hdgay.net/2021/10/enthusiastic-butt-i/
188.114.96.1301 Moved Permanently 0 B URL HTTP/1.1 hdgay.net/2021/10/enthusiastic-butt-i/
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2021/10/enthusiastic-butt-i/ HTTP/1.1
Host: hdgay.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 25 Jan 2023 03:47:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 25 Jan 2023 04:47:46 GMT
Location: https://hdgay.net/2021/10/enthusiastic-butt-i/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gB1h6Kbc4v1optFeNutcgdh7mSNjTmdA2%2B0Gi77s8YhIe%2BHQMDTSnUXOm%2FuMHcBxiOyHO8WehR7sxLwK8l%2Bf28tbY21rtyu9UYswMEZTSKu0LESLAuI8tPeoyCY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ee07854e0fb506-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0be6cec5607bb65c06dbadd33456aec1
9d13129e936eb5fc82e403931884cdc8c6e6ab92
cb028034340b709ece65e45e8fc1a26a64dd85926beaa542f308d3f1d5ee2c84
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB028034340B709ECE65E45E8FC1A26A64DD85926BEAA542F308D3F1D5EE2C84"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5825
Expires: Wed, 25 Jan 2023 05:24:51 GMT
Date: Wed, 25 Jan 2023 03:47:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f416977a8d6dfaafb2dbfd0e68b871f8
dfa97bd829b03162de91c80133f2fde69b58a8d2
2c4d0fd1b7a6d398026a4817267adce203429acdd3defa44a879f0d945f392d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C4D0FD1B7A6D398026A4817267ADCE203429ACDD3DEFA44A879F0D945F392D5"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9318
Expires: Wed, 25 Jan 2023 06:23:04 GMT
Date: Wed, 25 Jan 2023 03:47:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 25 Jan 2023 03:42:47 GMT
content-type: application/json
age: 299
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31c8743c2b5202ce0228bac5aad7229b
4b5eee8e1ecbfc992505003be58e265ff3a0ee0a
8b3b47ea29fc02b8a08ee2a340a05ab23e391f0eb3b8d6beb17516706bb2e94d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B3B47EA29FC02B8A08EE2A340A05AB23E391F0EB3B8D6BEB17516706BB2E94D"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10803
Expires: Wed, 25 Jan 2023 06:47:49 GMT
Date: Wed, 25 Jan 2023 03:47:46 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: lRw4OhyByActgyHrF4m3exAZDHz4YNhtOJoB2RIH+en5qBLnIMSQqraz7qXS74gzinEkNXFqN6E=
x-amz-request-id: 4M8RZ5GSHPM02GN7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 25 Jan 2023 03:19:31 GMT
age: 1695
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 03:47:46 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 1.1 kB IP 142.250.74.131:0
File type gzip compressed data, from Unix\012- data
Hash f5635e4f6f70029dda6ceef935d5c296
86df85d666443328550d652b10c1130d53876437
016dd9cdef65025f8598e41b68e8b4994ca1b0382cd4a0bb67d4bd53280559b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp2.globalsign.com/gsorganizationvalsha2g2
151.101.130.133200 OK 9.7 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 151.101.130.133:0
Hash 5a3a1cbc2158242d49c17cb929e35e25
0c36a9ea4d26123cdf4a635921722a4e8a03aa4f
4e120e3cd356c0b960a017ee64698d81d7a8c0aebf06f6fe968df7eeaff572d0
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1459
Server: nginx
Content-Type: application/ocsp-response
Expires: Sun, 29 Jan 2023 03:17:05 GMT
ETag: "ffc0678476e24dafb08572097e728a9284e5ef53"
Last-Modified: Wed, 25 Jan 2023 03:17:06 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 25 Jan 2023 03:47:46 GMT
Age: 1840
X-Served-By: cache-qpg1229-QPG, cache-bma1641-BMA
X-Cache: MISS, HIT
X-Cache-Hits: 0, 99
X-Timer: S1674618467.802793,VS0,VE0
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash d975e0c3f749eecf701e77854520ead9
eb1f522a689666f67c9167904abb4c462b6eea50
ec5ce4c633754dc7d4306b8f8f6bef6d7dfda26d0ce0600f237b2fa4cfdda81a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 03:47:46 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 24 Jan 2023 14:35:37 GMT
Expires: Tue, 31 Jan 2023 14:35:36 GMT
Etag: "eb1f522a689666f67c9167904abb4c462b6eea50"
Cache-Control: max-age=556669,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78ee078968adb4ee-OSL
vk.com/js/api/share.js?95
87.240.132.72200 OK 3.0 kB URL HTTP/2 vk.com/js/api/share.js?95
IP 87.240.132.72:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (1077)
Hash 45f695069be60171a209e5f4db402e09
d4d88799377e7bf0df70c6f24bd5805bc90ae8ff
b96b0e8b870857d6b8250b69cb033b9fd0d57ce1bdd133faf33d0ee83699aac5
GET /js/api/share.js?95 HTTP/1.1
Host: vk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Wed, 25 Jan 2023 03:47:46 GMT
content-type: application/x-javascript
content-length: 3014
last-modified: Mon, 19 Dec 2022 09:44:48 GMT
etag: "63a03290-bc6"
content-encoding: br
expires: Sun, 29 Jan 2023 03:47:46 GMT
cache-control: max-age=345600
x-frontend: front220206
access-control-expose-headers: X-Frontend
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3A900&display=swap&ver=1.0.0
142.250.74.106200 OK 997 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A900&display=swap&ver=1.0.0
IP 142.250.74.106:0
Hash 0a829030ea1dd0f131cbabde754d1b5b
6269f509b9e027a659b89e72904a5bdb9b71247b
1f4abfcf11340f6b05af609891b5dc54fe9580cd6c9666162c49fd6236fb8188
GET /css?family=Roboto%3A900&display=swap&ver=1.0.0 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 25 Jan 2023 03:47:46 GMT
date: Wed, 25 Jan 2023 03:47:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads.js
185.94.236.244301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 03:47:46 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
godpvqnszo.com/solid.gif?z=1836670&abvar=13
62.122.171.6200 OK 43 B URL HTTP/2 godpvqnszo.com/solid.gif?z=1836670&abvar=13
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /solid.gif?z=1836670&abvar=13 HTTP/1.1
Host: godpvqnszo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hdgay.net
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 03:47:46 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
poweredby.jads.co/js/jads2.js
185.94.236.244200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.236.244:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hdgay.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 03:47:46 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Nov 2022 05:24:20 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"637b0b84-eae"
Content-Encoding: gzip
cdn.popcash.net/show.js
151.139.128.10200 OK 36 kB IP 151.139.128.10:0
File type ASCII text, with very long lines (65387)
Hash d1ab55af8330aada9fc2c20157968dbc
6a710f3e293d4347d6180c2bd469500ff1f6e0be
393329c5fded65db84ec577fffcded18810ba0338e83e23d7cce822bb15a3229
GET /show.js HTTP/1.1
Host: cdn.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:46 GMT
content-encoding: br
content-length: 36492
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 15:55:59 GMT
accept-ranges: bytes
etag: W/"6362930f-1b189"
cache-control: max-age=2592000, public
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HqpR6Csgpv67J8iRhPF%2Fk4I%2FcSspfCip1CysP7NSuVOhjOvzzVC5CSWkMOcnP0qDjGEchtV8BKhtH2fQa7eq3spccD4%2B14vAyS1cCvIPGno%2FXgl%2F8HgVISCs0Q%2BR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76d31f2b1e12b4e8-OSL
vary: Accept-Encoding
x-sp-metadata: HS256.CPLowp4GEocBCiRjZDkzMTI4ZS0zZGZlLTQzMTItYTk3ZS1lN2QxMjA2MWY4YzMQ6KjJwIDI/AIaBgjizMKeBiIMOTEuOTAuNDIuMTU0KLeDATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkMjI5N2E3N2EtOGU2MS00Nzk5LWI1N2EtZjk4Yzc1ZjdkY2FjGIydAiIYCAISFGNkczAxNS5zazEuaHdjZG4ubmV0.ye8YCK1CrsXeMIe9SctBr4+OdeE9T9Wv95/PF3qoATI=
x-hw: 1674618466.cds013.sk1.hn,1674618466.cds015.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 25 Jan 2023 03:17:31 GMT
age: 1816
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3e7fdf1ab4be9ee80518d0400683f0d3
dd2ec6511ba05e7fb89d32a1ad407db5eaa1520b
