| www.girlsrimguys.com/11349/see-him-fuck-charles-dera-natalie-brooks-shit-talkin-alpha-male/ | 104.21.29.138 | 301 Moved Permanently | 0 B |
URL HTTP/1.1www.girlsrimguys.com/11349/see-him-fuck-charles-dera-natalie-brooks-shit-talkin-alpha-male/ IP104.21.29.138:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /11349/see-him-fuck-charles-dera-natalie-brooks-shit-talkin-alpha-male/ HTTP/1.1
Host: www.girlsrimguys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 28 Nov 2022 22:36:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 28 Nov 2022 23:36:51 GMT
Location: https://www.girlsrimguys.com/11349/see-him-fuck-charles-dera-natalie-brooks-shit-talkin-alpha-male/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b9D3IScd9%2BorVZj6%2Bm1TXlf%2B9jEmqFSnX7ROZAKi3gU%2FnNtufYsZtAyCg41TDWsOx2uzbjbv%2BvnL6%2F2GcBgnk8xybO3NkjMbwvb9O%2BK4lT59fywltdxOod9WD%2F7dKbbQ%2FNCVA71Z5w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771695b318f3b521-OSL
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash150792cfc458af013998f4ef6bdf5f74 d5179b2dcb11d06f82606bf6eb6648319998d63e 72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6722
Expires: Tue, 29 Nov 2022 00:28:53 GMT
Date: Mon, 28 Nov 2022 22:36:51 GMT
Connection: keep-alive
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash9408cc0694fcbea57966c3a3ba906092 fddcee1fdcf3209298e41a4b1b5560357fa165f0 6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1234
Cache-Control: max-age=130504
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:51 GMT
Etag: "63848df9-1d7"
Expires: Wed, 30 Nov 2022 10:51:55 GMT
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash3b56944f0e5716fd4fad2ec18994d4be 61cafa4de31ba960d1145ec37272f6f6b6944e0c 4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10365
Expires: Tue, 29 Nov 2022 01:29:36 GMT
Date: Mon, 28 Nov 2022 22:36:51 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 34.102.187.140 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash14cd9a0afb6ba9a763651d5112760d1e 75d7b104ab9ab11fbb73c3f348b43b0119b5adfa 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 22:17:50 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1141
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash9ebddc2b260d081ebbefee47c037cb28 492bad62a7ca6a74738921ef5ae6f0be5edebf39 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: n07WaqCPmdwB6sm7urvtgsI2qkme81DL4jtOmcLQ9u9SK0PFbzF2vl7ry6LcMnvt3BpsNGO1fAk=
x-amz-request-id: ADRRHB7C4NTBVRX5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 21:42:14 GMT
age: 3277
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:36:51 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hashea7fde218e4961e151a299b14a2d55f6 77859692150bf568fc12842aa7c542c0a9c2ca2e 83f52847b8ebef7e27d59cc44fd965df3d3f121d1416d72d20dba8642687df15
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=118115
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:51 GMT
Etag: "63846266-117"
Expires: Wed, 30 Nov 2022 07:25:26 GMT
Last-Modified: Mon, 28 Nov 2022 07:25:26 GMT
Server: nginx
Content-Length: 279
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hashea7fde218e4961e151a299b14a2d55f6 77859692150bf568fc12842aa7c542c0a9c2ca2e 83f52847b8ebef7e27d59cc44fd965df3d3f121d1416d72d20dba8642687df15
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=118115
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:51 GMT
Etag: "63846266-117"
Expires: Wed, 30 Nov 2022 07:25:26 GMT
Last-Modified: Mon, 28 Nov 2022 07:25:26 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 279
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 34.102.187.140 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 22:08:55 GMT
cache-control: public,max-age=3600
age: 1676
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash7ab2ef968cb6a3078f4b9cb2dda813d4 e669116047ca058a2c1b2999ff0ea8682719162c 6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1297
Cache-Control: max-age=125500
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:52 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 09:28:32 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hashc81653e99cfdfb43236c8d50248b2e51 a33bc0cb7d3bb714b7ef23b059bb304cf23d464f e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash04fce9d62a1419c44d4d1b179749af9b 63e51bc93aa3138b107946ea9d31a1cce6fd3491 43a89aff0d5663f10018af94cd9c10405d370cd507ab79fab97ec43d04cf4c5c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43A89AFF0D5663F10018AF94CD9C10405D370CD507AB79FAB97EC43D04CF4C5C"
Last-Modified: Sat, 26 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4894
Expires: Mon, 28 Nov 2022 23:58:26 GMT
Date: Mon, 28 Nov 2022 22:36:52 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash04fce9d62a1419c44d4d1b179749af9b 63e51bc93aa3138b107946ea9d31a1cce6fd3491 43a89aff0d5663f10018af94cd9c10405d370cd507ab79fab97ec43d04cf4c5c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43A89AFF0D5663F10018AF94CD9C10405D370CD507AB79FAB97EC43D04CF4C5C"
Last-Modified: Sat, 26 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4894
Expires: Mon, 28 Nov 2022 23:58:26 GMT
Date: Mon, 28 Nov 2022 22:36:52 GMT
Connection: keep-alive
|
|
| www.googletagmanager.com/gtag/js?id=UA-152779784-6 | 142.250.74.168 | 200 OK | 44 kB |
URL HTTP/2www.googletagmanager.com/gtag/js?id=UA-152779784-6 IP142.250.74.168:0
File typeASCII text, with very long lines (1921) Hashd7b4129fede77e4e968a41796438dd44 a97bf2813d0ba4da2016aadeb60454eef8fc31a6 64d9db511ab2d161200a1802f06b57c5cfd76533cdf48cbca6ec0ded2e6ccd2f
GET /gtag/js?id=UA-152779784-6 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 28 Nov 2022 22:36:52 GMT
expires: Mon, 28 Nov 2022 22:36:52 GMT
cache-control: private, max-age=900
last-modified: Mon, 28 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43684
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hashc81653e99cfdfb43236c8d50248b2e51 a33bc0cb7d3bb714b7ef23b059bb304cf23d464f e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| push.services.mozilla.com/ | 34.215.107.141 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP34.215.107.141:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VOLnfH231QsGu457A21euA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CbUOOcWb3bZPiLYTo3i8sWtAioU=
|
|
| syndication.realsrv.com/v1/api.php | 95.211.229.248 | 200 OK | 2.6 kB |
URL HTTP/1.1syndication.realsrv.com/v1/api.php IP95.211.229.248:0 ASN#60781 LeaseWeb Netherlands B.V.
File typeJSON data\012- , ASCII text, with very long lines (6023), with no line terminators Hashedd69916c5c33b8d81ff2d5fc36de09a 1fa3a3f3235d7c713bbfc0fcc8f3c4e0b550fa72 0caa3cd5f80e60a4d26bc40a5d6796a12a9b20f3c214e91fce2c1e304f4dbfea
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 349
Origin: https://www.girlsrimguys.com
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 22:36:52 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://www.girlsrimguys.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226385380447e812.933460681791736486%22%3B%7D; expires=Wed, 27-Nov-2024 22:36:52 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPW07DMBC8CheItS971/3mGyQQB0ictKpEQWqERKU5PE4Q/cHjx9iend0VEhmYB4kH9oOWQxZUTpWSSeJseHp+gTFO5+v7ej1fTl+3NbXPC1iqm8GjWi6omUsVWFGJTMgUyOZWupu7qKoR+lRQh2TtkZ0lIg844e31cV/cIYS+b2k3ap3T9xalyqMrtTbLPDMbTdZUj9ULH4Nl2oT/y6RfJJa8m/89QNlUTDDw/WLog7B/j+vtowF3uZX9yLuDgq13w8DM3luPcXafWuGlLEuOZkuYWZRYfgA4kHkvXwEAAA== | 95.211.229.248 | 200 OK | 20 B |
URL HTTP/1.1syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPW07DMBC8CheItS971/3mGyQQB0ictKpEQWqERKU5PE4Q/cHjx9iend0VEhmYB4kH9oOWQxZUTpWSSeJseHp+gTFO5+v7ej1fTl+3NbXPC1iqm8GjWi6omUsVWFGJTMgUyOZWupu7qKoR+lRQh2TtkZ0lIg844e31cV/cIYS+b2k3ap3T9xalyqMrtTbLPDMbTdZUj9ULH4Nl2oT/y6RfJJa8m/89QNlUTDDw/WLog7B/j+vtowF3uZX9yLuDgq13w8DM3luPcXafWuGlLEuOZkuYWZRYfgA4kHkvXwEAAA== IP95.211.229.248:0 ASN#60781 LeaseWeb Netherlands B.V.
Hasha4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VPW07DMBC8CheItS971/3mGyQQB0ictKpEQWqERKU5PE4Q/cHjx9iend0VEhmYB4kH9oOWQxZUTpWSSeJseHp+gTFO5+v7ej1fTl+3NbXPC1iqm8GjWi6omUsVWFGJTMgUyOZWupu7qKoR+lRQh2TtkZ0lIg844e31cV/cIYS+b2k3ap3T9xalyqMrtTbLPDMbTdZUj9ULH4Nl2oT/y6RfJJa8m/89QNlUTDDw/WLog7B/j+vtowF3uZX9yLuDgq13w8DM3luPcXafWuGlLEuOZkuYWZRYfgA4kHkvXwEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.girlsrimguys.com
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226385380447e812.933460681791736486%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 22:36:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://www.girlsrimguys.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226385380447e812.933460681791736486%22%3B%7D; expires=Wed, 27 Nov 2024 22:36:52 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226385380447e812.933460681791736486%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Wed, 27 Nov 2024 22:36:52 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| syndication.realsrv.com/v1/api.php | 95.211.229.248 | 200 OK | 33 kB |
URL HTTP/1.1syndication.realsrv.com/v1/api.php IP95.211.229.248:0 ASN#60781 LeaseWeb Netherlands B.V.
Hash3485875c853d8c04d43c1c6413cb4958 3639fc5de60a8cf1dbfa5a0ba4194e6f142f6584 f432bcbd60e26f24f676bc998a7679740b4dd5ebc34ad0915e9e8b91c70c04b1
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 349
Origin: https://www.girlsrimguys.com
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 22:36:52 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://www.girlsrimguys.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%226385380456f251.4648722220366360%22%3B%7D; expires=Wed, 27-Nov-2024 22:36:52 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| syndication.realsrv.com/v1/api.php | 95.211.229.248 | 200 OK | 1.3 kB |
URL HTTP/1.1syndication.realsrv.com/v1/api.php IP95.211.229.248:0 ASN#60781 LeaseWeb Netherlands B.V.
Hashe1120321a8e4c9389ce15daffe2d86c2 85ad5ada02a599adefe44377cf2ab4783ecdf015 acfca13bce9fe08d3eb6d3b819b24a2becdf022025023797b9a664c6864f7f35
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 349
Origin: https://www.girlsrimguys.com
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 22:36:52 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://www.girlsrimguys.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263853804586177.00500894603011043%22%3B%7D; expires=Wed, 27-Nov-2024 22:36:52 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| syndication.realsrv.com/v1/api.php | 95.211.229.248 | 200 OK | 1.1 kB |
URL HTTP/1.1syndication.realsrv.com/v1/api.php IP95.211.229.248:0 ASN#60781 LeaseWeb Netherlands B.V.
File typeJSON data\012- , ASCII text, with very long lines (1471), with no line terminators Hashe959d994ec2276e999b26495a977db24 f5ead4bf0fd6165ac9a275412846c9afa4fe53ed b82daf262a9797d8a651686296ee53d1dc1ccc547692633451f084d22fd49cd9
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 349
Origin: https://www.girlsrimguys.com
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 22:36:52 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://www.girlsrimguys.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638538045883c5.707061123729818542%22%3B%7D; expires=Wed, 27-Nov-2024 22:36:52 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| syndication.realsrv.com/v1/api.php | 95.211.229.248 | 200 OK | 8.7 kB |
URL HTTP/1.1syndication.realsrv.com/v1/api.php IP95.211.229.248:0 ASN#60781 LeaseWeb Netherlands B.V.
