 08:46:24 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=41305748
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=41305748
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=41305748 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/NFdaMGxSdE5DNTJHSzVublgyZzFVQT09
Cookie: uid=1g20I_goZPb*FjkfMigtxFUZ4sJ4*o9I; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c5d4e1be-b68b-474d-b977-bb38db1f4529%3A2%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=2; pbpr0tpuw4isk85t8yg3jb2lj5vqf=seatsrehearseinitial.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=xJNzvLTfgrR9K1SfiZUl; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:25 GMT
date: Thu, 06 Oct 2022 08:46:24 GMT
content-type: application/json
access-control-allow-origin: *
x-inferno-location: banner
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
hqq.to/cdn-cgi/trace
190.115.19.71404 Not Found 0 B IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /cdn-cgi/trace HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://hqq.to/e/MGFUQVVsQ2dyeHRVajZTcTRvTm5NZz09
Cookie: uid=1g20I_goZPb*FjkfMigtxFUZ4sJ4*o9I; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c5d4e1be-b68b-474d-b977-bb38db1f4529%3A2%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=2; pbpr0tpuw4isk85t8yg3jb2lj5vqf=seatsrehearseinitial.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: ddos-guard
set-cookie: __ddg1_=73oV8wmO0MRWxJrnVqGr; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:26 GMT
date: Thu, 06 Oct 2022 08:46:25 GMT
content-type: text/html; charset=UTF-8
x-origin-location: /
x-cache-status-inferno: MISS
x-inferno-location: /
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
redirect3.online/adxa.html
104.21.39.111200 OK 0 B URL HTTP/2 redirect3.online/adxa.html
IP 104.21.39.111:0
GET /adxa.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3779
last-modified: Thu, 06 Oct 2022 07:43:29 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gzzqvi3jLd09a2pEWSatfHb7j%2F1IUHL7UnAzCqRZxNnh44QH5oZdHmeayY%2F7LrEfO5yEspj36UjKz%2FV8A0jycuMw5InQnAzlRacyBHIMhJYgXeDbJ3O%2BZuvt%2FDPYXlo%2BF522"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071eae0b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/e/NFdaMGxSdE5DNTJHSzVublgyZzFVQT09
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/e/NFdaMGxSdE5DNTJHSzVublgyZzFVQT09
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /e/NFdaMGxSdE5DNTJHSzVublgyZzFVQT09 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=MrQpkrOtOJm9qWxsmLkU; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:22 GMT
date: Thu, 06 Oct 2022 08:46:21 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//hqq.to>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//signal.netu.tv>; rel=dns-prefetch; crossorigin,<//wss.commentsengine.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//deliver.vkcdnservice.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
content-encoding: gzip
x-cache-status-inferno: MISS
x-inferno-location: player
x-inferno-limit-req: PASSED
X-Firefox-Spdy: h2
zap.buzz/vqlWwD8
172.67.213.33302 Found 0 B IP 172.67.213.33:0
GET /vqlWwD8 HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 06 Oct 2022 08:46:24 GMT
content-type: text/html; charset=utf-8
location: https://q.xmlrtb.com/r?fid=k2mHN2AHw88
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Yz6V4A.T3c3EAZ1t1GwbyiDz9ozC8tCrco; Expires=Thu, 06 Oct 2022 09:16:24 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jSnIaRUyJjZanvbs3%2BOSLZBbU4YKXH4zkne1%2Fib4Ucr3J%2BUJukr17ePqtxyn%2BLFlZ38PAVoYvQAc8RZQTTRHLePybQk6Vdw%2Bg3fhDg3HLHl62rc8z0MjIZ0TCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20580e9cb4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c1.popads.net/pop.js
185.76.9.23200 OK 0 B IP 185.76.9.23:0
ASN #60068 Datacamp Limited
GET /pop.js HTTP/1.1
Host: c1.popads.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://culoscolegiales.blogspot.com