eb789178a0b528aad87a5bf0d05aecd45e7623ebaf198820f9310887757e1d5f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15752, version 1.0\012- data
Hash b20371a6daf29d4a1f2e85dbbf40fb20
0355a01c1ccb45cb728e7e07c41c8ebf456f70bb
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hdgay.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Jan 2023 01:49:59 GMT
expires: Sat, 20 Jan 2024 01:49:59 GMT
cache-control: public, max-age=31536000
age: 439068
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15480
Expires: Wed, 25 Jan 2023 08:05:47 GMT
Date: Wed, 25 Jan 2023 03:47:47 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3e7fdf1ab4be9ee80518d0400683f0d3
dd2ec6511ba05e7fb89d32a1ad407db5eaa1520b
eb789178a0b528aad87a5bf0d05aecd45e7623ebaf198820f9310887757e1d5f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9abcd178022a81fd2b75b0b8783070ee
8deeac25fc612a5b344c5e6b1e5bc5a604d00f57
51b0b70569349d7b30312a6ea30be351f0a1caeb4c797ea15159950a5869144c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "51B0B70569349D7B30312A6EA30BE351F0A1CAEB4C797EA15159950A5869144C"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4772
Expires: Wed, 25 Jan 2023 05:07:19 GMT
Date: Wed, 25 Jan 2023 03:47:47 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1f1be9cec3941aca66b1783cdc0ecfa9
8dc84c8fbd99a0f8e4ce3fef3f6cdf13eaeef980
73b0d617fcaf093c095cf30e03cc3fba56b15ea160192c11c02276d08fc34aeb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1287
Cache-Control: max-age=156489
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:47 GMT
Etag: "63d061a5-118"
Expires: Thu, 26 Jan 2023 23:15:56 GMT
Last-Modified: Tue, 24 Jan 2023 22:54:29 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
limurol.com/ssp/req/1836670/?pb=7341ee7a77ed8d04a208826697224cf71674625667&psp=C83MzWlf3Qd6Sf4c1BwIANZFWhAsaNO1jOrUjc-rb_NWNHq26lKJAokx3kdIiaG8Y3sygaCYqZF3oBIMx3CjcdbS6Bg9mWiWqMyhXP4-NIEJ66GOQCLoc7oz72DuxT6IyMq3oqa_I5kJ13MuoTXsUl6ar5VN0TyM6EILLwiNP-zpbF7tbdUYyjNUHkhlYG5IhEuKt_WaN5EGN6SMFOfdUwCbIvVOipjWlxXpZPObXnoqYWgN9BOYP9TBIT4OE9iwhr47meVcr4UgcUTvBYSWWvC9VwH8iMILzIo2oYQF57OZdGrsWkO6Y5JUX2TtNP-X4ZgY8Fsy89KoGZCqVOLlMUJ4x4AlgGT6xxS6HeC8QyCU4DisNrhcYLyQgZDlp-jJmTy1W_kC2zSonmCAOhVtBfMwqqhKykL3Tmq4DVP1lFWAv8WXRQfCQutpSqRIq-FhdUH3LldZIwFsrHGHK-SN0AX-jBQNCjxuIy-sseDWXZiiOzs0c-egVekaRp3ZJn9czYHPWTXWNakpsM08_J_T4Ia6ws9OVYLOsP4ZmwhfeULNVxhw-z2sQEW3ybtPX1TfB89KnvYjzH35nKm_N1ft_svVqyajkC5Z5gGCMEVLYf4LMgX55v73uRQKRB1f4xh7GvF9RUvsX6Q0bm05ox508nigHfAVikVRjaIX-Bpakm93YN3RKTmLAo15V-A2p8J2F3DYCxxxoJ2UUbU8Gt-0A2y0JWaFeB1XfwuAm5P6mCtNeFcXFGMJ5-fLmEILbN2Hd1O83Vu0e_yVFu1v1cIouOBJgYjG7z2k-y6eye3KDEIBoMCY6g5PDWvBtqnUR4_Nn6F9fMSQ5-Dq-Rn3AoGCRumayigOLPjGBscr18GCN7ZukXwk&cb=_clbnwchqtigm9gpy6xdo3m&nojs=0&ix=0&abvar=13&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1836670/?pb=7341ee7a77ed8d04a208826697224cf71674625667&psp=C83MzWlf3Qd6Sf4c1BwIANZFWhAsaNO1jOrUjc-rb_NWNHq26lKJAokx3kdIiaG8Y3sygaCYqZF3oBIMx3CjcdbS6Bg9mWiWqMyhXP4-NIEJ66GOQCLoc7oz72DuxT6IyMq3oqa_I5kJ13MuoTXsUl6ar5VN0TyM6EILLwiNP-zpbF7tbdUYyjNUHkhlYG5IhEuKt_WaN5EGN6SMFOfdUwCbIvVOipjWlxXpZPObXnoqYWgN9BOYP9TBIT4OE9iwhr47meVcr4UgcUTvBYSWWvC9VwH8iMILzIo2oYQF57OZdGrsWkO6Y5JUX2TtNP-X4ZgY8Fsy89KoGZCqVOLlMUJ4x4AlgGT6xxS6HeC8QyCU4DisNrhcYLyQgZDlp-jJmTy1W_kC2zSonmCAOhVtBfMwqqhKykL3Tmq4DVP1lFWAv8WXRQfCQutpSqRIq-FhdUH3LldZIwFsrHGHK-SN0AX-jBQNCjxuIy-sseDWXZiiOzs0c-egVekaRp3ZJn9czYHPWTXWNakpsM08_J_T4Ia6ws9OVYLOsP4ZmwhfeULNVxhw-z2sQEW3ybtPX1TfB89KnvYjzH35nKm_N1ft_svVqyajkC5Z5gGCMEVLYf4LMgX55v73uRQKRB1f4xh7GvF9RUvsX6Q0bm05ox508nigHfAVikVRjaIX-Bpakm93YN3RKTmLAo15V-A2p8J2F3DYCxxxoJ2UUbU8Gt-0A2y0JWaFeB1XfwuAm5P6mCtNeFcXFGMJ5-fLmEILbN2Hd1O83Vu0e_yVFu1v1cIouOBJgYjG7z2k-y6eye3KDEIBoMCY6g5PDWvBtqnUR4_Nn6F9fMSQ5-Dq-Rn3AoGCRumayigOLPjGBscr18GCN7ZukXwk&cb=_clbnwchqtigm9gpy6xdo3m&nojs=0&ix=0&abvar=13&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
GET /ssp/req/1836670/?pb=7341ee7a77ed8d04a208826697224cf71674625667&psp=C83MzWlf3Qd6Sf4c1BwIANZFWhAsaNO1jOrUjc-rb_NWNHq26lKJAokx3kdIiaG8Y3sygaCYqZF3oBIMx3CjcdbS6Bg9mWiWqMyhXP4-NIEJ66GOQCLoc7oz72DuxT6IyMq3oqa_I5kJ13MuoTXsUl6ar5VN0TyM6EILLwiNP-zpbF7tbdUYyjNUHkhlYG5IhEuKt_WaN5EGN6SMFOfdUwCbIvVOipjWlxXpZPObXnoqYWgN9BOYP9TBIT4OE9iwhr47meVcr4UgcUTvBYSWWvC9VwH8iMILzIo2oYQF57OZdGrsWkO6Y5JUX2TtNP-X4ZgY8Fsy89KoGZCqVOLlMUJ4x4AlgGT6xxS6HeC8QyCU4DisNrhcYLyQgZDlp-jJmTy1W_kC2zSonmCAOhVtBfMwqqhKykL3Tmq4DVP1lFWAv8WXRQfCQutpSqRIq-FhdUH3LldZIwFsrHGHK-SN0AX-jBQNCjxuIy-sseDWXZiiOzs0c-egVekaRp3ZJn9czYHPWTXWNakpsM08_J_T4Ia6ws9OVYLOsP4ZmwhfeULNVxhw-z2sQEW3ybtPX1TfB89KnvYjzH35nKm_N1ft_svVqyajkC5Z5gGCMEVLYf4LMgX55v73uRQKRB1f4xh7GvF9RUvsX6Q0bm05ox508nigHfAVikVRjaIX-Bpakm93YN3RKTmLAo15V-A2p8J2F3DYCxxxoJ2UUbU8Gt-0A2y0JWaFeB1XfwuAm5P6mCtNeFcXFGMJ5-fLmEILbN2Hd1O83Vu0e_yVFu1v1cIouOBJgYjG7z2k-y6eye3KDEIBoMCY6g5PDWvBtqnUR4_Nn6F9fMSQ5-Dq-Rn3AoGCRumayigOLPjGBscr18GCN7ZukXwk&cb=_clbnwchqtigm9gpy6xdo3m&nojs=0&ix=0&abvar=13&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=23012422475ee85fe51b0c4dd0b280b02c43; Path=/; Expires=Thu, 25 Jan 2024 03:47:47 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
cdn.pncloudfl.com/pn/71a/dd2/7d5/71add27d5bb61aab24af91ebe2af7f4205a35feb.jpg
172.67.25.161200 OK 49 kB URL HTTP/2 cdn.pncloudfl.com/pn/71a/dd2/7d5/71add27d5bb61aab24af91ebe2af7f4205a35feb.jpg
IP 172.67.25.161:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash eedf689c4a33b79c440062e703d60ff6
a8300edf1b950a50086eb44165a6f6ae278e5057
b8b368d98eb9d04ce213fa62fa781f3bad8d48e5a57f98359cb880ab9600579f
GET /pn/71a/dd2/7d5/71add27d5bb61aab24af91ebe2af7f4205a35feb.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: image/webp
content-length: 48676
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=83221
content-disposition: inline; filename="71add27d5bb61aab24af91ebe2af7f4205a35feb.webp"
etag: 1df69ad2c9b78c9186aaa33fa40c237f
expires: Wed, 25 Jan 2023 19:02:01 GMT
last-modified: Thu, 06 Oct 2022 02:00:51 GMT
vary: Accept
x-openstack-request-id: txe73bad396e604f28ab17d-00633e3eef
x-proxy-cache: HIT
x-timestamp: 1665021650.87526
x-trans-id: txe73bad396e604f28ab17d-00633e3eef
cf-cache-status: HIT
age: 117946
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 78ee078d29f8b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
limurol.com/ssp/req/1836670/?pb=7341ee7a77ed8d04a208826697224cf71674625667&psp=C83MzWlf3Qd6Sf4c1BwIANZFWhAsaNO1jOrUjc-rb_NWNHq26lKJAokx3kdIiaG8Y3sygaCYqZF3oBIMx3CjcdbS6Bg9mWiWqMyhXP4-NIEJ66GOQCLoc7oz72DuxT6IyMq3oqa_I5kJ13MuoTXsUl6ar5VN0TyM6EILLwiNP-zpbF7tbdUYyjNUHkhlYG5IhEuKt_WaN5EGN6SMFOfdUwCbIvVOipjWlxXpZPObXnoqYWgN9BOYP9TBIT4OE9iwhr47meVcr4UgcUTvBYSWWvC9VwH8iMILzIo2oYQF57OZdGrsWkO6Y5JUX2TtNP-X4ZgY8Fsy89KoGZCqVOLlMUJ4x4AlgGT6xxS6HeC8QyCU4DisNrhcYLyQgZDlp-jJmTy1W_kC2zSonmCAOhVtBfMwqqhKykL3Tmq4DVP1lFWAv8WXRQfCQutpSqRIq-FhdUH3LldZIwFsrHGHK-SN0AX-jBQNCjxuIy-sseDWXZiiOzs0c-egVekaRp3ZJn9czYHPWTXWNakpsM08_J_T4Ia6ws9OVYLOsP4ZmwhfeULNVxhw-z2sQEW3ybtPX1TfB89KnvYjzH35nKm_N1ft_svVqyajkC5Z5gGCMEVLYf4LMgX55v73uRQKRB1f4xh7GvF9RUvsX6Q0bm05ox508nigHfAVikVRjaIX-Bpakm93YN3RKTmLAo15V-A2p8J2F3DYCxxxoJ2UUbU8Gt-0A2y0JWaFeB1XfwuAm5P6mCtNeFcXFGMJ5-fLmEILbN2Hd1O83Vu0e_yVFu1v1cIouOBJgYjG7z2k-y6eye3KDEIBoMCY6g5PDWvBtqnUR4_Nn6F9fMSQ5-Dq-Rn3AoGCRumayigOLPjGBscr18GCN7ZukXwk&cb=_clbnwchqtigm9gpy6xdo3m&nojs=0&ix=0&abvar=13&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