Hash14189118747ff9539970ed49effddc93 f95926e824a7dd8a28155a7cceed825782bf3aa2 8a668150d4c619ed3f9d09a95301845d37c737a9bf55c04d6201e4d0fe3b0297
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 349
Origin: https://www.girlsrimguys.com
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 22:36:52 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://www.girlsrimguys.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226385380458fdc7.171143383036233558%22%3B%7D; expires=Wed, 27-Nov-2024 22:36:52 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| www.google-analytics.com/analytics.js | 142.250.74.174 | 200 OK | 20 kB |
URL HTTP/2www.google-analytics.com/analytics.js IP142.250.74.174:0
File typeASCII text, with very long lines (1325) Hash47e6f374ca946fddd5b59871b325736c baa9282efc8785e84d247c3bff518eaa45f101c4 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 28 Nov 2022 20:41:08 GMT
expires: Mon, 28 Nov 2022 22:41:08 GMT
cache-control: public, max-age=7200
age: 6944
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VOy0oDQRD8FX9gh35Oz+SsV4VIPiA744aAUUgQEqiPd3eDudh1qOruoighkYF5kPLEsdG8cUHlVCmZJHbD69sWxjgcz5+X8/F0+LldUvs+wSSTV0Sp5hnVOVeBZZUyJzgVWJTwyAjPwcIEIyhohriaLSoRIwi792e87LbgRCrxoNlOdBUn8NpiCbBZ03UJUeV9KLXWpXdmo9Ga6lQj81RYxsX4vzXdkShcZ4f8HaBsKiYY+LEY5iGs7/3l9tWAh/0OXwMYbLYQpqpatbG0kUvrdd/JP3rmHpNWI/8FBolYLm0BAAA= | 95.211.229.248 | 200 OK | 20 B |
URL HTTP/1.1syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VOy0oDQRD8FX9gh35Oz+SsV4VIPiA744aAUUgQEqiPd3eDudh1qOruoighkYF5kPLEsdG8cUHlVCmZJHbD69sWxjgcz5+X8/F0+LldUvs+wSSTV0Sp5hnVOVeBZZUyJzgVWJTwyAjPwcIEIyhohriaLSoRIwi792e87LbgRCrxoNlOdBUn8NpiCbBZ03UJUeV9KLXWpXdmo9Ga6lQj81RYxsX4vzXdkShcZ4f8HaBsKiYY+LEY5iGs7/3l9tWAh/0OXwMYbLYQpqpatbG0kUvrdd/JP3rmHpNWI/8FBolYLm0BAAA= IP95.211.229.248:0 ASN#60781 LeaseWeb Netherlands B.V.
Hasha4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VOy0oDQRD8FX9gh35Oz+SsV4VIPiA744aAUUgQEqiPd3eDudh1qOruoighkYF5kPLEsdG8cUHlVCmZJHbD69sWxjgcz5+X8/F0+LldUvs+wSSTV0Sp5hnVOVeBZZUyJzgVWJTwyAjPwcIEIyhohriaLSoRIwi792e87LbgRCrxoNlOdBUn8NpiCbBZ03UJUeV9KLXWpXdmo9Ga6lQj81RYxsX4vzXdkShcZ4f8HaBsKiYY+LEY5iGs7/3l9tWAh/0OXwMYbLYQpqpatbG0kUvrdd/JP3rmHpNWI/8FBolYLm0BAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.girlsrimguys.com
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%226385380456f251.4648722220366360%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226385380447e812.933460681791736486%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 22:36:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://www.girlsrimguys.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%226385380456f251.4648722220366360%22%3B%7D; expires=Wed, 27 Nov 2024 22:36:52 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226385380447e812.933460681791736486%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Wed, 27 Nov 2024 22:36:52 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VQy2oCQRD8lfzADv2cnvGcXBMw+AHuLIoQE3AJKNTHZ3ZFL+k69Ku6KFpIZGAepLxwbDRvXFA5VUomid3w/rGFMY6ny9d8OZ2Pv7c5tZ8zTDJ5RZRqnlGdcxVYVilKcCqwKOGREU4aFH1JUFCHuJotVSJGEHafr3jbbcGJVOKRBEp0FSfwamK5t17TddFQ5X0otTbJNDEbjdZUDzUyHwrLuBD/m6Y7EhWTzpDHAMqm0mcDPxtDD8K63s+37wY86Xf4KsBgsyWhNiWPWnItXWscuT+oW8slrEqT+ANTczhcbAEAAA== | 95.211.229.248 | 200 OK | 20 B |
URL HTTP/1.1syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VQy2oCQRD8lfzADv2cnvGcXBMw+AHuLIoQE3AJKNTHZ3ZFL+k69Ku6KFpIZGAepLxwbDRvXFA5VUomid3w/rGFMY6ny9d8OZ2Pv7c5tZ8zTDJ5RZRqnlGdcxVYVilKcCqwKOGREU4aFH1JUFCHuJotVSJGEHafr3jbbcGJVOKRBEp0FSfwamK5t17TddFQ5X0otTbJNDEbjdZUDzUyHwrLuBD/m6Y7EhWTzpDHAMqm0mcDPxtDD8K63s+37wY86Xf4KsBgsyWhNiWPWnItXWscuT+oW8slrEqT+ANTczhcbAEAAA== IP95.211.229.248:0 ASN#60781 LeaseWeb Netherlands B.V.
Hasha4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VQy2oCQRD8lfzADv2cnvGcXBMw+AHuLIoQE3AJKNTHZ3ZFL+k69Ku6KFpIZGAepLxwbDRvXFA5VUomid3w/rGFMY6ny9d8OZ2Pv7c5tZ8zTDJ5RZRqnlGdcxVYVilKcCqwKOGREU4aFH1JUFCHuJotVSJGEHafr3jbbcGJVOKRBEp0FSfwamK5t17TddFQ5X0otTbJNDEbjdZUDzUyHwrLuBD/m6Y7EhWTzpDHAMqm0mcDPxtDD8K63s+37wY86Xf4KsBgsyWhNiWPWnItXWscuT+oW8slrEqT+ANTczhcbAEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.girlsrimguys.com
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263853804586177.00500894603011043%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226385380447e812.933460681791736486%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 22:36:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://www.girlsrimguys.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263853804586177.00500894603011043%22%3B%7D; expires=Wed, 27 Nov 2024 22:36:52 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226385380447e812.933460681791736486%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Wed, 27 Nov 2024 22:36:52 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| a.realsrv.com/popunder1000.js | 185.76.9.25 | 200 OK | 34 kB |
URL HTTP/2a.realsrv.com/popunder1000.js IP185.76.9.25:0 ASN#60068 Datacamp Limited
File typeASCII text, with very long lines (65536), with no line terminators Hashb6edeb4cf7540ee461cc229469f5247f baf5e1b6722a9fae59b6073de384cc8a2cc7eee1 c7220fdd076adf1621d17cde52c1af1c2064efc6110be1e7a6571d8954688a95
GET /popunder1000.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:52 GMT
content-type: application/javascript
etag: W/"1063790cabf57ffff66ecc0cab2"
expires: Mon, 28 Nov 2022 15:50:40 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669683059
server: CDN77-Turbo
x-77-nzt: AblMCRT2JvT/wQoAAA
x-77-nzt-ray: af585630429e2b3604388563dcbbc219
x-cache: HIT
x-age: 2753
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
|
|
| syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VQW2rDMBC8Si9gsS9Jq3y3vy2k5AC23IRA00JMIYE5fCWH+qc7sM9hGFZIZGAexJ847zTtoqBwKBRMAkfD69sexjidr5/L9Xw5/dyXUL8vMEkUC7IXiwklcioCSyreFCI5LHuOOaGl4uYEIyioQaKa9S4QIxMO7894OezBgVTyVhqd6CaRwKuLLmCtp1sXUeUxK9U6yzwzG01WVY8lJz46y9SJ/13TA4Gao8aQvwWUTcUEA2+DoQVhPY/L/asCG/2BuAow2KwXsPtUUkrU3jAp+2g+yxiTci01f+Rf7qcdh20BAAA= | 95.211.229.248 | 200 OK | 20 B |
URL HTTP/1.1syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VQW2rDMBC8Si9gsS9Jq3y3vy2k5AC23IRA00JMIYE5fCWH+qc7sM9hGFZIZGAexJ847zTtoqBwKBRMAkfD69sexjidr5/L9Xw5/dyXUL8vMEkUC7IXiwklcioCSyreFCI5LHuOOaGl4uYEIyioQaKa9S4QIxMO7894OezBgVTyVhqd6CaRwKuLLmCtp1sXUeUxK9U6yzwzG01WVY8lJz46y9SJ/13TA4Gao8aQvwWUTcUEA2+DoQVhPY/L/asCG/2BuAow2KwXsPtUUkrU3jAp+2g+yxiTci01f+Rf7qcdh20BAAA= IP95.211.229.248:0 ASN#60781 LeaseWeb Netherlands B.V.
Hasha4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VQW2rDMBC8Si9gsS9Jq3y3vy2k5AC23IRA00JMIYE5fCWH+qc7sM9hGFZIZGAexJ847zTtoqBwKBRMAkfD69sexjidr5/L9Xw5/dyXUL8vMEkUC7IXiwklcioCSyreFCI5LHuOOaGl4uYEIyioQaKa9S4QIxMO7894OezBgVTyVhqd6CaRwKuLLmCtp1sXUeUxK9U6yzwzG01WVY8lJz46y9SJ/13TA4Gao8aQvwWUTcUEA2+DoQVhPY/L/asCG/2BuAow2KwXsPtUUkrU3jAp+2g+yxiTci01f+Rf7qcdh20BAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.girlsrimguys.com
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226385380458fdc7.171143383036233558%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226385380447e812.933460681791736486%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 22:36:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://www.girlsrimguys.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226385380458fdc7.171143383036233558%22%3B%7D; expires=Wed, 27 Nov 2024 22:36:52 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226385380447e812.933460681791736486%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.03940399%22%7D; expires=Wed, 27 Nov 2024 22:36:52 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| syndication.realsrv.com/splash.php?idzone=4632846&cookieconsent=true | 95.211.229.248 | 200 OK | 2.7 kB |
URL HTTP/1.1syndication.realsrv.com/splash.php?idzone=4632846&cookieconsent=true IP95.211.229.248:0 ASN#60781 LeaseWeb Netherlands B.V.