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:24 GMT
content-type: application/javascript; charset=UTF-8
alt-svc: quic="185.76.9.20:443"; ma=2592000; v="44,43,39"
last-modified: Sun, 03 Jul 2022 20:49:14 GMT
etag: W/"62c200ca-7b48"
access-control-allow-origin: *
x-accel-expires: @1665176469
server: CDN77-Turbo
x-77-nzt: AblMCRQOkUH/S9QNAA
x-77-nzt-ray: FEI0HPOQENE
x-cache: HIT
x-age: 906315
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
cloudflare.com/cdn-cgi/trace
104.16.132.229200 OK 0 B URL HTTP/2 cloudflare.com/cdn-cgi/trace
IP 104.16.132.229:0
GET /cdn-cgi/trace HTTP/1.1
Host: cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:27 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 755d206b9802b527-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
alfad.pro/go/266933/657994
3.212.171.33200 OK 0 B URL HTTP/2 alfad.pro/go/266933/657994
IP 3.212.171.33:0
Analyzer Verdict Alert fortinet Phishing
GET /go/266933/657994 HTTP/1.1
Host: alfad.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.good-trading.com/
Origin: https://www.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
testingmetriksbre.ru/netu.php
104.26.1.119200 OK 0 B URL HTTP/2 testingmetriksbre.ru/netu.php
IP 104.26.1.119:0
GET /netu.php HTTP/1.1
Host: testingmetriksbre.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:22 GMT
content-type: application/javascript
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q8Wl30nfWIXh37K%2Bpbp5dGCUicMOQ2srfK%2BWK%2BXSYJXR351HG3ru%2F9ZCJA%2BPUZN9yh9be4EPchXxVGGrSw8ymbuoSMlPMHlMEiRZJfwePeSENTF0ckj5iL82Maoya7MrcyP%2BMynq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d205078e40b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
testingmetriksbre.ru/netu.php
104.26.1.119200 OK 0 B URL HTTP/2 testingmetriksbre.ru/netu.php
IP 104.26.1.119:0
GET /netu.php HTTP/1.1
Host: testingmetriksbre.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:23 GMT
content-type: application/javascript
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w0bYa8lezM52xA7JnL8qURdVKRsjm1YlbkokZ4Olvwef91xVf6rVrUJz14cV1yHdQQgtNwfBFV7Nk3MzTJ1Y8j2K6uzBF8FsvpBmjjBIryVqbEPBVqJ7WqSFR272yfZBmz6pttU%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2053bbc90b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
hqq.to/e/MGFUQVVsQ2dyeHRVajZTcTRvTm5NZz09
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/e/MGFUQVVsQ2dyeHRVajZTcTRvTm5NZz09
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /e/MGFUQVVsQ2dyeHRVajZTcTRvTm5NZz09 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=wnzKqP5LHDtMNQQmMhJF; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:22 GMT
date: Thu, 06 Oct 2022 08:46:25 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//hqq.to>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//signal.netu.tv>; rel=dns-prefetch; crossorigin,<//wss.commentsengine.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//deliver.vkcdnservice.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
content-encoding: gzip
x-cache-status-inferno: EXPIRED
x-inferno-location: player
x-inferno-limit-req: DELAYED
X-Firefox-Spdy: h2
cadrctlnk.com/in/p/?spot_id=75611&cat=1&sub_id=88
109.206.181.2200 OK 0 B URL HTTP/2 cadrctlnk.com/in/p/?spot_id=75611&cat=1&sub_id=88
IP 109.206.181.2:0
Analyzer Verdict Alert quad9 Sinkholed
GET /in/p/?spot_id=75611&cat=1&sub_id=88 HTTP/1.1
Host: cadrctlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 1095.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Oct 2022 08:46:29 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
vary: Accept-Encoding, *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 1095.0=1; expires=Fri, 07 Oct 2022 08:46:29 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
www.votreimc.com/eximdigitala.html
172.64.101.38200 OK 0 B URL HTTP/2 www.votreimc.com/eximdigitala.html
IP 172.64.101.38:0
GET /eximdigitala.html HTTP/1.1
Host: www.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 5599