62.122.171.6200 OK 7 B URL HTTP/2 limurol.com/ssp/req/1836670/?pb=7341ee7a77ed8d04a208826697224cf71674625667&psp=C83MzWlf3Qd6Sf4c1BwIANZFWhAsaNO1jOrUjc-rb_NWNHq26lKJAokx3kdIiaG8Y3sygaCYqZF3oBIMx3CjcdbS6Bg9mWiWqMyhXP4-NIEJ66GOQCLoc7oz72DuxT6IyMq3oqa_I5kJ13MuoTXsUl6ar5VN0TyM6EILLwiNP-zpbF7tbdUYyjNUHkhlYG5IhEuKt_WaN5EGN6SMFOfdUwCbIvVOipjWlxXpZPObXnoqYWgN9BOYP9TBIT4OE9iwhr47meVcr4UgcUTvBYSWWvC9VwH8iMILzIo2oYQF57OZdGrsWkO6Y5JUX2TtNP-X4ZgY8Fsy89KoGZCqVOLlMUJ4x4AlgGT6xxS6HeC8QyCU4DisNrhcYLyQgZDlp-jJmTy1W_kC2zSonmCAOhVtBfMwqqhKykL3Tmq4DVP1lFWAv8WXRQfCQutpSqRIq-FhdUH3LldZIwFsrHGHK-SN0AX-jBQNCjxuIy-sseDWXZiiOzs0c-egVekaRp3ZJn9czYHPWTXWNakpsM08_J_T4Ia6ws9OVYLOsP4ZmwhfeULNVxhw-z2sQEW3ybtPX1TfB89KnvYjzH35nKm_N1ft_svVqyajkC5Z5gGCMEVLYf4LMgX55v73uRQKRB1f4xh7GvF9RUvsX6Q0bm05ox508nigHfAVikVRjaIX-Bpakm93YN3RKTmLAo15V-A2p8J2F3DYCxxxoJ2UUbU8Gt-0A2y0JWaFeB1XfwuAm5P6mCtNeFcXFGMJ5-fLmEILbN2Hd1O83Vu0e_yVFu1v1cIouOBJgYjG7z2k-y6eye3KDEIBoMCY6g5PDWvBtqnUR4_Nn6F9fMSQ5-Dq-Rn3AoGCRumayigOLPjGBscr18GCN7ZukXwk&cb=_clbnwchqtigm9gpy6xdo3m&nojs=0&ix=0&abvar=13&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP 62.122.171.6:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
GET /ssp/req/1836670/?pb=7341ee7a77ed8d04a208826697224cf71674625667&psp=C83MzWlf3Qd6Sf4c1BwIANZFWhAsaNO1jOrUjc-rb_NWNHq26lKJAokx3kdIiaG8Y3sygaCYqZF3oBIMx3CjcdbS6Bg9mWiWqMyhXP4-NIEJ66GOQCLoc7oz72DuxT6IyMq3oqa_I5kJ13MuoTXsUl6ar5VN0TyM6EILLwiNP-zpbF7tbdUYyjNUHkhlYG5IhEuKt_WaN5EGN6SMFOfdUwCbIvVOipjWlxXpZPObXnoqYWgN9BOYP9TBIT4OE9iwhr47meVcr4UgcUTvBYSWWvC9VwH8iMILzIo2oYQF57OZdGrsWkO6Y5JUX2TtNP-X4ZgY8Fsy89KoGZCqVOLlMUJ4x4AlgGT6xxS6HeC8QyCU4DisNrhcYLyQgZDlp-jJmTy1W_kC2zSonmCAOhVtBfMwqqhKykL3Tmq4DVP1lFWAv8WXRQfCQutpSqRIq-FhdUH3LldZIwFsrHGHK-SN0AX-jBQNCjxuIy-sseDWXZiiOzs0c-egVekaRp3ZJn9czYHPWTXWNakpsM08_J_T4Ia6ws9OVYLOsP4ZmwhfeULNVxhw-z2sQEW3ybtPX1TfB89KnvYjzH35nKm_N1ft_svVqyajkC5Z5gGCMEVLYf4LMgX55v73uRQKRB1f4xh7GvF9RUvsX6Q0bm05ox508nigHfAVikVRjaIX-Bpakm93YN3RKTmLAo15V-A2p8J2F3DYCxxxoJ2UUbU8Gt-0A2y0JWaFeB1XfwuAm5P6mCtNeFcXFGMJ5-fLmEILbN2Hd1O83Vu0e_yVFu1v1cIouOBJgYjG7z2k-y6eye3KDEIBoMCY6g5PDWvBtqnUR4_Nn6F9fMSQ5-Dq-Rn3AoGCRumayigOLPjGBscr18GCN7ZukXwk&cb=_clbnwchqtigm9gpy6xdo3m&nojs=0&ix=0&abvar=13&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=23012422471825f140c2ea4373a1aebd60a4; Path=/; Expires=Thu, 25 Jan 2024 03:47:47 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
hqq.to/ad/api/popunder.js
190.115.19.71200 OK 21 B URL HTTP/2 hqq.to/ad/api/popunder.js
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with no line terminators
Hash 533a813ddb8f84d7e018bf8e6296c44d
8c95af23d5dc502f1bc3395a6d2e339e696c0d3e
a499068cf858aa2cd9b077e2e354b6bf8435eaa8e44c2047f403c7283031977f
GET /ad/api/popunder.js HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/WWtZa044eFAzbUZaZ2lla1NrVS9Jdz09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:46 GMT
content-type: application/javascript; charset=UTF-8
content-length: 21
last-modified: Wed, 15 Sep 2021 14:06:22 GMT
etag: "6141fdde-15"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
server: Google Frontend
x-cache-status-inferno-s: HIT
x-inferno-location: static
accept-ranges: bytes
X-Firefox-Spdy: h2
rxeosevsso.com/chicken.gif?z=1871912&pb=42a3bced41135c43062eb68d9069814d1674625666&psp=9CexKjBYQXmDji0nuVIcJkCqwtfg2U61mC1g2jXk_O9xlUo6sydWwxCIcnvUmLV7Ube4zvSqXba7S7AampjvpQWfvkM_3WTgpKynqkZJtcDqeOU1Yy8c6lXsQ8rAqMbYVImHd87HtXn0_tudggbiC_wNdTxXBOku4BsCjBixC0Y-irH-EcLdbAzSYOLkFoOJ3yGh18Tocro0dSzHzbBN92eujKpHpPrUO5P2hR352qJjgFP7KFYQ1zcJsjtBqBTyW725Yc_EH2Syv2B38wxHbVHPmXCC4Nd5s0lj5Gj5i5lYiEGaee3KXRTZfZzkrGaWRk305qB4igHQRHsN9S4-gu1-eKGJjgNXOa9QkXXPGKSndHNfop78E-195RIUh2pUP81jrftf87f0wLDTIQQHo7pxQOA7uLF3xtvKLgNxOH6vkDd4c_3YDkqa5OayKR6DpEkFnojM2Rg9cLtxoUEvC1eXfblu4nQ0DKSpjIqsQSRKoBsVfCJ7qE977KIwrPgra2sveMMkG5Tbx9vt_lak2Hl5fp7106th5-y2GrUbCXZdCsvddA-LIHHzzf2YKnsJVyWKrL46Su3Vw3Zdr5nsdBnzIiWaocvReQpdIoSy-RktX46WbaQUzoZQ6nh8JPlG7Nh62j0f0DIA3yD6Fadkp65vYFWt7zFzDB9LGQ0P-cGjUUr4Mp8TW9qXInJfj3BU-p6wWaQuj3hPTqFtn8SQzGAsGFqG5a_xlXvJwujuhHU=&abvar=12&os=0
62.122.171.6200 OK 43 B URL HTTP/2 rxeosevsso.com/chicken.gif?z=1871912&pb=42a3bced41135c43062eb68d9069814d1674625666&psp=9CexKjBYQXmDji0nuVIcJkCqwtfg2U61mC1g2jXk_O9xlUo6sydWwxCIcnvUmLV7Ube4zvSqXba7S7AampjvpQWfvkM_3WTgpKynqkZJtcDqeOU1Yy8c6lXsQ8rAqMbYVImHd87HtXn0_tudggbiC_wNdTxXBOku4BsCjBixC0Y-irH-EcLdbAzSYOLkFoOJ3yGh18Tocro0dSzHzbBN92eujKpHpPrUO5P2hR352qJjgFP7KFYQ1zcJsjtBqBTyW725Yc_EH2Syv2B38wxHbVHPmXCC4Nd5s0lj5Gj5i5lYiEGaee3KXRTZfZzkrGaWRk305qB4igHQRHsN9S4-gu1-eKGJjgNXOa9QkXXPGKSndHNfop78E-195RIUh2pUP81jrftf87f0wLDTIQQHo7pxQOA7uLF3xtvKLgNxOH6vkDd4c_3YDkqa5OayKR6DpEkFnojM2Rg9cLtxoUEvC1eXfblu4nQ0DKSpjIqsQSRKoBsVfCJ7qE977KIwrPgra2sveMMkG5Tbx9vt_lak2Hl5fp7106th5-y2GrUbCXZdCsvddA-LIHHzzf2YKnsJVyWKrL46Su3Vw3Zdr5nsdBnzIiWaocvReQpdIoSy-RktX46WbaQUzoZQ6nh8JPlG7Nh62j0f0DIA3yD6Fadkp65vYFWt7zFzDB9LGQ0P-cGjUUr4Mp8TW9qXInJfj3BU-p6wWaQuj3hPTqFtn8SQzGAsGFqG5a_xlXvJwujuhHU=&abvar=12&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /chicken.gif?z=1871912&pb=42a3bced41135c43062eb68d9069814d1674625666&psp=9CexKjBYQXmDji0nuVIcJkCqwtfg2U61mC1g2jXk_O9xlUo6sydWwxCIcnvUmLV7Ube4zvSqXba7S7AampjvpQWfvkM_3WTgpKynqkZJtcDqeOU1Yy8c6lXsQ8rAqMbYVImHd87HtXn0_tudggbiC_wNdTxXBOku4BsCjBixC0Y-irH-EcLdbAzSYOLkFoOJ3yGh18Tocro0dSzHzbBN92eujKpHpPrUO5P2hR352qJjgFP7KFYQ1zcJsjtBqBTyW725Yc_EH2Syv2B38wxHbVHPmXCC4Nd5s0lj5Gj5i5lYiEGaee3KXRTZfZzkrGaWRk305qB4igHQRHsN9S4-gu1-eKGJjgNXOa9QkXXPGKSndHNfop78E-195RIUh2pUP81jrftf87f0wLDTIQQHo7pxQOA7uLF3xtvKLgNxOH6vkDd4c_3YDkqa5OayKR6DpEkFnojM2Rg9cLtxoUEvC1eXfblu4nQ0DKSpjIqsQSRKoBsVfCJ7qE977KIwrPgra2sveMMkG5Tbx9vt_lak2Hl5fp7106th5-y2GrUbCXZdCsvddA-LIHHzzf2YKnsJVyWKrL46Su3Vw3Zdr5nsdBnzIiWaocvReQpdIoSy-RktX46WbaQUzoZQ6nh8JPlG7Nh62j0f0DIA3yD6Fadkp65vYFWt7zFzDB9LGQ0P-cGjUUr4Mp8TW9qXInJfj3BU-p6wWaQuj3hPTqFtn8SQzGAsGFqG5a_xlXvJwujuhHU=&abvar=12&os=0 HTTP/1.1
Host: rxeosevsso.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2301242247ec71ab5bdf624c61b8c9379f79
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACQ6xAAAAAAAAAAB; Path=/; Expires=Fri, 24 Feb 2023 03:47:47 GMT; Secure; SameSite=None
OACIBLOCK=ACQ6xAAAAABjz2XQ; Path=/; Expires=Fri, 24 Feb 2023 03:47:47 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Thu, 26 Jan 2023 03:47:47 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
rxeosevsso.com/whob.gif?z=1871912&pb=42a3bced41135c43062eb68d9069814d1674625666&psp=9CexKjBYQXmDji0nuVIcJkCqwtfg2U61mC1g2jXk_O9xlUo6sydWwxCIcnvUmLV7Ube4zvSqXba7S7AampjvpQWfvkM_3WTgpKynqkZJtcDqeOU1Yy8c6lXsQ8rAqMbYVImHd87HtXn0_tudggbiC_wNdTxXBOku4BsCjBixC0Y-irH-EcLdbAzSYOLkFoOJ3yGh18Tocro0dSzHzbBN92eujKpHpPrUO5P2hR352qJjgFP7KFYQ1zcJsjtBqBTyW725Yc_EH2Syv2B38wxHbVHPmXCC4Nd5s0lj5Gj5i5lYiEGaee3KXRTZfZzkrGaWRk305qB4igHQRHsN9S4-gu1-eKGJjgNXOa9QkXXPGKSndHNfop78E-195RIUh2pUP81jrftf87f0wLDTIQQHo7pxQOA7uLF3xtvKLgNxOH6vkDd4c_3YDkqa5OayKR6DpEkFnojM2Rg9cLtxoUEvC1eXfblu4nQ0DKSpjIqsQSRKoBsVfCJ7qE977KIwrPgra2sveMMkG5Tbx9vt_lak2Hl5fp7106th5-y2GrUbCXZdCsvddA-LIHHzzf2YKnsJVyWKrL46Su3Vw3Zdr5nsdBnzIiWaocvReQpdIoSy-RktX46WbaQUzoZQ6nh8JPlG7Nh62j0f0DIA3yD6Fadkp65vYFWt7zFzDB9LGQ0P-cGjUUr4Mp8TW9qXInJfj3BU-p6wWaQuj3hPTqFtn8SQzGAsGFqG5a_xlXvJwujuhHU=&abvar=12&os=0
62.122.171.6200 OK 43 B URL HTTP/2 rxeosevsso.com/whob.gif?z=1871912&pb=42a3bced41135c43062eb68d9069814d1674625666&psp=9CexKjBYQXmDji0nuVIcJkCqwtfg2U61mC1g2jXk_O9xlUo6sydWwxCIcnvUmLV7Ube4zvSqXba7S7AampjvpQWfvkM_3WTgpKynqkZJtcDqeOU1Yy8c6lXsQ8rAqMbYVImHd87HtXn0_tudggbiC_wNdTxXBOku4BsCjBixC0Y-irH-EcLdbAzSYOLkFoOJ3yGh18Tocro0dSzHzbBN92eujKpHpPrUO5P2hR352qJjgFP7KFYQ1zcJsjtBqBTyW725Yc_EH2Syv2B38wxHbVHPmXCC4Nd5s0lj5Gj5i5lYiEGaee3KXRTZfZzkrGaWRk305qB4igHQRHsN9S4-gu1-eKGJjgNXOa9QkXXPGKSndHNfop78E-195RIUh2pUP81jrftf87f0wLDTIQQHo7pxQOA7uLF3xtvKLgNxOH6vkDd4c_3YDkqa5OayKR6DpEkFnojM2Rg9cLtxoUEvC1eXfblu4nQ0DKSpjIqsQSRKoBsVfCJ7qE977KIwrPgra2sveMMkG5Tbx9vt_lak2Hl5fp7106th5-y2GrUbCXZdCsvddA-LIHHzzf2YKnsJVyWKrL46Su3Vw3Zdr5nsdBnzIiWaocvReQpdIoSy-RktX46WbaQUzoZQ6nh8JPlG7Nh62j0f0DIA3yD6Fadkp65vYFWt7zFzDB9LGQ0P-cGjUUr4Mp8TW9qXInJfj3BU-p6wWaQuj3hPTqFtn8SQzGAsGFqG5a_xlXvJwujuhHU=&abvar=12&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