File typeXML 1.0 document text\012- XML document, ASCII text, with very long lines (1578) Hashd0aa4392d28a2cac7c8e65360d9a1dcf aa3bb5bb0eeac65f2dc02c953902170c4d7a03fa ab1f33cc034d355a3071d545278898bbe3dd4cad56625a18adbc1a6cf7cf967a
GET /splash.php?idzone=4632846&cookieconsent=true HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.girlsrimguys.com
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%226385380456f251.4648722220366360%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226385380447e812.933460681791736486%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 22:36:52 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%226385380456f251.4648722220366360%22%3B%7D; expires=Wed, 27 Nov 2024 22:36:52 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4632846%7C59493762%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C6385380456f251.4648722220366360%7C%7C0%7Cgirlsrimguys.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 29 Nov 2022 22:36:52 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://www.girlsrimguys.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| s3t3d2y8.afcdn.net/library/426059/b68ca2a2743cb81d3de25dfcd492e5625b225ab4.webp | 185.76.9.21 | 200 OK | 9.7 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/426059/b68ca2a2743cb81d3de25dfcd492e5625b225ab4.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash7f3b6d53f41c4e2c8bb111676a45a9c3 b68ca2a2743cb81d3de25dfcd492e5625b225ab4 686e47680678c07d558e848622d0f990ba6668214b93d46d148ac60af8bd3692
GET /library/426059/b68ca2a2743cb81d3de25dfcd492e5625b225ab4.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:52 GMT
content-type: image/webp
content-length: 9678
last-modified: Fri, 09 Sep 2022 14:47:32 GMT
etag: "631b5204-25ce"
expires: Tue, 28 Nov 2023 15:07:21 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1701184364
server: CDN77-Turbo
x-77-nzt: AblMCRT9jHb/GGgAAA
x-77-nzt-ray: af5856306a9eec3904388563fb28e326
x-cache: HIT
x-age: 26648
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/426059/cfd0821f59440b70f71d289f50f5c4cecc432857.mp4 | 185.76.9.21 | 206 Partial Content | 30 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/426059/cfd0821f59440b70f71d289f50f5c4cecc432857.mp4 IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data Hash01ff75b802f49864fde70de9cb2e6b0c cfd0821f59440b70f71d289f50f5c4cecc432857 633517df5f9bd7bb117a8917dce5c9a70f2603e43be9f2a5b55eaf66afcaa13e
GET /library/426059/cfd0821f59440b70f71d289f50f5c4cecc432857.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Mon, 28 Nov 2022 22:36:52 GMT
content-type: video/mp4
content-length: 29888
last-modified: Wed, 03 Aug 2022 13:34:23 GMT
etag: "62ea795f-74c0"
expires: Fri, 27 Oct 2023 12:47:34 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1701184086
server: CDN77-Turbo
x-77-nzt: AblMCRTXfYL/LmkAAA
x-77-nzt-ray: af5856306a9eec39043885635c506f27
x-cache: HIT
x-age: 26926
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-29887/29888
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/426059/7d79e2d332408b34ccbe25f58382a789d57c09d4.mp4 | 185.76.9.21 | 206 Partial Content | 23 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/426059/7d79e2d332408b34ccbe25f58382a789d57c09d4.mp4 IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data Hash159d04aa596c13e2dc17b2cad8c2b38f 7d79e2d332408b34ccbe25f58382a789d57c09d4 92dd517256b8ea456831ad8b5d689b6113a1768b1d60b0733d12d959f314f7e1
GET /library/426059/7d79e2d332408b34ccbe25f58382a789d57c09d4.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Mon, 28 Nov 2022 22:36:52 GMT
content-type: video/mp4
content-length: 22821
last-modified: Tue, 06 Sep 2022 15:19:48 GMT
etag: "63176514-5925"
expires: Fri, 27 Oct 2023 12:47:34 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1701184546
server: CDN77-Turbo
x-77-nzt: AblMCRT6dJb/YmcAAA
x-77-nzt-ray: af5856306a9eec3904388563ca648827
x-cache: HIT
x-age: 26466
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-22820/22821
X-Firefox-Spdy: h2
|
|
| a.realsrv.com/video-slider.js | 185.76.9.25 | 200 OK | 22 kB |
URL HTTP/2a.realsrv.com/video-slider.js IP185.76.9.25:0 ASN#60068 Datacamp Limited
File typeASCII text, with very long lines (50799), with no line terminators Hashf5a9115317bf6d383ae41d3a54965dfd 7b5a353e2e0319ffdb5b64bb270022b2cafaf336 81dee0f7fe1b47a4361c69c9d7fb094dd742bbd5a415313fe43039da78ff6d54
GET /video-slider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226385380458fdc7.171143383036233558%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226385380447e812.933460681791736486%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:52 GMT
content-type: application/javascript
etag: W/"df85cb3251e415fb570ae9b4dba"
expires: Mon, 28 Nov 2022 15:50:41 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669683059
server: CDN77-Turbo
x-77-nzt: AblMCRQlzkf/wQoAAA
x-77-nzt-ray: af585630429e2b360438856333df9620
x-cache: HIT
x-age: 2753
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hash17c905b84a1c5c0bcfbd5d05298a1f29 64488248a857125382bfa6a24ea8f86c45d65ae0 f0884e1120fa21f8d6b3efbb7d90fc8d431b6051c60c9cc4073a6342673f4d0f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2276
Cache-Control: max-age=150253
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:52 GMT
Etag: "6384d70d-117"
Expires: Wed, 30 Nov 2022 16:21:05 GMT
Last-Modified: Mon, 28 Nov 2022 15:43:09 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
|
|
| go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOprontprdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotqotlpqr4nqmjprptsnnnnlorrorlc6V3PZPik7_5Osseof3OdK6V0rpXSuldK6V0rg.w--&sourceId=4632846&p1=4581534&skipOffset=00:00:05 | 104.18.59.150 | 302 Found | 0 B |
URL HTTP/2go.xlivrdr.com/smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOprontprdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotqotlpqr4nqmjprptsnnnnlorrorlc6V3PZPik7_5Osseof3OdK6V0rpXSuldK6V0rg.w--&sourceId=4632846&p1=4581534&skipOffset=00:00:05 IP104.18.59.150:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&memberId=ooc4ASOprontprdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotqotlpqr4nqmjprptsnnnnlorrorlc6V3PZPik7_5Osseof3OdK6V0rpXSuldK6V0rg.w--&sourceId=4632846&p1=4581534&skipOffset=00:00:05 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.girlsrimguys.com
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 28 Nov 2022 22:36:52 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOprontprdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotqotlpqr4nqmjprptsnnnnlorrorlc6V3PZPik7_5Osseof3OdK6V0rpXSuldK6V0rg.w--&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4632846&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11
access-control-allow-origin: https://www.girlsrimguys.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=7868025.29475; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeSF4mw3pyDiW7pyQKQbvWFxeRue; SameSite=None; Secure; path=/; expires=Tue, 29-Nov-22 21:36:52 GMT; HttpOnly
server: cloudflare
cf-ray: 771695bd8fbcb4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hash17c905b84a1c5c0bcfbd5d05298a1f29 64488248a857125382bfa6a24ea8f86c45d65ae0 f0884e1120fa21f8d6b3efbb7d90fc8d431b6051c60c9cc4073a6342673f4d0f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5181
Cache-Control: max-age=153158
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:52 GMT
Etag: "6384d70d-117"
Expires: Wed, 30 Nov 2022 17:09:30 GMT
Last-Modified: Mon, 28 Nov 2022 15:43:09 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 279
|
|
| go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOprontprdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotqotlpqr4nqmjprptsnnnnlorrorlc6V3PZPik7_5Osseof3OdK6V0rpXSuldK6V0rg.w--&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4632846&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11 | 104.18.59.150 | 200 OK | 2.5 kB |
URL HTTP/2go.xlivrdr.com/api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOprontprdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotqotlpqr4nqmjprptsnnnnlorrorlc6V3PZPik7_5Osseof3OdK6V0rpXSuldK6V0rg.w--&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4632846&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11 IP104.18.59.150:0
File typeXML 1.0 document text\012- XML document, ASCII text, with very long lines (2178), with no line terminators Hash1345fc85b1cbd32dd1d4d3b3255e79e0 435b2a0c629926eae7b92a5fdb1a28542a54c147 4c9c5068f1750099ccc6e1cc6bba2d3599f0839c361241c9d835fd4ef8445291
GET /api/models/vast?campaignId=165aea9bcdd7aabac45f72d02f58fd24b8416bc57cfc540b1b4409ac823564af&campaignType=smartpop&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257107&masterSmartpopId=2683&memberId=ooc4ASOprontprdVdTdRZXO6VzqpbXUzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotqotlpqr4nqmjprptsnnnnlorrorlc6V3PZPik7_5Osseof3OdK6V0rpXSuldK6V0rg.w--&p1=4581534&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3564&sourceId=4632846&tag=-girls%2Findian&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29475&videosList=oil-show11 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.girlsrimguys.com
Referer: https://www.girlsrimguys.com/
Connection: keep-alive
Cookie: __cflb=02DiuDfsBaY2bRYJiCeSF4mw3pyDiW7pyQKQbvWFxeRue
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:52 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://www.girlsrimguys.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 771695bddffbb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| hqq.to/js/video.jquery_plugs/modernizr.js?12 | 190.115.19.71 | 200 OK | 652 B |
URL HTTP/2hqq.to/js/video.jquery_plugs/modernizr.js?12 IP190.115.19.71:0 ASN#262254 DDOS-GUARD CORP.
File typeASCII text, with very long lines (1227), with no line terminators Hashaecce2cd69440bcd1b71a8f0ce204922 7bf5702d34c33349bead0bb2cb7ad2200d699196 b9159c2d62fb50c02489b011962ed2549515067437b550834432787ff25a5dfb
GET /js/video.jquery_plugs/modernizr.js?12 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=270230233277272268268231227259212226194271217271255&autoplay=none&hash_from=69876691af0a28ddfd4bf0c4a1bfbef1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=sr3sGJsTGfc6v5fabsbm; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 28-Nov-2023 22:36:52 GMT
date: Mon, 17 Oct 2022 10:45:52 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 03 Jun 2018 17:19:35 GMT
etag: W/"5b142327-4cb"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 3671460
ddg-cache-status: HIT,MISS
content-length: 652
X-Firefox-Spdy: h2
|
|
| hqq.to/js/d_check.js?34 | 190.115.19.71 | 200 OK | 1.0 kB |
IP190.115.19.71:0 ASN#262254 DDOS-GUARD CORP.
File typeASCII text, with very long lines (821) Hash841e4af4332ce934406a4e59a063aa98 fd8429c4c48157e134268b448d713b642f461af6 fde29879f9e4795b74c36aa1a23b32f35f5f67131fc914be72e42f1fff8740d3
GET /js/d_check.js?34 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=270230233277272268268231227259212226194271217271255&autoplay=none&hash_from=69876691af0a28ddfd4bf0c4a1bfbef1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=sn00a1ylGLyjYGeFTx2Z; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 28-Nov-2023 22:36:52 GMT
date: Mon, 17 Oct 2022 10:54:47 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 27 Feb 2020 14:57:53 GMT
etag: W/"5e57d8f1-d8a"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 3670925
ddg-cache-status: HIT,MISS
content-length: 1028
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hashebda5539b32fd20ab6af182e1bc1e20b 4dd11178830150371e491ff52718a5f32b7e6169 7dde43dd3acc5353cc49b96dbced0a6995e47f52b4a055c6d4b35ab44e8f5fca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 991
Cache-Control: max-age=146080
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:52 GMT
Etag: "6384cbc5-117"
Expires: Wed, 30 Nov 2022 15:11:32 GMT
Last-Modified: Mon, 28 Nov 2022 14:55:01 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 279
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hashebda5539b32fd20ab6af182e1bc1e20b 4dd11178830150371e491ff52718a5f32b7e6169 7dde43dd3acc5353cc49b96dbced0a6995e47f52b4a055c6d4b35ab44e8f5fca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 991
Cache-Control: max-age=146080
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:52 GMT
Etag: "6384cbc5-117"
Expires: Wed, 30 Nov 2022 15:11:32 GMT
Last-Modified: Mon, 28 Nov 2022 14:55:01 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 279
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hash9afed9a93c273c5350f2f0eaa8777947 cb78f9d742387b308ce13c4a2ebb597a1aed2cb2 d3754fbc628af058d0619ed54dfed7176036dfac127cb67cb0046a9141acd8b1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6180
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:52 GMT
Last-Modified: Mon, 28 Nov 2022 20:53:52 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 279
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hashebda5539b32fd20ab6af182e1bc1e20b 4dd11178830150371e491ff52718a5f32b7e6169 7dde43dd3acc5353cc49b96dbced0a6995e47f52b4a055c6d4b35ab44e8f5fca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3025
Cache-Control: max-age=148114
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:52 GMT
Etag: "6384cbc5-117"
Expires: Wed, 30 Nov 2022 15:45:26 GMT
Last-Modified: Mon, 28 Nov 2022 14:55:01 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
|
|
| hqq.to/js/embed.205.js?736 | 190.115.19.71 | 200 OK | 40 kB |
URL HTTP/2hqq.to/js/embed.205.js?736 IP190.115.19.71:0 ASN#262254 DDOS-GUARD CORP.