last-modified: Thu, 06 Oct 2022 07:13:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aEE6uUbHsFU5aos4nI1CTtpSN2DC7nxv4IbOjVQj6zY%2F%2B%2BlW3JnH6XqUzxxpYAKxkd79CeR%2Fg2PnW0WrfXlCxoLdRcRKvykg52LOIedZdRJZEthQDoHTnWACWHaNUuk3TNgQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2072187476f9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cadrctlnk.com/in/p/?spot_id=73663&cat=25&sub_id=88
109.206.181.2200 OK 0 B URL HTTP/2 cadrctlnk.com/in/p/?spot_id=73663&cat=25&sub_id=88
IP 109.206.181.2:0
Analyzer Verdict Alert quad9 Sinkholed
GET /in/p/?spot_id=73663&cat=25&sub_id=88 HTTP/1.1
Host: cadrctlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 1095.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Oct 2022 08:46:30 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
set-cookie: 1095.0=1; expires=Fri, 07 Oct 2022 08:46:29 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
c.adsco.re/
104.17.166.186200 OK 0 B IP 104.17.166.186:0
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://culoscolegiales.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:24 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Sun, 06 Nov 2022 08:46:24 GMT
etag: W/"11BCsVfRLqCHC9ZZvH4GUw=="
cf-cache-status: HIT
age: 1766496
vary: Accept-Encoding
server: cloudflare
cf-ray: 755d205c28530b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mediacpm.pl/v.php?user=13428
104.21.234.95200 OK 0 B URL HTTP/2 mediacpm.pl/v.php?user=13428
IP 104.21.234.95:0
GET /v.php?user=13428 HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:29 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9mLhUm3FtUYUext6e%2BCc73GBn2K8AWop%2F%2BwWsQTtO8MaCtqqc%2B%2BBFMFQihBFzhXPKEX3xe9IhXe9D4SRs7GdsVaoJlJlhgJ8vtn5H3aVDjGUsjvzMj0TxYQEnirE6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20763cf271e0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cadrctlnk.com/in/p/?spot_id=75615&cat=25&sub_id=88
109.206.181.2200 OK 0 B URL HTTP/2 cadrctlnk.com/in/p/?spot_id=75615&cat=25&sub_id=88
IP 109.206.181.2:0
Analyzer Verdict Alert quad9 Sinkholed
GET /in/p/?spot_id=75615&cat=25&sub_id=88 HTTP/1.1
Host: cadrctlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Oct 2022 08:46:29 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
set-cookie: 1095.0=1; expires=Fri, 07 Oct 2022 08:46:29 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
cdn1.adcdnx.com/s/adp1v3.js
172.66.41.37200 OK 0 B URL HTTP/2 cdn1.adcdnx.com/s/adp1v3.js
IP 172.66.41.37:0
GET /s/adp1v3.js HTTP/1.1
Host: cdn1.adcdnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:29 GMT
content-type: text/html;charset=UTF-8
last-modified: Thu, 06 Oct 2022 07:24:28 GMT
cache-control: max-age=7200
cf-cache-status: HIT
age: 2793
vary: Accept-Encoding
server: cloudflare
cf-ray: 755d207c48feb512-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
hqq.to/ad/api/popunder.js
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/ad/api/popunder.js
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /ad/api/popunder.js HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/NFdaMGxSdE5DNTJHSzVublgyZzFVQT09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=5VwycbeZLcvqMqxDPB2V; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:22 GMT
date: Fri, 15 Jul 2022 10:51:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 15 Sep 2021 14:06:22 GMT
etag: W/"6141fdde-15"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: HIT
x-inferno-location: static
accept-ranges: bytes
age: 7163743
ddg-cache-status: HIT,HIT
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
hqq.to/js/script-2.12.5.js
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/js/script-2.12.5.js
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /js/script-2.12.5.js HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/NFdaMGxSdE5DNTJHSzVublgyZzFVQT09
Cookie: uid=1g20I_goZPb*FjkfMigtxFUZ4sJ4*o9I