GET /whob.gif?z=1871912&pb=42a3bced41135c43062eb68d9069814d1674625666&psp=9CexKjBYQXmDji0nuVIcJkCqwtfg2U61mC1g2jXk_O9xlUo6sydWwxCIcnvUmLV7Ube4zvSqXba7S7AampjvpQWfvkM_3WTgpKynqkZJtcDqeOU1Yy8c6lXsQ8rAqMbYVImHd87HtXn0_tudggbiC_wNdTxXBOku4BsCjBixC0Y-irH-EcLdbAzSYOLkFoOJ3yGh18Tocro0dSzHzbBN92eujKpHpPrUO5P2hR352qJjgFP7KFYQ1zcJsjtBqBTyW725Yc_EH2Syv2B38wxHbVHPmXCC4Nd5s0lj5Gj5i5lYiEGaee3KXRTZfZzkrGaWRk305qB4igHQRHsN9S4-gu1-eKGJjgNXOa9QkXXPGKSndHNfop78E-195RIUh2pUP81jrftf87f0wLDTIQQHo7pxQOA7uLF3xtvKLgNxOH6vkDd4c_3YDkqa5OayKR6DpEkFnojM2Rg9cLtxoUEvC1eXfblu4nQ0DKSpjIqsQSRKoBsVfCJ7qE977KIwrPgra2sveMMkG5Tbx9vt_lak2Hl5fp7106th5-y2GrUbCXZdCsvddA-LIHHzzf2YKnsJVyWKrL46Su3Vw3Zdr5nsdBnzIiWaocvReQpdIoSy-RktX46WbaQUzoZQ6nh8JPlG7Nh62j0f0DIA3yD6Fadkp65vYFWt7zFzDB9LGQ0P-cGjUUr4Mp8TW9qXInJfj3BU-p6wWaQuj3hPTqFtn8SQzGAsGFqG5a_xlXvJwujuhHU=&abvar=12&os=0 HTTP/1.1
Host: rxeosevsso.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2301242247ec71ab5bdf624c61b8c9379f79
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.banner.view
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3791d3159166b0d8a85267eaec1ca6a2
58019da0efc533b1d80d8895bf33a7bb5d270569
374f8d8775e3222b19daee1cf3cd78ffbe4f2a9773a86db41f0912ae9abdcf35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5145
Cache-Control: max-age=131577
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:47 GMT
Etag: "63cff143-118"
Expires: Thu, 26 Jan 2023 16:20:44 GMT
Last-Modified: Tue, 24 Jan 2023 14:54:59 GMT
Server: ECS (amb/6B7C)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1f1be9cec3941aca66b1783cdc0ecfa9
8dc84c8fbd99a0f8e4ce3fef3f6cdf13eaeef980
73b0d617fcaf093c095cf30e03cc3fba56b15ea160192c11c02276d08fc34aeb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1287
Cache-Control: max-age=156489
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:47 GMT
Etag: "63d061a5-118"
Expires: Thu, 26 Jan 2023 23:15:56 GMT
Last-Modified: Tue, 24 Jan 2023 22:54:29 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3791d3159166b0d8a85267eaec1ca6a2
58019da0efc533b1d80d8895bf33a7bb5d270569
374f8d8775e3222b19daee1cf3cd78ffbe4f2a9773a86db41f0912ae9abdcf35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5306
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:47 GMT
Last-Modified: Wed, 25 Jan 2023 02:19:21 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3791d3159166b0d8a85267eaec1ca6a2
58019da0efc533b1d80d8895bf33a7bb5d270569
374f8d8775e3222b19daee1cf3cd78ffbe4f2a9773a86db41f0912ae9abdcf35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6507
Cache-Control: max-age=132938
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:47 GMT
Etag: "63cff143-118"
Expires: Thu, 26 Jan 2023 16:43:25 GMT
Last-Modified: Tue, 24 Jan 2023 14:54:59 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 894e65e66b3dc8852162b772e714c947
05e584f5a0d463956592d0cc5c7d17b79b15bf2d
419a77d4179a4494a14dabadc926a9b6dbddff7964ee6ebb941d5d8e926e3558
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "419A77D4179A4494A14DABADC926A9B6DBDDFF7964EE6EBB941D5D8E926E3558"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15003
Expires: Wed, 25 Jan 2023 07:57:50 GMT
Date: Wed, 25 Jan 2023 03:47:47 GMT
Connection: keep-alive
push.services.mozilla.com/
35.164.121.101101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.121.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: aQJGPFJ9kVfwWknxmZfHuA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LbC0ptwG1XflNITHLeQo64DUxeU=
ocsp2.globalsign.com/gsalphasha2g2
151.101.130.133200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 151.101.130.133:0
Hash ca7d98f81044820736dab67e29024bbe
6ac868223d2571c203216f2c03aea0c506f500c0
d33fbbb3a26f34e632cab6258aac00c93b73885df8a13938d8793ac84472f62c
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1423
Server: nginx
Content-Type: application/ocsp-response
Expires: Sun, 29 Jan 2023 01:15:16 GMT
ETag: "6ac868223d2571c203216f2c03aea0c506f500c0"
Last-Modified: Wed, 25 Jan 2023 01:15:17 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 25 Jan 2023 03:47:47 GMT
Age: 1790
X-Served-By: cache-qpg1266-QPG, cache-bma1641-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 33, 1
X-Timer: S1674618468.517052,VS0,VE1
hqq.to/js/video.jquery_plugs/modernizr.js?12
190.115.19.71200 OK 629 B URL HTTP/2 hqq.to/js/video.jquery_plugs/modernizr.js?12
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 425b622230ea3556b7264d9a2a1c59cd
47e5c6fc03db53444f07f7544e0e23a87abf5be9
a31877fc9cc27289bea4c84cd025b616c485738b637f986c6225c377de3ad51e
GET /js/video.jquery_plugs/modernizr.js?12 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/WWtZa044eFAzbUZaZ2lla1NrVS9Jdz09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:46 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 03 Jun 2018 17:19:35 GMT
etag: W/"5b142327-4cb"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
server: Google Frontend
x-cache-status-inferno-s: HIT
x-inferno-location: static
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash be8f3dbc64da90f84ff52060f53a8d41
62791a0a94769171eecb51a953eda28d9ff03041
58b2d7efe9e74a42d193cbabad8594dd4d35ccd9eaf3af54f29e413550e07d87
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6249
Cache-Control: max-age=90555
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:47 GMT
Etag: "63cf4cb5-117"
Expires: Thu, 26 Jan 2023 04:57:02 GMT
Last-Modified: Tue, 24 Jan 2023 03:12:53 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279
commentsengine.com/js/js.load.1.js?9030654955463660
188.114.97.1200 OK 0 B URL HTTP/2 commentsengine.com/js/js.load.1.js?9030654955463660
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/js.load.1.js?9030654955463660 HTTP/1.1
Host: commentsengine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=UTF-8
content-length: 0
last-modified: Thu, 14 Apr 2022 12:20:52 GMT
etag: "625811a4-0"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 20067792
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IMXPJw2deffnvULdBy385rCOKymnPQ3gEbqu8BIyRjNzPwZBRrzsUSb2dOF0u%2FW11IJgnWgux5lNTsWiOmYP0KHW32Yz7ghlEyxC0PAopE%2BrvXP9DLz7a8Njt1B2FjZRonEhYDs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee078e8ac91c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/js/adv/fuckadblock.js?2
190.115.19.71200 OK 4.3 kB URL HTTP/2 hqq.to/js/adv/fuckadblock.js?2
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 9f91907c82b19e2cf6bbe90cef9bba00
b6de2216f4d921e6d0f3c4fafc724181f8c09071
1672aab8bf65a60cc12d2126b2c45db944cf1e9689b6e17c911274a5b62258e2
GET /js/adv/fuckadblock.js?2 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/WWtZa044eFAzbUZaZ2lla1NrVS9Jdz09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:46 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2019 17:39:04 GMT
etag: W/"5d656ab8-369e"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
server: Google Frontend
x-cache-status-inferno-s: HIT
x-inferno-location: static
X-Firefox-Spdy: h2
6.adsco.re/
104.17.166.186200 OK 0 B IP 104.17.166.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hdgay.net
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://hdgay.net
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee078eca4b0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 894e65e66b3dc8852162b772e714c947
05e584f5a0d463956592d0cc5c7d17b79b15bf2d
419a77d4179a4494a14dabadc926a9b6dbddff7964ee6ebb941d5d8e926e3558
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "419A77D4179A4494A14DABADC926A9B6DBDDFF7964EE6EBB941D5D8E926E3558"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15003
Expires: Wed, 25 Jan 2023 07:57:50 GMT
Date: Wed, 25 Jan 2023 03:47:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 175510e096d45d02e7b8e2e1c0c6c7f4
9136d97970a3640c45717fa966a5e0e72a17f704
a13cf49b474c6c84e7d07a0e69ab920c689972dd1a953647493c399eff4dcdd1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A13CF49B474C6C84E7D07A0E69AB920C689972DD1A953647493C399EFF4DCDD1"