File typeUnicode text, UTF-8 text, with very long lines (3414) Hasha90103e09bb84e7a40056290782919c7 6df1efda05907116927ee40e029c3f28cb401340 7dc905c2441e5b327b9509396140a655251f9e94c56c80f54b684db09024efd8
GET /js/embed.205.js?736 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=270230233277272268268231227259212226194271217271255&autoplay=none&hash_from=69876691af0a28ddfd4bf0c4a1bfbef1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=0S81OhwPRB31MW1S53yM; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 28-Nov-2023 22:36:52 GMT
date: Mon, 17 Oct 2022 10:45:52 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 04 Aug 2022 18:07:34 GMT
etag: W/"62ec0ae6-298ce"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 3671460
ddg-cache-status: HIT,MISS
content-length: 39845
X-Firefox-Spdy: h2
|
|
| hqq.to/js/adv/fuckadblock.js?2 | 190.115.19.71 | 200 OK | 3.5 kB |
URL HTTP/2hqq.to/js/adv/fuckadblock.js?2 IP190.115.19.71:0 ASN#262254 DDOS-GUARD CORP.
File typeASCII text, with CRLF line terminators Hashec1ee09f3fac94172cb7563a95812487 77b7090fc3bb4431371fa6ed84e2623dd0015c30 94db3115fa9ba527b159c6c3d3b928c585774be570300801d274eac81806eda0
GET /js/adv/fuckadblock.js?2 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=270230233277272268268231227259212226194271217271255&autoplay=none&hash_from=69876691af0a28ddfd4bf0c4a1bfbef1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=fTjTlbMXoBR5OY8Atfnp; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 28-Nov-2023 22:36:52 GMT
date: Mon, 17 Oct 2022 10:45:52 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2019 17:39:04 GMT
etag: W/"5d656ab8-369e"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 3671460
ddg-cache-status: HIT,MISS
content-length: 3525
X-Firefox-Spdy: h2
|
|
| commentsengine.com/js/js.load.1.js?7827369974205244 | 172.67.190.246 | 200 OK | 0 B |
URL HTTP/2commentsengine.com/js/js.load.1.js?7827369974205244 IP172.67.190.246:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/js.load.1.js?7827369974205244 HTTP/1.1
Host: commentsengine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:52 GMT
content-type: application/javascript; charset=UTF-8
content-length: 0
last-modified: Thu, 14 Apr 2022 12:20:52 GMT
etag: "625811a4-0"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 15124337
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=upPsLXfuZ2CbiQQ2nP8C4ENkGcCoI1zhry%2BWHaeKA5jist5DMssEAXj69mTS%2FX7waLyz236zCX5ad82VZnaZQh2kPPhC6MBEHxnM4dYunG65gqBxQxxkrslB4EJKro%2Beu83ElUE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771695beeccffabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| e1.o.lencr.org/ | 23.36.76.226 | 200 OK | 345 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash363326d387ba196cf350a6591063b25a e2f9f5cb1d3e27eb5e28514fc08317e2a3fed968 c1a173082c27df9373ba3de32ad5bb0e6f61b132e303bdca09123491c7fb7cde
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C1A173082C27DF9373BA3DE32AD5BB0E6F61B132E303BDCA09123491C7FB7CDE"
Last-Modified: Mon, 28 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8765
Expires: Tue, 29 Nov 2022 01:02:57 GMT
Date: Mon, 28 Nov 2022 22:36:52 GMT
Connection: keep-alive
|
|
| unpkg.com/jquery@2.2.4/dist/jquery.min.js | 104.16.125.175 | 200 OK | 31 kB |
URL HTTP/2unpkg.com/jquery@2.2.4/dist/jquery.min.js IP104.16.125.175:0
File typeASCII text, with very long lines (32065) Hashb04b9d941ba88aec4c0fe6a9c3a09135 b9c565d06a5aec6e011da7cca83b9009fc9c0415 d7753c8fb7202a5aeff67c3c790056d99abb0f5370ab99fa7478e0b6307480c5
GET /jquery@2.2.4/dist/jquery.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:52 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Fri, 20 May 2016 17:24:42 GMT
etag: W/"14e4a-abtp4lyn1e8JNTF1hOYVPz/ZqIw"
via: 1.1 fly.io
fly-request-id: 01G754SVY4BFC19MXYRYRMED91-fra
cf-cache-status: HIT
age: 12718513
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 771695bf19afb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| hqq.to/player/embed_player.php?vid=270230233277272268268231227259212226194271217271255&autoplay=none&hash_from=69876691af0a28ddfd4bf0c4a1bfbef1 | 190.115.19.71 | 200 OK | 43 kB |
URL HTTP/2hqq.to/player/embed_player.php?vid=270230233277272268268231227259212226194271217271255&autoplay=none&hash_from=69876691af0a28ddfd4bf0c4a1bfbef1 IP190.115.19.71:0 ASN#262254 DDOS-GUARD CORP.
Hasheaa2045b1fbfb18a10dfadfffa559961 18a9e80c10972432e7c6ab2099337adcb1e9f2db 31640f9e815c3eadd36c7cc7f5842a91f383ba348f4b844d2c15984d737704cc
GET /player/embed_player.php?vid=270230233277272268268231227259212226194271217271255&autoplay=none&hash_from=69876691af0a28ddfd4bf0c4a1bfbef1 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=Ey4BeupfsI2vGTv1OSMQ; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 28-Nov-2023 22:36:52 GMT
date: Mon, 28 Nov 2022 22:36:52 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//hqq.to>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//signal.netu.tv>; rel=dns-prefetch; crossorigin,<//wss.commentsengine.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//deliver.vkcdnservice.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
content-encoding: gzip
x-cache-status-inferno: EXPIRED
x-inferno-location: player
x-inferno-limit-req: PASSED
X-Firefox-Spdy: h2
|
|
| hqq.to/cdn-cgi/trace | 190.115.19.71 | 404 Not Found | 599 B |
IP190.115.19.71:0 ASN#262254 DDOS-GUARD CORP.
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash4436ca85b8c4a29c1de308f3d4aa7561 27a6e781f35dc1f7afe94ccabe39a0f30b843df8 195bf21ff10cace5b301e7aaba861bf70d13b76e9de82d75642598867f5a01d3
GET /cdn-cgi/trace HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=270230233277272268268231227259212226194271217271255&autoplay=none&hash_from=69876691af0a28ddfd4bf0c4a1bfbef1
Cookie: uid=BjXZMrTtpNjsE0YdbEu0CU8P7jfEO27g
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: ddos-guard
set-cookie: __ddg1_=S823jH4KTzRlB5JuOFhk; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 28-Nov-2023 22:36:53 GMT
date: Mon, 28 Nov 2022 22:36:52 GMT
content-type: text/html; charset=UTF-8
x-origin-location: /
x-cache-status-inferno: MISS
x-inferno-location: /
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js | 173.233.137.44 | 200 OK | 12 kB |
URL HTTP/1.1alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js IP173.233.137.44:0
Hashf0f5fb7c28784647f2420e856247050c b2112be8a991283b1b1900125147b2ba2ec6217e 36592b3d8c02c9d9a94236a4b01f3f09528ae1d50d1a80d27295fffacf96a4ee
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js HTTP/1.1
Host: alleviatepracticableaddicted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 28 Nov 2022 22:36:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9c00588ee4e1aa80bfbc4fd335e4e5da
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashaebda342a81ad83f60d2523f54ccda67 e590d9326e4a283e0929a8ffccb13cc4308af0e6 bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9726
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:36:53 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashaebda342a81ad83f60d2523f54ccda67 e590d9326e4a283e0929a8ffccb13cc4308af0e6 bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9726
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:36:53 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashaebda342a81ad83f60d2523f54ccda67 e590d9326e4a283e0929a8ffccb13cc4308af0e6 bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9726
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:36:53 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashaebda342a81ad83f60d2523f54ccda67 e590d9326e4a283e0929a8ffccb13cc4308af0e6 bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9726
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:36:53 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashaebda342a81ad83f60d2523f54ccda67 e590d9326e4a283e0929a8ffccb13cc4308af0e6 bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9726
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:36:53 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg | 34.120.237.76 | 200 OK | 4.9 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hasha4058fd62595d15c58b3d3266de9865a d0dff35eb78f129b5da407043037bcf9c27e55c0 ab996c23d58871a2ad53f0c34688c87f0d7c0eac5d0c1d8265b86951248449fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4871
x-amzn-requestid: e2dfa7b8-ded7-4104-a913-1b84746a3c6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLDUUEy_oAMFgSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638118e8-0b229e0f60ff019d26800dd9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 19:35:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qh3WqWdBmMG3fzchn3OvxbEpwm2wl_CXi105CL4uJda47N9ZX3CyLA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 08:56:43 GMT
age: 49210
etag: "d0dff35eb78f129b5da407043037bcf9c27e55c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee65fe0-e370-42e3-be13-065dcb4d76e1.jpeg | 34.120.237.76 | 200 OK | 4.9 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee65fe0-e370-42e3-be13-065dcb4d76e1.jpeg IP34.120.237.76:0
Hashd8b5533a2a6c741def33dd4c0f434e45 80623ae3ba7b0ba3d08054f2588720e96daf5783 50f12ec44a886e330a77efe3cac405fee3dd6e7755cdf1cdeaa013325750c56c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee65fe0-e370-42e3-be13-065dcb4d76e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4862