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=At3EXsJm54mcpmvFKIFw; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:22 GMT
date: Thu, 06 Oct 2022 08:46:22 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 01 Dec 2020 19:28:37 GMT
etag: W/"5fc69965-4cb8"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
172.64.192.5200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP 172.64.192.5:0
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:24 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 8111466a95233934a774ad4410ec7541
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 06 Oct 2022 08:46:24 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hYw3Y52%2FwrdDtoHNZ3CNLIWx1LYoiZr4UNs6qF03p%2FpLlDseMhCRZU6t60CaqAYg1xk2A1Gb8GeaoX1Jncy8CpaS0LeQTEn%2F1NFg7U4jcGliWY9lXXeEILd13f7YsvhkSSwpGXE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 755d205c2a1c7756-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/watch/54046198?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A179726018%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C4318%2C4319%2C6%2C603%3Aeu%3A1%3Ans%3A1665045982360%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)re(1)aw(1)rqnt(1)ecs(1)fip(1)rqnl(1)ti(2)
87.250.250.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/54046198?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A179726018%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C4318%2C4319%2C6%2C603%3Aeu%3A1%3Ans%3A1665045982360%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)re(1)aw(1)rqnt(1)ecs(1)fip(1)rqnl(1)ti(2)
IP 87.250.250.119:0
GET /watch/54046198?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A179726018%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C4318%2C4319%2C6%2C603%3Aeu%3A1%3Ans%3A1665045982360%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)re(1)aw(1)rqnt(1)ecs(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/54046198/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fe%2FRVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09&page-ref=https%3A%2F%2Fculoscolegiales.blogspot.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A1589777126484%3Ahid%3A148455324%3Az%3A0%3Ai%3A20221006084628%3Aet%3A1665045988%3Arn%3A179726018%3Arqn%3A2%3Au%3A1665045984460794596%3Aw%3A520x350%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1%2C0%2C%2C328%2C1%2C4318%2C4319%2C6%2C603%3Aeu%3A1%3Ans%3A1665045982360%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665045988%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29re%281%29aw%281%29rqnt%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
date: Thu, 06 Oct 2022 08:46:28 GMT
access-control-allow-origin: https://hqq.to
set-cookie: yandexuid=983118741665045988; Expires=Fri, 06-Oct-2023 08:46:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=983118741665045988; Expires=Fri, 06-Oct-2023 08:46:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=181189021665045988; Path=/; SameSite=None; Secure
i=PlpxJBHrSNVBFf8UZEKR5yixf3hT5wbbfHvPhzpXA3G8wSWFMlDP7IoRtfmjFiHoabbRHPGqQbkfbCRW5FHs2Lajne4=; Expires=Sun, 03-Oct-2032 08:46:26 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696581988.yrts.1665045988#1696581988.yrtsi.1665045988; Expires=Fri, 06-Oct-2023 08:46:28 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Thu, 06-Oct-2022 08:46:28 GMT
last-modified: Thu, 06-Oct-2022 08:46:28 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
votreimc.com/purea.html
172.64.101.38200 OK 0 B IP 172.64.101.38:0
GET /purea.html HTTP/1.1
Host: votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 5591
last-modified: Thu, 06 Oct 2022 07:13:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b7vYzolRv571Foj0rayX32HaSBt0bZW4okKb%2Fiu47BbPrrX9d%2FKfJhC%2B7p%2FCPqGPYK%2Bufn8pacmmoqTwkr1UgvemYtXxlHX%2BguhdgYDhczwd9tM3Vt6z0FriMM9J9tc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20719aa64071-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.votreimc.com/eximdigitalm.html