Last-Modified: Tue, 24 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12897
Expires: Wed, 25 Jan 2023 07:22:44 GMT
Date: Wed, 25 Jan 2023 03:47:47 GMT
Connection: keep-alive
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hdgay.net
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 03:47:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://hdgay.net
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
dcba.popcash.net/znWaa3gu
3.222.40.224204 No Content 0 B URL HTTP/2 dcba.popcash.net/znWaa3gu
IP 3.222.40.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /znWaa3gu HTTP/1.1
Host: dcba.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hdgay.net
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 25 Jan 2023 03:47:47 GMT
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
X-Firefox-Spdy: h2
v9qapio7vfza.l4.adsco.re/
185.200.118.90200 OK 0 B URL HTTP/1.1 v9qapio7vfza.l4.adsco.re/
IP 185.200.118.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: v9qapio7vfza.l4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://hdgay.net
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 03:47:47 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Tue, 31 Jul 2018 22:16:15 GMT
Connection: close
ETag: "5b60dfaf-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 090251b3bfb29f0ae20ede19d071f2b6
2ea97321f65fc31beac775a2dcedba5357a47fea
5f3260e3db62a6c0fbef0742f22b8591d441d116235f9516197059a23ac01c6f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2080
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:47 GMT
Etag: "63cf2c56-117"
Last-Modified: Wed, 25 Jan 2023 03:13:07 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 090251b3bfb29f0ae20ede19d071f2b6
2ea97321f65fc31beac775a2dcedba5357a47fea
5f3260e3db62a6c0fbef0742f22b8591d441d116235f9516197059a23ac01c6f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2212
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:47 GMT
Last-Modified: Wed, 25 Jan 2023 03:10:55 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 090251b3bfb29f0ae20ede19d071f2b6
2ea97321f65fc31beac775a2dcedba5357a47fea
5f3260e3db62a6c0fbef0742f22b8591d441d116235f9516197059a23ac01c6f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 807
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:47 GMT
Last-Modified: Wed, 25 Jan 2023 03:34:20 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 090251b3bfb29f0ae20ede19d071f2b6
2ea97321f65fc31beac775a2dcedba5357a47fea
5f3260e3db62a6c0fbef0742f22b8591d441d116235f9516197059a23ac01c6f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2080
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:47 GMT
Etag: "63cf2c56-117"
Last-Modified: Wed, 25 Jan 2023 03:13:07 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 090251b3bfb29f0ae20ede19d071f2b6
2ea97321f65fc31beac775a2dcedba5357a47fea
5f3260e3db62a6c0fbef0742f22b8591d441d116235f9516197059a23ac01c6f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2212
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:47 GMT
Last-Modified: Wed, 25 Jan 2023 03:10:55 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 278
iamcdn.net/players/player.min.css
188.114.96.1200 OK 1.1 kB URL HTTP/2 iamcdn.net/players/player.min.css
IP 188.114.96.1:0
File type ASCII text, with very long lines (2813), with no line terminators
Hash b896bdd29b3c6b03d69393465fd68546
02b9796645ff91b4ca02c74abd9f85ab00f726f6
89794cdf4ece9ee1b9caf181d75208265f6665ef6565cd87a5980ee0dbcbb5ff
GET /players/player.min.css HTTP/1.1
Host: iamcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
last-modified: Wed, 17 Feb 2021 10:20:19 GMT
etag: W/"afd-177af813eb8"
cf-cache-status: HIT
age: 6920
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GOSHjiQ1tBv1y5k3zNFJ9Ir%2B7mPB69zhqvg%2Bg3He%2Fnl35Zgfy%2BbFXBIB2qLjDSv1SzlcVIYyKEPVu8GumcjT57RLR8icAem1EYKAfMFRpJVzqESukpsnjX12v7Wo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee07903974b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/jquery@3.2.1/dist/jquery.min.js
151.101.65.229200 OK 30 kB URL HTTP/2 cdn.jsdelivr.net/npm/jquery@3.2.1/dist/jquery.min.js
IP 151.101.65.229:0
File type ASCII text, with very long lines (32058)
Hash 20532f68850fbf98301ee064978fe500
baa841180e3a637eec908fbe16446a1d3270c6f8
421607c7298f63a23569c71a3269c5ae3cfe15a36290039735c3ae3533de2c68
GET /npm/jquery@3.2.1/dist/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.2.1
x-jsd-version-type: version
etag: W/"15283-EFUBjCirQQh++czv5BFgaJPavqI"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 25 Jan 2023 03:47:47 GMT
age: 3717391
x-served-by: cache-fra-eddf8230126-FRA, cache-bma1673-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 30180
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
151.101.130.133200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 151.101.130.133:0
Hash 1d476e6dacb76d8adce7374696a98c2f
b1ad244c7a473c35f2efbf074685a461a273195d
bc6c6d0b8c73ad24d5aa2c817081aea55ca60df5f7aabe6f488c0bdc73ccf2c0
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1462
Content-Type: application/ocsp-response
Etag: "F3B1A96EE5F79DC5BC35A260406634DF4794DFAC"
Expires: Wed, 25 Jan 2023 15:00:00 UTC
Last-Modified: Wed, 25 Jan 2023 03:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
Accept-Ranges: bytes
Date: Wed, 25 Jan 2023 03:47:47 GMT
Via: 1.1 varnish
Age: 199
X-Served-By: cache-bma1639-BMA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1674618468.938993,VS0,VE1
hqq.to/cdn-cgi/trace
190.115.19.71404 Not Found 146 B IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /cdn-cgi/trace HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://hqq.to/e/WWtZa044eFAzbUZaZ2lla1NrVS9Jdz09
Cookie: uid=c9wqo*fKHGFwruQLBrgDe3uxcZuQd_xY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: text/html; charset=UTF-8
content-length: 146
x-origin-location: /
server: Google Frontend
x-cache-status-inferno: MISS
x-inferno-location: /
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 80690b85ee5b508d3a5dda1a87f35be0
8e01c1d72203a9ebab89159f39706c1bfac4beae
02d61ffa82c5d94875c20fc5b0b3872a2684c5ac91ac064098a65e9d51797b51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02D61FFA82C5D94875C20FC5B0B3872A2684C5AC91AC064098A65E9D51797B51"
Last-Modified: Mon, 23 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=757
Expires: Wed, 25 Jan 2023 04:00:24 GMT
Date: Wed, 25 Jan 2023 03:47:47 GMT
Connection: keep-alive
poweredby.jads.co/adshow.php?adzone=799246
185.94.236.244200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=799246
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1615), with CRLF, LF line terminators
Hash ef1d3251c36eca1296a17e153619c9fc
67b3e8542b6431df9b7fa361303158b67970cec3
3117e262d562f659ce4359ceba526b641e75555671ba8ebc6ba27a213bc4fc45
GET /adshow.php?adzone=799246 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 03:47:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=7c381a3ac498ed5706c6ba66a93d6440; expires=Thu, 25-Jan-2024 03:47:47 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Sat, 28-Jan-2023 03:47:47 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 28-Jan-2023 03:47:47 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 72bc9375d7c0176ff9051d1c0d5bcc8a
5021ebc477e42ffa2136d8384fc88a766e39d153
7827d9ddc7a2dd5bc5158aedfa79ce48e1ff8491a68da474bc2ce39903aaac52
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7827D9DDC7A2DD5BC5158AEDFA79CE48E1FF8491A68DA474BC2CE39903AAAC52"
Last-Modified: Mon, 23 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=669
Expires: Wed, 25 Jan 2023 03:58:56 GMT
Date: Wed, 25 Jan 2023 03:47:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0d67ee16471e318879bf2d6205106588
61aa9300e6f47ed933bd5028a95abac82d24d126