x-amzn-requestid: 17c6fb35-2dc8-45e4-a226-a74ba94323b3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYlHXxIAMFcpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5d0-5a0f4f667a3747166eb2b338;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2ImCYNlZ1ri4mMpJhMnoucEoQPgKly8gj7KvMPFYb6WpsoJ18WyFog==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 13:28:25 GMT
age: 32908
etag: "a6c7a59a6599ece2cf0e76c778c920dea94ff469"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad01b94-5d16-49b9-bf3e-5742e02ae8b6.jpeg | 34.120.237.76 | 200 OK | 8.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad01b94-5d16-49b9-bf3e-5742e02ae8b6.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash7e44c46db2ac9917110dc47aa38fdc85 b5b245c90705ad80c31d457c0d7c96709ca31e96 5024225a583b188860eaf21f7196c06cef8b2e89389ae4b1df6e314399f3b2ae
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad01b94-5d16-49b9-bf3e-5742e02ae8b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8796
x-amzn-requestid: 2eed036c-fcda-425b-8c5d-0b0ff31214a0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEEWMIAMFwKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-5cb071a2098d43d909eb8d5c;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uWzs8gOBoczTeYXB7-FfJemWbh-hYHwNcR3b9BM5VtJ55NRUzCZeTQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 14:56:22 GMT
age: 27631
etag: "b5b245c90705ad80c31d457c0d7c96709ca31e96"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b0dcfcd-38d5-4614-ad4e-405d8ad4ee91.jpeg | 34.120.237.76 | 200 OK | 6.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b0dcfcd-38d5-4614-ad4e-405d8ad4ee91.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashb5e2bc1651b37b8e0467c2a6cb860fb3 3348f081a3357490a704592d105d02e81886df89 751c601e075c9338335c05b0f430ba8065b4e97440e6630993afd943f302b253
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b0dcfcd-38d5-4614-ad4e-405d8ad4ee91.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6037
x-amzn-requestid: eb17903e-1fd3-4a41-a6d1-8b671d890400
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPAJjFa3oAMFcLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382ad70-3db95fcd1aeb9c411c55d173;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 00:21:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NqtaziEIRl6auIGehos7TAJfBAY3CtGJX0vC-pWhjs377L_rEyM6hg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 10:14:18 GMT
age: 44555
etag: "3348f081a3357490a704592d105d02e81886df89"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg | 34.120.237.76 | 200 OK | 8.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash516776052e5e906ea9f42d25bae5cc85 be4c4d01fc67218e26a3e9d27a2f708e639c9d4b 28e70e38cfad65ad8a7a68ab1dc78747c7013a87b854fc35b163cc5765cd0570
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8460
x-amzn-requestid: 51416479-3854-4f1a-9d86-35e104c57f6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnkHuZIAMF-_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852963-180b323d4a45fa2f29f9b1fc;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ieDA8l_Up51cFaB9IExlSs8A5m-H77va1rCVF_WRMg_FN53Xakipuw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:55 GMT
age: 2998
etag: "be4c4d01fc67218e26a3e9d27a2f708e639c9d4b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F306bb762-e2a8-4771-9a39-086c46f94b11.jpeg | 34.120.237.76 | 200 OK | 7.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F306bb762-e2a8-4771-9a39-086c46f94b11.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash415b1b1d5a29fc17b4114bb3df1d1c22 600859401c885cc2cdd1f199cccc198eb41d6a04 abfbf4ecf2423736a29686859f6a8f2b77204b48f3f60d208f6d491e80611e7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F306bb762-e2a8-4771-9a39-086c46f94b11.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7549
x-amzn-requestid: bb37235a-8c7d-47fe-abb6-6cc633560165
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP-7lHmsoAMF9lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638311e3-1f2a4abc40119f3e026dc393;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:29:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ds96jURZ0epaXMg2oTUETRQCpHwlVJrl5hTqvpUAWEGVa5rbDve1FA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:42 GMT
age: 3011
etag: "600859401c885cc2cdd1f199cccc198eb41d6a04"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| e1.o.lencr.org/ | 23.36.76.226 | 200 OK | 345 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash55703d3bfe2eb684148ed6c064f04955 7ebd83b433d0f21d992c54c5cb686fac8031a0cf ace43109e30792780c3b526994d017abac37d7bedec0382de7b0fb3a10d62041
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "ACE43109E30792780C3B526994D017ABAC37D7BEDEC0382DE7B0FB3A10D62041"
Last-Modified: Sun, 27 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9282
Expires: Tue, 29 Nov 2022 01:11:35 GMT
Date: Mon, 28 Nov 2022 22:36:53 GMT
Connection: keep-alive
|
|
| ocsp.sca1b.amazontrust.com/ | 143.204.42.156 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP143.204.42.156:0
Hash94d394d6beaad25971b7f1e02d93b841 07359fac8e3e5c10dee86bdb0d2a468ab90d8f9a 06c4f25efd09668ee6bc8cc7b4d278841c5abb5d31c0e029cda8b43c4ee4a489
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=145737
Date: Mon, 28 Nov 2022 22:36:53 GMT
Etag: "6384b816-1d7"
Expires: Wed, 30 Nov 2022 15:05:50 GMT
Last-Modified: Mon, 28 Nov 2022 13:31:02 GMT
Server: ECS (nyb/1D11)
X-Cache: Miss from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: a87TTKeAAXMt9bowTdCk4l18aUxlQzVW7UPjX8XXvDPkC1UfjM7MEQ==
Age: 5688
|
|
| simplewebanalysis.com/stats | 18.185.190.54 | 200 OK | 40 B |
URL HTTP/2simplewebanalysis.com/stats IP18.185.190.54:0
File typeASCII text, with no line terminators Hash9154707e692e32a274e013974d3155fc b2ce6c760932f93a303451d7391a67c766b6e427 1098f51ce802cb6e45f5b61b5a1e4bb09f6ea7654c92d0a089efae024784c9b9
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:54 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://hqq.to
access-control-allow-credentials: true
set-cookie: uid_id2=de78c688-c46a-44d4-bbe6-5a912a2af21c:3:1; expires=Thu, 25 Nov 2032 22:36:54 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| e1.o.lencr.org/ | 23.36.76.226 | 200 OK | 345 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash55703d3bfe2eb684148ed6c064f04955 7ebd83b433d0f21d992c54c5cb686fac8031a0cf ace43109e30792780c3b526994d017abac37d7bedec0382de7b0fb3a10d62041
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "ACE43109E30792780C3B526994D017ABAC37D7BEDEC0382DE7B0FB3A10D62041"
Last-Modified: Sun, 27 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9281
Expires: Tue, 29 Nov 2022 01:11:35 GMT
Date: Mon, 28 Nov 2022 22:36:54 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashe946cb0c788ecef674c6c56fd2481db7 19342e6b84f6faa4ef532d995ca5a914d32e0672 3e87cec29350a8b24a5759e6fdb0e6298a581186294cf9d869dca0015d08b8f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E87CEC29350A8B24A5759E6FDB0E6298A581186294CF9D869DCA0015D08B8F3"
Last-Modified: Sun, 27 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5899
Expires: Tue, 29 Nov 2022 00:15:13 GMT
Date: Mon, 28 Nov 2022 22:36:54 GMT
Connection: keep-alive
|
|
| specialistinsensitive.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js | 192.243.61.225 | 200 OK | 29 kB |
URL HTTP/1.1specialistinsensitive.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators Hash3e3c679aef1202931ecdd1a617c67dee ee62793e30f4d45c339bd9ff6c676db0fc4f8b13 f95d95e768258f12d79bf24236938e9121712ddaabfc9f0530492884b76184e3
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 28 Nov 2022 22:36:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d030118459c636b0a3b14667257fab78
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| specialistinsensitive.com/sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e&uuid=de78c688-c46a-44d4-bbe6-5a912a2af21c%3A3%3A1 | 192.243.61.225 | 200 OK | 4.1 kB |
URL HTTP/1.1specialistinsensitive.com/sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e&uuid=de78c688-c46a-44d4-bbe6-5a912a2af21c%3A3%3A1 IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
File typeJSON data\012- , ASCII text, with very long lines (5769), with no line terminators Hash2eb535971844e521d1633e7c203e8a36 bd255e2541db6f909e573af96a0193e5ab26b429 6b66fcb3d1856886caffe185210c63f6fd0013669531a318117111023768880c
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e&uuid=de78c688-c46a-44d4-bbe6-5a912a2af21c%3A3%3A1 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 28 Nov 2022 22:36:54 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://hqq.to
Access-Control-Allow-Origin: https://hqq.to
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17334956; expires=Tue, 29 Nov 2022 22:36:54 GMT; secure; SameSite=None
uid_id2=de78c688-c46a-44d4-bbe6-5a912a2af21c:3:1; expires=Mon, 05 Dec 2022 22:36:54 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 29 Nov 2022 22:36:54 GMT; secure; SameSite=None
uncs=1; expires=Tue, 29 Nov 2022 22:36:54 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 29 Nov 2022 22:36:54 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 29 Nov 2022 22:36:54 GMT; secure; SameSite=None