172.64.101.38200 OK 0 B URL HTTP/2 www.votreimc.com/eximdigitalm.html
IP 172.64.101.38:0
GET /eximdigitalm.html HTTP/1.1
Host: www.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 5599
last-modified: Thu, 06 Oct 2022 07:13:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VW%2BEJJwRGFlwdsDG16RVzsl3ChT5%2FbiAMBqBbShKlZAeJ0LXS2Ih%2FLjOEnoO%2B72Nptc3TdJu%2Fwep9ty5kfUywyobNKDF0JMJoOCo%2BbC2js48OnqZ016SpKMpDWYhYvAesFXZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071dff676f9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
zap.buzz/lxAR5ZJ
172.67.213.33302 Found 0 B IP 172.67.213.33:0
GET /lxAR5ZJ HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Thu, 06 Oct 2022 08:46:24 GMT
content-type: text/html; charset=utf-8
location: https://q.cachegorilla.com/r?fid=B79SGewuO6N
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Yz6V4A.T3c3EAZ1t1GwbyiDz9ozC8tCrco; Expires=Thu, 06 Oct 2022 09:16:24 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Ve2CwS5Tl5WYrGJv5CPIzD9FMcozIFm68R%2BYz%2FmcDnsGvXZlKgJYBfAEbcBIusLb0Sg7wq92zmVjQzFnSzzk2hWFh9IRHAsDqn9h%2Fy%2FbgBeP5JMHcEk7bSuOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d20580e9db4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=97842607
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=97842607
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=97842607 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/WTFmbUFGTUFNcStkYkFuV3lJY2F3Zz09
Cookie: uid=1g20I_goZPb*FjkfMigtxFUZ4sJ4*o9I; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c5d4e1be-b68b-474d-b977-bb38db1f4529%3A2%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=2; pbpr0tpuw4isk85t8yg3jb2lj5vqf=seatsrehearseinitial.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=b4xh6uB0pPlxEaFmAKHw; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:26 GMT
date: Thu, 06 Oct 2022 08:46:26 GMT
content-type: application/json
access-control-allow-origin: *
x-inferno-location: banner
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
104.16.122.175200 OK 0 B URL HTTP/2 unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
IP 104.16.122.175:0
GET /progressbar.js@1.1.0/dist/progressbar.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:22 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7315-VGu3QlAvqjb4wruVTC8CgYdmBAQ"
via: 1.1 fly.io
fly-request-id: 01F3YGTHVETVB9B7TG2TW5GR8F
cf-cache-status: HIT
age: 14356746
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 755d204ff975b527-OSL
content-encoding: br
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
172.64.128.12200 OK 0 B URL HTTP/2 creepingbrings.com/sfp.js
IP 172.64.128.12:0
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:23 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 42e9ad32f0baffb6739998e479280438
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 06 Oct 2022 08:46:23 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CrYBn6XsduApcr2Q4RPLaM%2F%2BkW1XYNv0S4dkpXnRqcnBJcetqRrIehjOtHPyvShK%2F4SHNxv20rG7OvWh%2BSU4gaedU6Mu8N%2Fu7taah%2B2k3k1vi%2Fkdd7fYrpXkKlDAUaJibD%2Fw6k8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 755d20562da971a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/styles/global/embed_player.3.css?130
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/styles/global/embed_player.3.css?130
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /styles/global/embed_player.3.css?130 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/NFdaMGxSdE5DNTJHSzVublgyZzFVQT09
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=v1B7AO8BEWqSeNbwwbu1; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:22 GMT
date: Thu, 06 Oct 2022 08:46:21 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 09 Dec 2020 22:16:37 GMT
etag: W/"5fd14cc5-1701"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
hqq.to/js/d_check.js?34