2183c6fa2fbe5cacd8479247fa5aeed4fe1ad09bc1b246f052525aa786d87d31
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2183C6FA2FBE5CACD8479247FA5AEED4FE1AD09BC1B246F052525AA786D87D31"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20088
Expires: Wed, 25 Jan 2023 09:22:35 GMT
Date: Wed, 25 Jan 2023 03:47:47 GMT
Connection: keep-alive
thaudray.com/favicon.ico
139.45.197.237204 No Content 0 B IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: thaudray.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 25 Jan 2023 03:47:48 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2
nimrute.com/favicon.ico
138.201.51.158200 OK 0 B IP 138.201.51.158:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: nimrute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 03:47:48 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Sun, 01 Jan 2023 05:04:29 GMT
Connection: keep-alive
ETag: "63b1145d-0"
Accept-Ranges: bytes
nessainy.net/favicon.ico
139.45.197.236204 No Content 0 B IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: nessainy.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Wed, 25 Jan 2023 03:47:48 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7cd96ccfe4dc44afc2d44fd000556820
4ec95cdb153ef2aadd20db225e0636ee74630a89
b333f1090ded2993463fc97e4b3b9aa713554c7588a1e83d2905e3ee58987f3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B333F1090DED2993463FC97E4B3B9AA713554C7588A1E83D2905E3EE58987F3E"
Last-Modified: Tue, 24 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12980
Expires: Wed, 25 Jan 2023 07:24:08 GMT
Date: Wed, 25 Jan 2023 03:47:48 GMT
Connection: keep-alive
hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=9928230
190.115.19.71200 OK 2 B URL HTTP/2 hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=9928230
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=9928230 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/WWtZa044eFAzbUZaZ2lla1NrVS9Jdz09
Cookie: uid=c9wqo*fKHGFwruQLBrgDe3uxcZuQd_xY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:48 GMT
content-type: application/json
content-length: 2
server: Google Frontend
access-control-allow-origin: *
x-inferno-location: banner
X-Firefox-Spdy: h2
iamcdn.net/players/bundle.min.js
188.114.96.1200 OK 186 kB URL HTTP/2 iamcdn.net/players/bundle.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (65446), with CRLF line terminators
Size 186 kB (186051 bytes)
Hash bdfd6df2d83dfe878de8fc8a35907cf2
8265ff6a8c05306571dbb981b409241b90b2d17c
6b1254ee8378755363f9f7e7c82d46650e3ed1b8078095afbe45f801576d4f1e
GET /players/bundle.min.js HTTP/1.1
Host: iamcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
last-modified: Thu, 12 Jan 2023 01:35:26 GMT
etag: W/"a36ea-185a39e1c5c"
cf-cache-status: HIT
age: 5065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZCxDRlLhPNRvYNk5mxCIakbeERxF%2BliJPuambZFXP9E7M5yHU6Q%2BbPjNSTH8B9gHjqy5MMTqZhj2VlqJq%2F%2Bv2FzPDb5UotEfFCfsfmRp5C2C41Q5KQm10cACnWpL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee07902970b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.jads.co/ads/user155886/ad1661886-1664367608.gif
69.16.175.10200 OK 77 kB URL HTTP/2 i.jads.co/ads/user155886/ad1661886-1664367608.gif
IP 69.16.175.10:0
File type GIF image data, version 89a, 300 x 250\012- data
Hash 50a0817f8f16de3c72bf2a3374de5b05
7304bb1c90aa26094e8f647291ff629dcca28a49
522d21686d34fe2e9d3214d1feac46887547bebeadb502a937a1f82ed187c593
GET /ads/user155886/ad1661886-1664367608.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=7c381a3ac498ed5706c6ba66a93d6440; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:48 GMT
etag: "1664367608"
cache-control: max-age=27733984
content-length: 77180
content-type: image/gif
last-modified: Wed, 28 Sep 2022 12:20:08 GMT
accept-ranges: bytes
x-sp-metadata: HS256.CPTowp4GEocBCiRiOTUxMjdmMS0wOGRkLTRlNjAtYjNlZi1jNTljZGM5MTRkNWEQ8LqN8Z697wIaBgjkzMKeBiIMOTEuOTAuNDIuMTU0KJzNATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkODk1MjI1OTAtZjg2NC00MTM3LTg0NjYtOGMyMzNkZmE3NTRmGPzaBCIYCAISFGNkczIyMi5zazEuaHdjZG4ubmV0.XWF/ZUliHA3ExywVGHwt7nsTsDNLK9mgk8Qrg+HVy+o=
x-hw: 1674618468.dop227.sk1.t,1674618468.cds206.sk1.hn,1674618468.cds222.sk1.c
X-Firefox-Spdy: h2
cloudflare.com/cdn-cgi/trace
104.16.133.229200 OK 276 B URL HTTP/2 cloudflare.com/cdn-cgi/trace
IP 104.16.133.229:0
Hash 1e63baaeddb09248577bea74ee0334bf
813c6d03ad99a756a55009d92b9fcc41f94ed414
8e1e03abdb55939c2ddd53a01ce2573182918fd157d18820631125a0f87668fe
GET /cdn-cgi/trace HTTP/1.1
Host: cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://player-cdn.com/
Origin: https://player-cdn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:48 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 78ee07921eb2b4e8-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8aa377483580ef253f4a250128342ecd
b17d4aad2f529ed305719129807995446c627ab8
bd4d6de1eaa490250a146924d6707ed4188371f0be4dcca2471db439f2ff701f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BD4D6DE1EAA490250A146924D6707ED4188371F0BE4DCCA2471DB439F2FF701F"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=65
Expires: Wed, 25 Jan 2023 03:48:53 GMT
Date: Wed, 25 Jan 2023 03:47:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 15d6e91387db7fd83c844ca5f776154d
faa79b2a7ff1a52570bd84a07f88c1ad8598e836
9b318cf4a0d61245eb2f5e54ca0b85e408efa297edb644d5d045218acd9b143a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B318CF4A0D61245EB2F5E54CA0B85E408EFA297EDB644D5D045218ACD9B143A"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12916
Expires: Wed, 25 Jan 2023 07:23:04 GMT
Date: Wed, 25 Jan 2023 03:47:48 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/S_aWDyPjid8
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/S_aWDyPjid8
IP 142.250.74.131:0
Hash d8ec0af07e9760dfbb05f522b2e18c06
09cf99269c9ff5aebbc7557e0e865b485bd12f33
d9d3b52d322d8be80c649b446e0a2ca7b4558d545f8d94eedc164b753f5cb6c8
POST /s/gts1p5/S_aWDyPjid8 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
iamcdn.net/players/jwplayer/jwplayer.v8.custom.min.js
188.114.96.1200 OK 29 kB URL HTTP/2 iamcdn.net/players/jwplayer/jwplayer.v8.custom.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (65136), with CRLF line terminators
Hash 4c3e60c6d6b3c47fb0cf8eaf0dfec8a6
4d5e67bea6cd524e7e1644cec53da3dca35ae59a
945393bef95d610f6cf54d9cdfcf227af6b57014e1d5c0b0a29db29f69d93a03
GET /players/jwplayer/jwplayer.v8.custom.min.js HTTP/1.1
Host: iamcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
last-modified: Sun, 15 Dec 2019 06:16:11 GMT
etag: W/"158f8-16f083333f8"
cf-cache-status: HIT
age: 4116
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9h%2B5wO9zzIfH%2FWtifmsRR0%2FzBJHl5YPezszFbg%2BhuFjd7ZEhPE%2F6D%2FiteQ0fO0t6IUPBR1txyIL9QmGha6mkpKmUP8zBmCxRJDwk0W%2BzGyWf%2B1UIn3BQOTN0PYry"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee07902971b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=799246
185.94.236.244200 OK 1.6 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=799246
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (354), with CRLF, LF line terminators
Hash 97b04e8e3639979672706291e1dd6fa2
eec006c3255d11dfa572916eeaa78982228c6fe3
735c109b24f8bd766cf82002afb76beb6d9217c5fd9ee673abb89ac5343c7b0f
GET /adshow.php?adzone=799246 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 03:47:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=df60ef59b2b6a147231505ce69c108a4; expires=Thu, 25-Jan-2024 03:47:48 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Sat, 28-Jan-2023 03:47:48 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 28-Jan-2023 03:47:48 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
poweredby.jads.co/adshow.php?adzone=799246