sleca6b0b8925d9b3a4154c035c24b4ed97e=[3396716]; expires=Mon, 28 Nov 2022 22:36:59 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 81059eef93af1223319011be61a54d7f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hash9d2b8a315aaa2b317658a5547e978775 38be122464d146fffa22e41fb7b4fd8d878061e5 105a6791b0320420d2607027e646f2eb24526b690affb500c4d8184f3194567e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3608
Cache-Control: max-age=161306
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:54 GMT
Etag: "6384fd08-117"
Expires: Wed, 30 Nov 2022 19:25:20 GMT
Last-Modified: Mon, 28 Nov 2022 18:25:12 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
|
|
| specialistinsensitive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTqIGvKh4URTm4EHBne3u6Z4f5hCMMRJMsksS2ZNg%2FerZcmu6OlXd07N7WhKUHMebx943u1miiyTgNSCzgsiC4CjIQNz%2FQYScPMjsDox%2Bh%2F6%2B1%2B87vPe%2B%2BnKnOCY%2BCjpdvW62lNZ0Oa77tbfXVCpM6Wo3btcCv%2B5fqK2ptBldqA1mH9t%2FL%2FDjuv9O7SPJN8xy6Ae%2BH%2FhB7YqyMjGD5RMWKjvoBPWOX4%2FCehBHGNj%2FY1d4cNSD6B%2BTV6DE5Ln1nx9D8THS3qPL0m3kJnv3w16haW4s%2BmL%2Fk3QjNWWK3mJMrIck3Z9vw7gJIV%2BfgUn35w5g%2BrszB2BqQrw%2FArB0fy4TrL93qpRpyBRMvIiyP4bUYyg6Bjf3oMSvBOACN1aQ9h7cMLakm6csnbETcu7Z31DlhJz781Wkve8uaTWo3TK6yJVJHQZJBTUYQ3XHyIpD5FseVHkInt%2BFEr%2BQ5WfXkPZ2V5w2UGL6lpCtNm%2B220s8atKlKBLREmOyuRTTThDSkCZhwE8iUmoMlYyh5RDUnUXhPBTKQ5F4KDIPPTGt0biT%2BH4rYUmj0Y44540G53G7KWLRiNqJj4LPPAyRZ0NwPQS328jsNjbUELb4AW69ghMeXE7QFxVKSVA6gpISlIqgzAnKfrUntAtd9UBoV7Bg3sN5b1Qjk3d36J7JuzIlO9kxeXkWnHf%2B7gE25LRGm8xn7U4Yiw5r0CiII%2B43Yh5GLJKi05JwqoJyZ0Cdhy01IW88qSNTE%2FLCp0%2FB6CGcPgRXL4EWb4KWo1bog66PoraPrfSAikLnS%2Bt37tRzA2EqZPk55Jvejj4mr50csPG7huRHFz9j1yd%2FPfwH3FbIbIXP1Y8EXX1%2FdNOUZPemKR15vJLlqqe26Oy4t3Kay7PffCw3S2PF1ctu%2BPB9PiNm48Ft6fJrNBUq7Try7SUlhLRXjOWSPLnq1iRbLdz6pcKmRXZt9YMrV3uZlc4pk45B1YSQn47A1YSc%2F3568nBff%2FoIyo5hiwq94ojMC8ocgmfbcNlCvzMEVi92WOahLKqRDdnip1YEWi4wZRXcfzBbzDvuPrrWA83vIe1V6NsKfV2B6iFccXaUZ%2Fbo4m%2BNkwLT3ohp6%2B0ybfVXp%2BE6Na3JOPET6YeSJR2WtKgvOknUYbQTyBaLaYDcTfgX7ef%2FBQAA%2F%2F8BAAD%2F%2Fwzn%2BeuQBAAA | 192.243.61.225 | 200 OK | 7 B |
URL HTTP/1.1specialistinsensitive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTqIGvKh4URTm4EHBne3u6Z4f5hCMMRJMsksS2ZNg%2FerZcmu6OlXd07N7WhKUHMebx943u1miiyTgNSCzgsiC4CjIQNz%2FQYScPMjsDox%2Bh%2F6%2B1%2B87vPe%2B%2BnKnOCY%2BCjpdvW62lNZ0Oa77tbfXVCpM6Wo3btcCv%2B5fqK2ptBldqA1mH9t%2FL%2FDjuv9O7SPJN8xy6Ae%2BH%2FhB7YqyMjGD5RMWKjvoBPWOX4%2FCehBHGNj%2FY1d4cNSD6B%2BTV6DE5Ln1nx9D8THS3qPL0m3kJnv3w16haW4s%2BmL%2Fk3QjNWWK3mJMrIck3Z9vw7gJIV%2BfgUn35w5g%2BrszB2BqQrw%2FArB0fy4TrL93qpRpyBRMvIiyP4bUYyg6Bjf3oMSvBOACN1aQ9h7cMLakm6csnbETcu7Z31DlhJz781Wkve8uaTWo3TK6yJVJHQZJBTUYQ3XHyIpD5FseVHkInt%2BFEr%2BQ5WfXkPZ2V5w2UGL6lpCtNm%2B220s8atKlKBLREmOyuRTTThDSkCZhwE8iUmoMlYyh5RDUnUXhPBTKQ5F4KDIPPTGt0biT%2BH4rYUmj0Y44540G53G7KWLRiNqJj4LPPAyRZ0NwPQS328jsNjbUELb4AW69ghMeXE7QFxVKSVA6gpISlIqgzAnKfrUntAtd9UBoV7Bg3sN5b1Qjk3d36J7JuzIlO9kxeXkWnHf%2B7gE25LRGm8xn7U4Yiw5r0CiII%2B43Yh5GLJKi05JwqoJyZ0Cdhy01IW88qSNTE%2FLCp0%2FB6CGcPgRXL4EWb4KWo1bog66PoraPrfSAikLnS%2Bt37tRzA2EqZPk55Jvejj4mr50csPG7huRHFz9j1yd%2FPfwH3FbIbIXP1Y8EXX1%2FdNOUZPemKR15vJLlqqe26Oy4t3Kay7PffCw3S2PF1ctu%2BPB9PiNm48Ft6fJrNBUq7Try7SUlhLRXjOWSPLnq1iRbLdz6pcKmRXZt9YMrV3uZlc4pk45B1YSQn47A1YSc%2F3568nBff%2FoIyo5hiwq94ojMC8ocgmfbcNlCvzMEVi92WOahLKqRDdnip1YEWi4wZRXcfzBbzDvuPrrWA83vIe1V6NsKfV2B6iFccXaUZ%2Fbo4m%2BNkwLT3ohp6%2B0ybfVXp%2BE6Na3JOPET6YeSJR2WtKgvOknUYbQTyBaLaYDcTfgX7ef%2FBQAA%2F%2F8BAAD%2F%2Fwzn%2BeuQBAAA IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | fortinet | Malware | | quad9 | Sinkholed | |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTqIGvKh4URTm4EHBne3u6Z4f5hCMMRJMsksS2ZNg%2FerZcmu6OlXd07N7WhKUHMebx943u1miiyTgNSCzgsiC4CjIQNz%2FQYScPMjsDox%2Bh%2F6%2B1%2B87vPe%2B%2BnKnOCY%2BCjpdvW62lNZ0Oa77tbfXVCpM6Wo3btcCv%2B5fqK2ptBldqA1mH9t%2FL%2FDjuv9O7SPJN8xy6Ae%2BH%2FhB7YqyMjGD5RMWKjvoBPWOX4%2FCehBHGNj%2FY1d4cNSD6B%2BTV6DE5Ln1nx9D8THS3qPL0m3kJnv3w16haW4s%2BmL%2Fk3QjNWWK3mJMrIck3Z9vw7gJIV%2BfgUn35w5g%2BrszB2BqQrw%2FArB0fy4TrL93qpRpyBRMvIiyP4bUYyg6Bjf3oMSvBOACN1aQ9h7cMLakm6csnbETcu7Z31DlhJz781Wkve8uaTWo3TK6yJVJHQZJBTUYQ3XHyIpD5FseVHkInt%2BFEr%2BQ5WfXkPZ2V5w2UGL6lpCtNm%2B220s8atKlKBLREmOyuRTTThDSkCZhwE8iUmoMlYyh5RDUnUXhPBTKQ5F4KDIPPTGt0biT%2BH4rYUmj0Y44540G53G7KWLRiNqJj4LPPAyRZ0NwPQS328jsNjbUELb4AW69ghMeXE7QFxVKSVA6gpISlIqgzAnKfrUntAtd9UBoV7Bg3sN5b1Qjk3d36J7JuzIlO9kxeXkWnHf%2B7gE25LRGm8xn7U4Yiw5r0CiII%2B43Yh5GLJKi05JwqoJyZ0Cdhy01IW88qSNTE%2FLCp0%2FB6CGcPgRXL4EWb4KWo1bog66PoraPrfSAikLnS%2Bt37tRzA2EqZPk55Jvejj4mr50csPG7huRHFz9j1yd%2FPfwH3FbIbIXP1Y8EXX1%2FdNOUZPemKR15vJLlqqe26Oy4t3Kay7PffCw3S2PF1ctu%2BPB9PiNm48Ft6fJrNBUq7Try7SUlhLRXjOWSPLnq1iRbLdz6pcKmRXZt9YMrV3uZlc4pk45B1YSQn47A1YSc%2F3568nBff%2FoIyo5hiwq94ojMC8ocgmfbcNlCvzMEVi92WOahLKqRDdnip1YEWi4wZRXcfzBbzDvuPrrWA83vIe1V6NsKfV2B6iFccXaUZ%2Fbo4m%2BNkwLT3ohp6%2B0ybfVXp%2BE6Na3JOPET6YeSJR2WtKgvOknUYbQTyBaLaYDcTfgX7ef%2FBQAA%2F%2F8BAAD%2F%2Fwzn%2BeuQBAAA HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Cookie: u_pl=17334956; uid_id2=de78c688-c46a-44d4-bbe6-5a912a2af21c:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca6b0b8925d9b3a4154c035c24b4ed97e=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 28 Nov 2022 22:36:54 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 93d4c742d8dd08386b26a83375f98421
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| e1.o.lencr.org/ | 23.36.76.226 | 200 OK | 345 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash3c6c713a6e569b6be734df3c5442f6d4 43dcd58bac78d858d9803004bb155b3828b96768 dd4366f4e239f7d5d0f9cc61a611dd994ac8b25ec0faa273f2c85c19b41dfa87
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "DD4366F4E239F7D5D0F9CC61A611DD994AC8B25EC0FAA273F2C85C19B41DFA87"
Last-Modified: Mon, 28 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8908
Expires: Tue, 29 Nov 2022 01:05:22 GMT
Date: Mon, 28 Nov 2022 22:36:54 GMT
Connection: keep-alive
|
|
| cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg | 172.64.108.13 | 200 OK | 22 kB |
URL HTTP/2cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg IP172.64.108.13:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x292, components 3\012- data Hashe1f754e6014f2a7636aa19acdf37eaa7 72ded7fb65560b2702630d5208386654f294e8e9 8b9e400d61eb3c28929db8209c3136b14e2112d6eb8b4f504b74f6cca67b50fe
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:55 GMT
content-type: image/jpeg
content-length: 21845
last-modified: Wed, 03 Aug 2022 08:33:45 GMT
etag: "62ea32e9-5555"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1154737
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xN1wBx2jnsJ49%2BvzDjwWPlxEL2XY5UtnFfOjGpID69MUxbrTb2CGrrtV3lHJwsg3WuDrlYT2t7m12bwHPckFrXdgS2m4bF9J4ZrMXyWJMdD37fwKFHHojhw1LsJsSlq0qWJ9KA42lAWo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771695cbfb5706c9-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html | 172.67.74.218 | 200 OK | 5.7 kB |
URL HTTP/2cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html IP172.67.74.218:0
File typeHTML document text\012- HTML document, ASCII text Hash930306470f351756e837f29416e8fe66 4a610626ca5a558d3a89abe26e6c5fa226325cc3 ed5f40a1a656bbae8938cdedd784c509e1754ab3cf55ceec89718d67e4a98618
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:54 GMT
content-type: text/html
last-modified: Tue, 01 Feb 2022 10:33:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1490516
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yvwdqiO2e0KSEPfnTLXKDpv08BUZmPXS7ITfW%2BVvu1HCEkP7BrTEfSgi3scVLbZXN1sp92FakTyZsFHmmFSo9SrFS0iYTQ%2Fv1WrLZxWz6wQ4%2F5784%2BNjecPS6A23%2ByiXBTQYzm4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771695cb087db4f9-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css | 172.64.108.13 | 200 OK | 1.4 kB |
URL HTTP/2cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css IP172.64.108.13:0
Hash6a10d580f4108c14fa0898addb3747b8 ab0e0d2dc4e5ce7e1e49cbc2390bd0fe2451be86 b0a7a2b6a3f202322a36fd41d1cedd55e5210903fc7c870ec2986bee217a3c04
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:55 GMT
content-type: text/css
last-modified: Mon, 31 Jan 2022 15:54:46 GMT
etag: W/"61f80646-e35"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 383878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CYmb97qTkHMMtV%2Fgj6pBTVy75BUVIg4NSWiWgN3FsdgawAOCXD%2FBNHu16%2B33QIiwEa4M2EzBLqBTTEMmTwNbymfwJaNh7ZVq8IyZYgfyhwkYbds7jCfKnEGil9P53Aa2N8cscj9K1tWr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771695cbdb3906c9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.10 | 200 OK | 1.1 kB |
URL HTTP/2fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.10:0
Hash0291e96f1c77dd241cf1f1cae26b1df0 ef3f9bfee08fdf28d39d2aa6da537564f4974706 26a01e19d2a8e2876801409a33ab40d0bf903dd33dbd34f98fb4511fb9119291
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 22:36:55 GMT
date: Mon, 28 Nov 2022 22:36:55 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash150ea2873eff251c72d1decbf77f983b 490f1e694eac882e2939c95d7a294bfb85c45670 8c7069c27bff404a4e5cfa31f0405bc2bec2838a0be469e06effc33574290634
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C7069C27BFF404A4E5CFA31F0405BC2BEC2838A0BE469E06EFFC33574290634"
Last-Modified: Sun, 27 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14216
Expires: Tue, 29 Nov 2022 02:33:51 GMT
Date: Mon, 28 Nov 2022 22:36:55 GMT
Connection: keep-alive
|
|
| integrityprinciplesthorough.com/pixel/purst?dl=0&th=0&sc=0&rs=1872&rd=1872&fd=855&bv=22.10.v.10&tmpl=136 | 173.233.137.44 | 200 OK | 0 B |