190.115.19.71200 OK 0 B IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /js/d_check.js?34 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/NFdaMGxSdE5DNTJHSzVublgyZzFVQT09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=GtjzhJWqSD6eCOmsRXMG; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:22 GMT
date: Thu, 06 Oct 2022 08:46:21 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 27 Feb 2020 14:57:53 GMT
etag: W/"5e57d8f1-d8a"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
cdn.adsfcdn.com/js/N2prQzdaKzBidFE9.js
172.67.199.144200 OK 0 B URL HTTP/2 cdn.adsfcdn.com/js/N2prQzdaKzBidFE9.js
IP 172.67.199.144:0
GET /js/N2prQzdaKzBidFE9.js HTTP/1.1
Host: cdn.adsfcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:29 GMT
content-type: application/javascript
last-modified: Mon, 13 Jun 2022 05:38:27 GMT
vary: Accept-Encoding
etag: W/"62a6cd53-d7b"
expires: Thu, 06 Oct 2022 19:17:42 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 5327
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wIh3PundmXb%2F%2FttLci0yMi%2BBQ4DSYigYylRYgpRptAB0IFPIFvCMkvZTrNJFAZ1rsswJbQZXRpuf550twzsXkqxHgsiyxVxtoNBm4poVutT2jN2KzYHbGsdFONiZfuM5EjQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d207c48f40b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
zap.buzz/vqlWwD8
172.67.213.33302 Found 0 B IP 172.67.213.33:0
GET /vqlWwD8 HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 06 Oct 2022 08:46:23 GMT
content-type: text/html; charset=utf-8
location: https://q.xmlrtb.com/r?fid=k2mHN2AHw88
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Yz6V3w.5FB9iblEC1ceGizlWzslQVhY6O4; Expires=Thu, 06 Oct 2022 09:16:23 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yWF1YS85%2BBxJHQponQVEdq35AIKXxPDAoLYobwDfDmEc2iFpc3IbgmuoxrdDAtH0PsWHFQsnl6uSJpv%2FURAcBQEO4P%2FeRcdLhfNkl%2BXtkQeKpV5igYtRuhwtog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2057be49b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=55440931
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=55440931
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=55440931 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/NFdaMGxSdE5DNTJHSzVublgyZzFVQT09
Cookie: uid=1g20I_goZPb*FjkfMigtxFUZ4sJ4*o9I; dom3ic8zudi28v8lr6fgphwffqoz0j6c=c5d4e1be-b68b-474d-b977-bb38db1f4529%3A2%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=2; pbpr0tpuw4isk85t8yg3jb2lj5vqf=seatsrehearseinitial.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=4EuAiVxg1KpHKnWGW1FU; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:25 GMT
date: Thu, 06 Oct 2022 08:46:24 GMT
content-type: application/json
access-control-allow-origin: *
x-inferno-location: banner
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
hqq.to/cdn-cgi/trace
190.115.19.71404 Not Found 0 B IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /cdn-cgi/trace HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://hqq.to/e/RVVqNm5sVlp3RXZ4UzNNTVVIYlBjZz09
Cookie: uid=1g20I_goZPb*FjkfMigtxFUZ4sJ4*o9I
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: ddos-guard
set-cookie: __ddg1_=1SO5FpiyS4Flek8ySiWY; Domain=.hqq.to; HttpOnly; Path=/; Expires=Fri, 06-Oct-2023 08:46:22 GMT
date: Thu, 06 Oct 2022 08:46:22 GMT
content-type: text/html; charset=UTF-8
x-origin-location: /
x-cache-status-inferno: MISS
x-inferno-location: /
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.votreimc.com/adzgame.html
172.64.101.38200 OK 0 B URL HTTP/2 www.votreimc.com/adzgame.html
IP 172.64.101.38:0
GET /adzgame.html HTTP/1.1
Host: www.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 06 Oct 2022 08:46:28 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 5599
last-modified: Thu, 06 Oct 2022 07:13:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ThcyfpVsNImL6OE5DR8nmjw9Su08nlM1hF1U9A1cB%2FpkMzC5QW4KjwO9HcixbFHRdcPVIF7PiTKbVbYm1Qx16R9G4rcapC9kVGy3e9WCAjZ1VNN2qNKt4h0VU2N4fPKMwQ8C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 755d2071dff476f9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2