185.94.236.244200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=799246
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1615), with CRLF, LF line terminators
Hash 25e97f6756913dd7bac4fad1bf73864b
22d6d7e9e9e11e354573c42323bd17abcd5f45ad
1a87022f2ff7e782bb9d2fe2a570b04d3fcc49b88ec55b0e9fc3db35c50e98a4
GET /adshow.php?adzone=799246 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 03:47:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=df60ef59b2b6a147231505ce69c108a4; expires=Thu, 25-Jan-2024 03:47:48 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Sat, 28-Jan-2023 03:47:48 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 28-Jan-2023 03:47:48 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8aa377483580ef253f4a250128342ecd
b17d4aad2f529ed305719129807995446c627ab8
bd4d6de1eaa490250a146924d6707ed4188371f0be4dcca2471db439f2ff701f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BD4D6DE1EAA490250A146924D6707ED4188371F0BE4DCCA2471DB439F2FF701F"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3603
Expires: Wed, 25 Jan 2023 04:47:51 GMT
Date: Wed, 25 Jan 2023 03:47:48 GMT
Connection: keep-alive
iamcdn.net/players/jwplayer/8.4.2/jwplayer.core.controls.html5.js
188.114.96.1200 OK 80 kB URL HTTP/2 iamcdn.net/players/jwplayer/8.4.2/jwplayer.core.controls.html5.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (65145)
Hash 28def871b242765bf8cc8b55c1ac5613
411f3e8f207700646345716edf416c1bd1bbac9b
a76a68d03304a233e7dcb6175555e4deafc296ecf6fb9b4d5d0132823029a69d
GET /players/jwplayer/8.4.2/jwplayer.core.controls.html5.js HTTP/1.1
Host: iamcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
last-modified: Sat, 20 Mar 2021 15:02:32 GMT
etag: W/"40f64-1785028c340"
cf-cache-status: HIT
age: 2798
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UNyFXnx0ETf4WGiKwVTCMyGVHmaDxPO4LewOIAiM%2BQp9J3DBAgjFtRuWwDh1v4cMCjJF7dkN67jZqNdrrw6ks%2B0kG4OflMA35Q6FEl%2FntaX4Cas%2BzGPzocuS48ar"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee07903972b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
v9qapio7vfza.n4.adsco.re/
38.132.109.186200 OK 0 B URL HTTP/1.1 v9qapio7vfza.n4.adsco.re/
IP 38.132.109.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: v9qapio7vfza.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://hdgay.net
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 03:47:48 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8aa377483580ef253f4a250128342ecd
b17d4aad2f529ed305719129807995446c627ab8
bd4d6de1eaa490250a146924d6707ed4188371f0be4dcca2471db439f2ff701f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BD4D6DE1EAA490250A146924D6707ED4188371F0BE4DCCA2471DB439F2FF701F"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21542
Expires: Wed, 25 Jan 2023 09:46:50 GMT
Date: Wed, 25 Jan 2023 03:47:48 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 0b0137d6081caaa3e74b5faab309352c
c083f0b46795f5bb223b4be07862213f63151c92
929d167103db84136f581ebed770175ff8883a9c2a07ad084f08e22fc9ecf831
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=121416
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:48 GMT
Etag: "63cfddac-116"
Expires: Thu, 26 Jan 2023 13:31:24 GMT
Last-Modified: Tue, 24 Jan 2023 13:31:24 GMT
Server: nginx
Content-Length: 278
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8aa377483580ef253f4a250128342ecd
b17d4aad2f529ed305719129807995446c627ab8
bd4d6de1eaa490250a146924d6707ed4188371f0be4dcca2471db439f2ff701f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BD4D6DE1EAA490250A146924D6707ED4188371F0BE4DCCA2471DB439F2FF701F"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21542
Expires: Wed, 25 Jan 2023 09:46:50 GMT
Date: Wed, 25 Jan 2023 03:47:48 GMT
Connection: keep-alive
player-cdn.com/js/620a9a654e0f00.js
172.67.71.153200 OK 1.9 kB URL HTTP/2 player-cdn.com/js/620a9a654e0f00.js
IP 172.67.71.153:0
File type HTML document, ASCII text, with very long lines (3843)
Hash 421b633d8b0a99ba5b6bb5fff264f286
43dda9dd20db6db1a1d435959b332efa64a8c833
64e4ef85563423f6f9907ce7ba6d30aa1153dd408852b4de81289cf5f9d7db4d
GET /js/620a9a654e0f00.js HTTP/1.1
Host: player-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/?v=05Ys-xFcI
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=5, s-maxage=60
etag: W/"110f-Yr2fXlelOrh/KfnFwVgYLNmFKh0"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Cux%2FR3PT5QH1%2BouBWwv67zAkmCTjnFPfJgvdT27RLaJ55t2DCGzp8IGbgM7AUyUZ9Fyqi6pV9Uw9bFm4zA2ALCrtNdOi4SgN63qZLpQOcBmhNPpuTsa%2FhBb%2FZFuhETG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee078f9a8d0afa-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/S_aWDyPjid8
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/S_aWDyPjid8
IP 142.250.74.131:0
Hash d8ec0af07e9760dfbb05f522b2e18c06
09cf99269c9ff5aebbc7557e0e865b485bd12f33
d9d3b52d322d8be80c649b446e0a2ca7b4558d545f8d94eedc164b753f5cb6c8
POST /s/gts1p5/S_aWDyPjid8 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
poweredby.jads.co/adshow.php?adzone=799246
185.94.236.244200 OK 1.8 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=799246
IP 185.94.236.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1615), with CRLF, LF line terminators
Hash 25e97f6756913dd7bac4fad1bf73864b
22d6d7e9e9e11e354573c42323bd17abcd5f45ad
1a87022f2ff7e782bb9d2fe2a570b04d3fcc49b88ec55b0e9fc3db35c50e98a4
GET /adshow.php?adzone=799246 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 03:47:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=df60ef59b2b6a147231505ce69c108a4; expires=Thu, 25-Jan-2024 03:47:48 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Sat, 28-Jan-2023 03:47:48 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sat, 28-Jan-2023 03:47:48 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
iamcdn.net/players/playhydrax.min.js
188.114.96.1200 OK 63 kB URL HTTP/2 iamcdn.net/players/playhydrax.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (21305), with CRLF line terminators
Hash 9e04ec4242af5d533170775173ed871c
1de99f7ce4492f3030e163f9aee697f782431e86
5a2a845d6f670f6ed3991fee868df0548e5233aad32673986ff036f3ee53121d
GET /players/playhydrax.min.js HTTP/1.1
Host: iamcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
last-modified: Tue, 06 Dec 2022 06:00:05 GMT
etag: W/"8c90-184e6051d2f"
cf-cache-status: HIT
age: 3559
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ytp7dP2mzyhpmGyWOL4ej%2FbWeWx9kas7Evmb1grCsxBVNCZvysBCg26T%2FFAlwrXdV%2BoJgIUjvkuf7KRNj8Qu%2BVR2hzSSe%2BCWF6ZDpE2dJ4l511LCW2lUwyj9rc92"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee07901963b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 0b0137d6081caaa3e74b5faab309352c
c083f0b46795f5bb223b4be07862213f63151c92
929d167103db84136f581ebed770175ff8883a9c2a07ad084f08e22fc9ecf831
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=121416
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:48 GMT
Etag: "63cfddac-116"
Expires: Thu, 26 Jan 2023 13:31:24 GMT
Last-Modified: Tue, 24 Jan 2023 13:31:24 GMT
Server: nginx
Content-Length: 278
hqq.to/player/get_player_image.php
190.115.19.71200 OK 24 kB URL HTTP/2 hqq.to/player/get_player_image.php
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash f7b1161af7b455f924719fe89ec01d3a
bf4f1dad4db874f86525c33619adb565f4a1eb01
15bea7fd860d97eec3b2b7949d3fc8be8a3c5dcb5349c321899a621835f7b4fb
POST /player/get_player_image.php HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 73
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/e/WWtZa044eFAzbUZaZ2lla1NrVS9Jdz09
Cookie: uid=c9wqo*fKHGFwruQLBrgDe3uxcZuQd_xY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:48 GMT
content-type: application/json
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
pragma: no-cache
x-file-located: temp, filename:../files/temp/video_images/8/7/1619447746be378-1.jpg