URL HTTP/1.1integrityprinciplesthorough.com/pixel/purst?dl=0&th=0&sc=0&rs=1872&rd=1872&fd=855&bv=22.10.v.10&tmpl=136 IP173.233.137.44:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /pixel/purst?dl=0&th=0&sc=0&rs=1872&rd=1872&fd=855&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: integrityprinciplesthorough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 28 Nov 2022 22:36:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hashcd0a5be4865b85e858cfcaafa90f8dca 122569d314b0900b1f5e5f58cdad0d9fc16b7e1b 624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash49eee25f3ccd585a29e34e80cf5bb160 73eca8be91deedd049304862759a3d8084c0b07e 531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.195 | 200 OK | 16 kB |
URL HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.195:0
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hqq.to
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:08 GMT
expires: Thu, 23 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 442967
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 216.58.207.195 | 200 OK | 16 kB |
URL HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP216.58.207.195:0
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hqq.to
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:53:49 GMT
expires: Thu, 23 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 445386
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| specialistinsensitive.com/pixel/sbs?c=1 | 192.243.61.225 | 200 OK | 0 B |
URL HTTP/1.1specialistinsensitive.com/pixel/sbs?c=1 IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /pixel/sbs?c=1 HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Cookie: u_pl=17334956; uid_id2=de78c688-c46a-44d4-bbe6-5a912a2af21c:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca6b0b8925d9b3a4154c035c24b4ed97e=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 28 Nov 2022 22:36:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| specialistinsensitive.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRi9r61acKPiRlGYhQsFM3m%2FZuaNXRRrrRTbJrSVrATvr5lcc%2Bfd13vfmzfJKrQoXY47ly9nkoZqkBbcFmQiiAQER0EGav4HEbpyIZMMjH6L933nnW9xzvnulzvFMfFR0OnqdbOltKbLjbpfe3tNpcKUrnbjdi3w6%2F6F2ppKm%2FGF2mD2sf33Ar9R99%2BpfST5hlkO%2FcD3Az%2BoXVFWdsxg%2BYSFyg7aQb3t1%2BOwHjRiDOz%2FsSs8OOpB9I%2FJK1Bi8tz6z4%2Bh%2BBhp79Fl6TZyk737Ya%2FQNDcWfbH%2FSbqRmjJFbzF2rIdOuj%2FfhnETQr4%2BA5Puzx3A9HdnDsDUhHh%2FBGDp%2FlwmWH%2FvVCnTkCmYeBFlfwypx1B0DG7uQYlfCcAFbqwg7T24YWxJN09ZOmMn5Nyzv6HKCTn356tIe99d0mpQu2V0kSuTOgw6FdRgDNUdIysOkW95UOUheH4XSvxClp9dQ9rbXXHaQInpW0K2Et5MkiUeN%2BlSHIt4iTHZXGrQdhDSkHbCgJ9EpNQYqjOGlkNQdxaF81AoD0XHQ5F56IlpjTbaHd9vdVgnipKYcx5FnDeSpmiIKE46Pgo%2B8zBEng3B9RDcbiOz29hQQ9jiB7j1Ck54cDlBX1QoJUHpCEpKUCqCMico%2B9We0C501QOhXcGCeQ%2FnPapGJu%2Fu0D2Td2VKdrJj8vIsOO%2F83QNsyGmNNpnPknbYEG0W0ThoxNyPGjyMWSxFuyXhVAXlzoA6D1tqQt54UkemJuSFT5%2BC0UM4fQiuXgIt3gQtR63QB10fxYmPrfSAikLnS%2Bt37tRzA2EqZPk55Jvejj4mr50cMPpdQ%2FKji5%2Bx65O%2FHv4DbitktsLn6keCrr4%2FumlKsnvTlI48Xsly1VNbdHbcWznN5dlvPpabpbHi6mU3fPg%2BnxGz8eC2dPk1mgqVdh359pISQtorxnJJnlx1a5KtFm79UmHTIru2%2BsGVq73MSueUScegakLIT0fgakLOfz89ebivP30EZcewRYVecUTmBWUOwbNtuGyh3xkCqxc7LPNQFtXIhmzxUysCLReYsgruP5gt5h13H13rgeb3kPYq9G2Fvq5A9RCuODvKM3t08bfopMC0N2LaertMW%2F3VabhOTWuNIJYJS1pcCCa5CFphlES%2BHwoRt9oyaCN3E%2F5F8vy%2FAAAA%2F%2F8BAAD%2F%2Fxjvdw2QBAAA | 192.243.61.225 | 200 OK | 7 B |
URL HTTP/1.1specialistinsensitive.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRi9r61acKPiRlGYhQsFM3m%2FZuaNXRRrrRTbJrSVrATvr5lcc%2Bfd13vfmzfJKrQoXY47ly9nkoZqkBbcFmQiiAQER0EGav4HEbpyIZMMjH6L933nnW9xzvnulzvFMfFR0OnqdbOltKbLjbpfe3tNpcKUrnbjdi3w6%2F6F2ppKm%2FGF2mD2sf33Ar9R99%2BpfST5hlkO%2FcD3Az%2BoXVFWdsxg%2BYSFyg7aQb3t1%2BOwHjRiDOz%2FsSs8OOpB9I%2FJK1Bi8tz6z4%2Bh%2BBhp79Fl6TZyk737Ya%2FQNDcWfbH%2FSbqRmjJFbzF2rIdOuj%2FfhnETQr4%2BA5Puzx3A9HdnDsDUhHh%2FBGDp%2FlwmWH%2FvVCnTkCmYeBFlfwypx1B0DG7uQYlfCcAFbqwg7T24YWxJN09ZOmMn5Nyzv6HKCTn356tIe99d0mpQu2V0kSuTOgw6FdRgDNUdIysOkW95UOUheH4XSvxClp9dQ9rbXXHaQInpW0K2Et5MkiUeN%2BlSHIt4iTHZXGrQdhDSkHbCgJ9EpNQYqjOGlkNQdxaF81AoD0XHQ5F56IlpjTbaHd9vdVgnipKYcx5FnDeSpmiIKE46Pgo%2B8zBEng3B9RDcbiOz29hQQ9jiB7j1Ck54cDlBX1QoJUHpCEpKUCqCMico%2B9We0C501QOhXcGCeQ%2FnPapGJu%2Fu0D2Td2VKdrJj8vIsOO%2F83QNsyGmNNpnPknbYEG0W0ThoxNyPGjyMWSxFuyXhVAXlzoA6D1tqQt54UkemJuSFT5%2BC0UM4fQiuXgIt3gQtR63QB10fxYmPrfSAikLnS%2Bt37tRzA2EqZPk55Jvejj4mr50cMPpdQ%2FKji5%2Bx65O%2FHv4DbitktsLn6keCrr4%2FumlKsnvTlI48Xsly1VNbdHbcWznN5dlvPpabpbHi6mU3fPg%2BnxGz8eC2dPk1mgqVdh359pISQtorxnJJnlx1a5KtFm79UmHTIru2%2BsGVq73MSueUScegakLIT0fgakLOfz89ebivP30EZcewRYVecUTmBWUOwbNtuGyh3xkCqxc7LPNQFtXIhmzxUysCLReYsgruP5gt5h13H13rgeb3kPYq9G2Fvq5A9RCuODvKM3t08bfopMC0N2LaertMW%2F3VabhOTWuNIJYJS1pcCCa5CFphlES%2BHwoRt9oyaCN3E%2F5F8vy%2FAAAA%2F%2F8BAAD%2F%2Fxjvdw2QBAAA IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2tcVRi9r61acKPiRlGYhQsFM3m%2FZuaNXRRrrRTbJrSVrATvr5lcc%2Bfd13vfmzfJKrQoXY47ly9nkoZqkBbcFmQiiAQER0EGav4HEbpyIZMMjH6L933nnW9xzvnulzvFMfFR0OnqdbOltKbLjbpfe3tNpcKUrnbjdi3w6%2F6F2ppKm%2FGF2mD2sf33Ar9R99%2BpfST5hlkO%2FcD3Az%2BoXVFWdsxg%2BYSFyg7aQb3t1%2BOwHjRiDOz%2FsSs8OOpB9I%2FJK1Bi8tz6z4%2Bh%2BBhp79Fl6TZyk737Ya%2FQNDcWfbH%2FSbqRmjJFbzF2rIdOuj%2FfhnETQr4%2BA5Puzx3A9HdnDsDUhHh%2FBGDp%2FlwmWH%2FvVCnTkCmYeBFlfwypx1B0DG7uQYlfCcAFbqwg7T24YWxJN09ZOmMn5Nyzv6HKCTn356tIe99d0mpQu2V0kSuTOgw6FdRgDNUdIysOkW95UOUheH4XSvxClp9dQ9rbXXHaQInpW0K2Et5MkiUeN%2BlSHIt4iTHZXGrQdhDSkHbCgJ9EpNQYqjOGlkNQdxaF81AoD0XHQ5F56IlpjTbaHd9vdVgnipKYcx5FnDeSpmiIKE46Pgo%2B8zBEng3B9RDcbiOz29hQQ9jiB7j1Ck54cDlBX1QoJUHpCEpKUCqCMico%2B9We0C501QOhXcGCeQ%2FnPapGJu%2Fu0D2Td2VKdrJj8vIsOO%2F83QNsyGmNNpnPknbYEG0W0ThoxNyPGjyMWSxFuyXhVAXlzoA6D1tqQt54UkemJuSFT5%2BC0UM4fQiuXgIt3gQtR63QB10fxYmPrfSAikLnS%2Bt37tRzA2EqZPk55Jvejj4mr50cMPpdQ%2FKji5%2Bx65O%2FHv4DbitktsLn6keCrr4%2FumlKsnvTlI48Xsly1VNbdHbcWznN5dlvPpabpbHi6mU3fPg%2BnxGz8eC2dPk1mgqVdh359pISQtorxnJJnlx1a5KtFm79UmHTIru2%2BsGVq73MSueUScegakLIT0fgakLOfz89ebivP30EZcewRYVecUTmBWUOwbNtuGyh3xkCqxc7LPNQFtXIhmzxUysCLReYsgruP5gt5h13H13rgeb3kPYq9G2Fvq5A9RCuODvKM3t08bfopMC0N2LaertMW%2F3VabhOTWuNIJYJS1pcCCa5CFphlES%2BHwoRt9oyaCN3E%2F5F8vy%2FAAAA%2F%2F8BAAD%2F%2Fxjvdw2QBAAA HTTP/1.1
Host: specialistinsensitive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Cookie: u_pl=17334956; uid_id2=de78c688-c46a-44d4-bbe6-5a912a2af21c:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca6b0b8925d9b3a4154c035c24b4ed97e=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 28 Nov 2022 22:36:55 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e5324b2d6bb50d9ddbf1e0b5b61ddc2a
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hashcd0a5be4865b85e858cfcaafa90f8dca 122569d314b0900b1f5e5f58cdad0d9fc16b7e1b 624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:36:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| cdn-s11.cfeucdn.com/flv/api/files/thumbs_new/2021/05/26/1621980164dod8k/1621980164dod8k-640x480-1.jpg | 213.186.120.171 | 200 OK | 40 kB |
URL HTTP/2cdn-s11.cfeucdn.com/flv/api/files/thumbs_new/2021/05/26/1621980164dod8k/1621980164dod8k-640x480-1.jpg IP213.186.120.171:0
File typeJPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x720, components 3\012- data Hash3eaa0f97e5eefd4fc2fc41f8459bf378 815471dcc594c2bac50416eac24a460efb0c8318 396b57909e777bba58909997f63d1ae54c3a7e3cfe86415dd292fe5f40aee56b
GET /flv/api/files/thumbs_new/2021/05/26/1621980164dod8k/1621980164dod8k-640x480-1.jpg HTTP/1.1
Host: cdn-s11.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:37:26 GMT
content-type: image/jpeg
content-length: 39810
last-modified: Tue, 25 May 2021 22:14:50 GMT
etag: "60ad76da-9b82"
server: cloudflare
expires: Tue, 04 Nov 2121 22:37:26 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashc1e0e890fa0d9f79c9d31d7e51050c45 7c8320ddaac9a281a8e991a370e7f04f56b52667 952ea85225c5754b61c1b640ca341fadec09162769ff53870d86ac578839feea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "952EA85225C5754B61C1B640CA341FADEC09162769FF53870D86AC578839FEEA"
Last-Modified: Sun, 27 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2054
Expires: Mon, 28 Nov 2022 23:11:10 GMT
Date: Mon, 28 Nov 2022 22:36:56 GMT
Connection: keep-alive
|
|
| unseenreport.com/pxf.gif?uuid=de78c688-c46a-44d4-bbe6-5a912a2af21c&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 | 192.243.61.227 | 200 OK | 1 B |
URL HTTP/1.1unseenreport.com/pxf.gif?uuid=de78c688-c46a-44d4-bbe6-5a912a2af21c&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /pxf.gif?uuid=de78c688-c46a-44d4-bbe6-5a912a2af21c&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 28 Nov 2022 22:36:56 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: afe2d94da98e22089f6203e65cd7c15d
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=de78c688-c46a-44d4-bbe6-5a912a2af21c&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 | 192.243.61.227 | 200 OK | 1 B |
URL HTTP/1.1unseenreport.com/pxf.gif?uuid=de78c688-c46a-44d4-bbe6-5a912a2af21c&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /pxf.gif?uuid=de78c688-c46a-44d4-bbe6-5a912a2af21c&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 28 Nov 2022 22:36:56 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 492b298cac4983044d8b0d5dd25f584b
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| hqq.to/js/video.counters.2.js?117 | 190.115.19.71 | 200 OK | 441 B |
URL HTTP/2hqq.to/js/video.counters.2.js?117 IP190.115.19.71:0 ASN#262254 DDOS-GUARD CORP.
Hash4c23bd1a73185d17c9629ae0ebf627a7 b0fc57ef86b0a0fb640c1216bb4d84f86b31d877 5f4902e415702f1c6518b03dc5da1a4ff237200de2e7e8cc9799a51b7a672aa7
GET /js/video.counters.2.js?117 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=270230233277272268268231227259212226194271217271255&autoplay=none&hash_from=69876691af0a28ddfd4bf0c4a1bfbef1
Cookie: uid=BjXZMrTtpNjsE0YdbEu0CU8P7jfEO27g; dom3ic8zudi28v8lr6fgphwffqoz0j6c=de78c688-c46a-44d4-bbe6-5a912a2af21c%3A3%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=specialistinsensitive.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=f5oF1a6BXqgm5BSVoKC2; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 28-Nov-2023 22:36:58 GMT
date: Mon, 17 Oct 2022 10:54:57 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 06 Feb 2022 19:35:56 GMT
etag: W/"6200231c-2b8"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 3670921
ddg-cache-status: HIT,MISS
content-length: 441
X-Firefox-Spdy: h2
|
|
| ocsp2.globalsign.com/gsalphasha2g2 | 104.18.20.226 | 200 OK | 1.9 kB |
URL HTTP/1.1ocsp2.globalsign.com/gsalphasha2g2 IP104.18.20.226:0
Hash15fa5a22d96404e5ac0ff9959dfaeac9 12c07fb7c592a919b8a147648a55cf2dce2a13eb 00194beb7d44a803d9156dfb63ec7416a3e7f20a252ef9ddb84e4fb0398e507a
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:36:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 02 Dec 2022 20:41:46 GMT
ETag: "a45228deb0006f994e5d94116def8fa09cb4f0f6"
Last-Modified: Mon, 28 Nov 2022 20:41:47 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1792
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771695dfdc1cb4fa-OSL
|
|
| ocsp.globalsign.com/gseccovsslca2018 | 104.18.21.226 | 200 OK | 938 B |
URL HTTP/1.1ocsp.globalsign.com/gseccovsslca2018 IP104.18.21.226:0
Hash189e7240730c3930f2c0c2e182191100 db5ae08278784b861f8c9edb652e7c58845e2920 dd0109e0ea0e6a047f58ecbb82988fd3abffa4f6fa461b3a757b3a8b2f4be37a
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:36:58 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Fri, 02 Dec 2022 20:06:31 GMT
ETag: "db5ae08278784b861f8c9edb652e7c58845e2920"
Last-Modified: Mon, 28 Nov 2022 20:06:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1910
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 771695dfef4ab50c-OSL
|
|
| counter.yadro.ru/hit?rhttps%3A//www.girlsrimguys.com/;s1280*1024*24;uhttps%3A//hqq.to/player/embed_player.php%3Fvid%3D270230233277272268268231227259212226194271217271255%26autoplay%3Dnone%26hash_from%3D69876691af0a28ddfd4bf0c4a1bfbef1;0.5771795978368433 | 88.212.201.204 | 200 OK | 43 B |
URL HTTP/1.1counter.yadro.ru/hit?rhttps%3A//www.girlsrimguys.com/;s1280*1024*24;uhttps%3A//hqq.to/player/embed_player.php%3Fvid%3D270230233277272268268231227259212226194271217271255%26autoplay%3Dnone%26hash_from%3D69876691af0a28ddfd4bf0c4a1bfbef1;0.5771795978368433 IP88.212.201.204:0 ASN#39134 United Network LLC
File typeGIF image data, version 89a, 1 x 1\012- data Hashfc94fb0c3ed8a8f909dbc7630a0987ff 56d45f8a17f5078a20af9962c992ca4678450765 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit?rhttps%3A//www.girlsrimguys.com/;s1280*1024*24;uhttps%3A//hqq.to/player/embed_player.php%3Fvid%3D270230233277272268268231227259212226194271217271255%26autoplay%3Dnone%26hash_from%3D69876691af0a28ddfd4bf0c4a1bfbef1;0.5771795978368433 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Mon, 28 Nov 2022 22:36:58 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Sun, 28 Nov 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
|
|
| mc.yandex.ru/metrika/tag.js | 77.88.21.119 | 200 OK | 73 kB |
URL HTTP/2mc.yandex.ru/metrika/tag.js IP77.88.21.119:0
File typeUnicode text, UTF-8 (with BOM) text, with very long lines (587) Hash1d79426653c3b55939eaec59a2ce8ef5 c6db0314df7a4e5c08047f6306e0b79a1ad3bab2 2729cfe8b2f5142cf99734cbb4e1a3c6cd35868d279cd796db49ef62742ef993
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73267
date: Mon, 28 Nov 2022 22:36:58 GMT
access-control-allow-origin: *
etag: "6384bff1-11e33"
expires: Mon, 28 Nov 2022 23:36:58 GMT
last-modified: Mon, 28 Nov 2022 17:04:33 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| mc.yandex.ru/metrika/advert.gif | 77.88.21.119 | 200 OK | 43 B |
URL HTTP/2mc.yandex.ru/metrika/advert.gif IP77.88.21.119:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashdf3e567d6f16d040326c7a0ea29a4f41 ea7df583983133b62712b5e73bffbcd45cc53736 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 28 Nov 2022 22:36:58 GMT
access-control-allow-origin: *
etag: "6384bff1-2b"
expires: Mon, 28 Nov 2022 23:36:58 GMT
accept-ranges: bytes
last-modified: Mon, 28 Nov 2022 17:04:33 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| a.realsrv.com/ad-provider.js | 185.76.9.25 | 200 OK | 0 B |
URL HTTP/2a.realsrv.com/ad-provider.js IP185.76.9.25:0 ASN#60068 Datacamp Limited
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:52 GMT
content-type: application/javascript
etag: W/"f26c91d131ffc1bbddb296d644e"
expires: Mon, 28 Nov 2022 15:50:38 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669683058
server: CDN77-Turbo
x-77-nzt: AblMCRRAFdj/wgoAAA
x-77-nzt-ray: af585630429e2b36043885638f59220a
x-cache: HIT
x-age: 2754
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
|
|
| hqq.to/player/hash.php?hash=270230233277272268268231227259212226194271217271255 | 190.115.19.71 | 200 OK | 0 B |
URL HTTP/2hqq.to/player/hash.php?hash=270230233277272268268231227259212226194271217271255 IP190.115.19.71:0 ASN#262254 DDOS-GUARD CORP.
GET /player/hash.php?hash=270230233277272268268231227259212226194271217271255 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=Us7E3BfSIFpc3EjcBxf8; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 28-Nov-2023 22:36:52 GMT
date: Mon, 28 Nov 2022 22:36:51 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
pragma: cache
x-origin-location: player
cache-control: max-age=7200
content-encoding: gzip
x-cache-status-inferno: HIT
x-inferno-location: player
x-inferno-limit-req: PASSED
X-Firefox-Spdy: h2
|
|
| unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js | 104.16.125.175 | 200 OK | 0 B |
URL HTTP/2unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js IP104.16.125.175:0
GET /progressbar.js@1.1.0/dist/progressbar.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:52 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7315-VGu3QlAvqjb4wruVTC8CgYdmBAQ"
via: 1.1 fly.io
fly-request-id: 01F3YGTHVETVB9B7TG2TW5GR8F
cf-cache-status: HIT
age: 18985776
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 771695bee96bb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| testingmetriksbre.ru/f.php?sid=212040 | 104.26.1.119 | 200 OK | 0 B |
URL HTTP/2testingmetriksbre.ru/f.php?sid=212040 IP104.26.1.119:0
GET /f.php?sid=212040 HTTP/1.1
Host: testingmetriksbre.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:53 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
cache-control: no-store, no-cache, must-revalidate, max-age=0
x-robots-tag: noindex
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M5GHLH8mELWoX0%2BypHNK4MMLzh77PCkYjhd4ZynhWOPV9SXbE7uZHPfzTBPavxKsf%2Fh7bnQz6lZRO%2BtQUd2nlcOYlXoX%2BhtsGHNKr00%2FYzFQzn%2BvDmgP4bloGQy%2FNQeY0gKxTAmE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771695bfe8b4b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/js/script.js | 172.64.108.13 | 200 OK | 0 B |
URL HTTP/2cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/js/script.js IP172.64.108.13:0
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:55 GMT
content-type: application/javascript
last-modified: Tue, 17 Aug 2021 13:04:06 GMT
etag: W/"611bb3c6-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 383878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=foL%2FuVQxdfdmLjMS4ueCE2jURO9VpFHeot9FXO3FZj1jAXLdu2XIucNRyG5bHNZR50bW3dCn2p50LXXTPss5QFLzjj0dq%2Beqf%2FA8r3dABpeXf8eW2EC0ZsmtiRIN7BNMNAjiABoHWGAN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771695cbcb3706c9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.girlsrimguys.com/11349/see-him-fuck-charles-dera-natalie-brooks-shit-talkin-alpha-male/ | 172.67.149.58 | 200 OK | 0 B |
URL HTTP/2www.girlsrimguys.com/11349/see-him-fuck-charles-dera-natalie-brooks-shit-talkin-alpha-male/ IP172.67.149.58:0
GET /11349/see-him-fuck-charles-dera-natalie-brooks-shit-talkin-alpha-male/ HTTP/1.1
Host: www.girlsrimguys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=3, must-revalidate
last-modified: Mon, 28 Nov 2022 11:12:19 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MdcsvjLMK%2BNCbGLKzHIioNE%2BeJe6wHY5Bdv0vxYm60lZtAlNsuReiM0Mr5RH2svov225bt0Mq%2FUVMvOraQcUlvonJ4QD6%2FQMtrwLoOYDKcwzoIeZyUlPEPXn%2BVhOFRCrNzf8CP3LPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 771695b64de5b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| a.realsrv.com/fp-interstitial.js | 185.76.9.25 | 200 OK | 0 B |
URL HTTP/2a.realsrv.com/fp-interstitial.js IP185.76.9.25:0 ASN#60068 Datacamp Limited
GET /fp-interstitial.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%226385380456f251.4648722220366360%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%226385380447e812.933460681791736486%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:52 GMT
content-type: application/javascript
access-control-allow-credentials: true
etag: W/"1baa9203e05bb65fb90c7d45f3e"
expires: Mon, 28 Nov 2022 15:50:38 GMT
cache-control: max-age=10800
access-control-allow-origin: *, *
x-cache-op: HIT
x-accel-expires: @1669683059
server: CDN77-Turbo
x-77-nzt: AblMCRSJbmf/wQoAAA
x-77-nzt-ray: af585630429e2b3604388563387b8624
x-cache: HIT
x-age: 2753
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
|
|
| hqq.to/player/get_player_image.php | 190.115.19.71 | 200 OK | 0 B |
URL HTTP/2hqq.to/player/get_player_image.php IP190.115.19.71:0 ASN#262254 DDOS-GUARD CORP.
POST /player/get_player_image.php HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 73
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=270230233277272268268231227259212226194271217271255&autoplay=none&hash_from=69876691af0a28ddfd4bf0c4a1bfbef1
Cookie: uid=BjXZMrTtpNjsE0YdbEu0CU8P7jfEO27g
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=U7w6qFo9gJojyvXbJVR7; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 28-Nov-2023 22:36:53 GMT
date: Mon, 28 Nov 2022 22:36:53 GMT
content-type: application/json
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
pragma: no-cache
x-file-located: temp, filename:../files/temp/video_images/k/8/1621980164dod8k-1.jpg
x-clickarr-add-e: 1
x-image-size: 39810
x-img-cr: j
x-origin-location: get_image
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
x-inferno-location: player
x-inferno-limit-req: DELAYED
X-Firefox-Spdy: h2
|
|
| friendshipmale.com/sfp.js | 172.64.140.24 | 200 OK | 0 B |
URL HTTP/2friendshipmale.com/sfp.js IP172.64.140.24:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:36:54 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: cd0e8be52e203fdbd6b68cb8aeda47a0
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 28 Nov 2022 22:36:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DDEN5maM7%2BPI9E8hVwzb%2FWLgOJCufahkNsMTLUynmZ%2Bi8XNhwe9rbuY%2BFEskS%2B5XP%2F6d35nmbvHJoWAsdPmvO%2BrPGFgYGy0IZYmZWhCk91dTJ96wxeURGJ0rb%2FfjPlP4rWt05ZQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 771695c50c8775c0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=58803637 | 190.115.19.71 | 200 OK | 0 B |
URL HTTP/2hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=58803637 IP190.115.19.71:0 ASN#262254 DDOS-GUARD CORP.
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=58803637 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=270230233277272268268231227259212226194271217271255&autoplay=none&hash_from=69876691af0a28ddfd4bf0c4a1bfbef1
Cookie: uid=BjXZMrTtpNjsE0YdbEu0CU8P7jfEO27g; dom3ic8zudi28v8lr6fgphwffqoz0j6c=de78c688-c46a-44d4-bbe6-5a912a2af21c%3A3%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=specialistinsensitive.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=mYyR7kpCv292mlDT2Y4b; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 28-Nov-2023 22:36:55 GMT
date: Mon, 28 Nov 2022 22:36:54 GMT
content-type: application/json
access-control-allow-origin: *
x-inferno-location: banner
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| hqq.to/player/script.php?width=720&height=450 | 190.115.19.71 | 200 OK | 0 B |
URL HTTP/2hqq.to/player/script.php?width=720&height=450 IP190.115.19.71:0 ASN#262254 DDOS-GUARD CORP.
GET /player/script.php?width=720&height=450 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.girlsrimguys.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=9DmtzhmHvB7BPs3Hba01; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 28-Nov-2023 22:36:52 GMT
date: Mon, 28 Nov 2022 22:36:51 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
pragma: cache
x-origin-location: player
cache-control: max-age=21600
content-encoding: gzip
x-cache-status-inferno: HIT
x-inferno-location: player
x-inferno-limit-req: PASSED
X-Firefox-Spdy: h2
|
|