x-clickarr-add-e: 1
x-image-size: 52988
x-img-cr: j
x-origin-location: get_image
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
server: Google Frontend
x-inferno-location: player
x-inferno-limit-req: PASSED
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 78ed7b7d814d987601b30851546309b5
12a653dabfd738fef99fad2295eec55e4651bc7c
a55164c954f0255d6d360ac0fac8b4598f8e0e01ec646105eed2e9b0abf5e2bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Wed, 25 Jan 2023 03:45:20 GMT
expires: Wed, 25 Jan 2023 05:45:20 GMT
cache-control: public, max-age=7200
age: 148
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3416
Expires: Wed, 25 Jan 2023 04:44:44 GMT
Date: Wed, 25 Jan 2023 03:47:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3416
Expires: Wed, 25 Jan 2023 04:44:44 GMT
Date: Wed, 25 Jan 2023 03:47:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3325
Expires: Wed, 25 Jan 2023 04:43:13 GMT
Date: Wed, 25 Jan 2023 03:47:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3416
Expires: Wed, 25 Jan 2023 04:44:44 GMT
Date: Wed, 25 Jan 2023 03:47:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3416
Expires: Wed, 25 Jan 2023 04:44:44 GMT
Date: Wed, 25 Jan 2023 03:47:48 GMT
Connection: keep-alive
v9qapio7vfza.s4.adsco.re/
185.200.116.90200 OK 0 B URL HTTP/1.1 v9qapio7vfza.s4.adsco.re/
IP 185.200.116.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: v9qapio7vfza.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://hdgay.net
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 03:47:48 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5a487590-ad87-4af1-8dd1-f65f36af5bc9.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5a487590-ad87-4af1-8dd1-f65f36af5bc9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a65fb960c9da18a5b0b0301ebf46afbe
87ec376bfb94f098e3c116b39661bc204479300c
7811aac796f07106cdc371444964407b4b7941fe9422e239867869f5f1bf9097
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5a487590-ad87-4af1-8dd1-f65f36af5bc9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9482
x-amzn-requestid: ec84cb38-2bed-4fea-b40c-a9244a3d2784
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLQeFHn5oAMFrBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdfac0-789b23531d15da8b50e3cbe9;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:10:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AwZKaKI2B_SfNzYVjwjV8ftgVbLs6UOvvyT1eA7E4EURkwZwoDw3lg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 04:04:27 GMT
age: 85401
etag: "87ec376bfb94f098e3c116b39661bc204479300c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 805711aaab303931f8966bbf73aeda52
2bd02a45c8b407e36a41a482b121ea3e14f7c722
66268668c1a970268d75beb1b57f66a759bedac76958a3359cb23104de40fbeb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3411
x-amzn-requestid: 62afd364-e94f-45ff-ba6c-9b589fc53e5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-EyCEzrIAMFb8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8b4d9-203f51040f82f12d535446c4;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 03:11:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3Ke5d5WguVrF_Phnhu9ojzN5Md0VkYnFfxKNoh5HHrmHwPI90IAIdA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 04:49:41 GMT
age: 82687
etag: "2bd02a45c8b407e36a41a482b121ea3e14f7c722"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33050e82-3c0a-40d6-a722-e4ff96872edc.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33050e82-3c0a-40d6-a722-e4ff96872edc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bb6c1403a1d3c878c08ccaf17f8b3d0a
7596b783e0da5fba63c49374933eccffc223d729
1524dbef51237950d4a14a0e2e053fad933dd92ee0831e2de5c45513122f1d58
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33050e82-3c0a-40d6-a722-e4ff96872edc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6026
x-amzn-requestid: 4b05d7f7-783f-4a79-9eed-bbbeb53bc677
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRQ-QHmZIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d061f4-721f473c5c8dadd163ca7689;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 22:55:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uuhyzrUcYv-zqjLZvGNYsUuAhCW2vkKpEhQQKlmfSgHDtKz0jD2PNQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 23:18:31 GMT
age: 16157
etag: "7596b783e0da5fba63c49374933eccffc223d729"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe64e9465-b064-4bdc-a484-d44b0d984431.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe64e9465-b064-4bdc-a484-d44b0d984431.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dad5d5718474f528ce520a04da20ade6
95df35934a1f2baf34c3ac73bacb614a5aefda46
8053939a2720f2f68fe2a1702b2012394668578851931b8fcd071a3fb42e1d65
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe64e9465-b064-4bdc-a484-d44b0d984431.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6826
x-amzn-requestid: 2630f080-b408-42d6-8488-42ac70e26f97
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLZhNH5TIAMF9Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce093a-5999d41f3dbe67e609f183c5;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 04:12:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: n9kXsl4AGQLIyNvDQXtwnxI0PRQ29UPLaCz-h3pCJ9f-7alcj3W6UQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 22:24:29 GMT
etag: "95df35934a1f2baf34c3ac73bacb614a5aefda46"
content-type: image/jpeg
age: 19399
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42c8799a-4bfb-409b-9789-78388344ffa6.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42c8799a-4bfb-409b-9789-78388344ffa6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd550f762800dcbbd86f599c1283050b
f003c2a8a841d70c0c77d28362aa855e5c4826ae
f5d669beac28d5dd73b7850b601b965d41a6192d8dc226c65a2eb85bdb5b77e5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42c8799a-4bfb-409b-9789-78388344ffa6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7266
x-amzn-requestid: 97a4233c-38fc-461a-afb5-d89b3f25681b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fFHVkGsmIAMFqEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb85bd-634989b11d1b5c7b0e047f57;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 06:27:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cgsCHmWkKtiMLK9_i-TqXW4dQB2AFgdkZ-U3-5Mpr7YcStQIpAaiGw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 08:57:59 GMT
age: 67789
etag: "f003c2a8a841d70c0c77d28362aa855e5c4826ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
player-cdn.com/js/335bb04952457e66b2e901a817cc3071.js
172.67.71.153200 OK 9.9 kB URL HTTP/2 player-cdn.com/js/335bb04952457e66b2e901a817cc3071.js
IP 172.67.71.153:0
File type Unicode text, UTF-8 text, with very long lines (4077), with no line terminators
Hash 8804977c5193f814135952dab52dfebc
c42ac7112c151191863df0780011f0286fef4ece
9cad64fb58e40f22eb019d0fc76468a36aea1298d878d89bd7fc5d7e9ab900a3
GET /js/335bb04952457e66b2e901a817cc3071.js HTTP/1.1
Host: player-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/?v=05Ys-xFcI
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=5, s-maxage=1800
etag: W/"1921-jVUFr6hHVZgyv0HVQWymxwoahks"
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y4g1OsLX2niYNZB%2F%2BGMGrtq9%2FVZtsSxdUGPm2yc8Hs6HsPFyBZ7FruR6FjmhocOGdSbL4YRbwmylcgb8b%2BB0eVwtgaRZHp%2B%2FLaebd1%2BtIi9uX6jvDN7lETOHRIUHEy1b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee078f9a8e0afa-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 78ed7b7d814d987601b30851546309b5
12a653dabfd738fef99fad2295eec55e4651bc7c
a55164c954f0255d6d360ac0fac8b4598f8e0e01ec646105eed2e9b0abf5e2bd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 03:47:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash b587c309ca72869162c9d00b3b083714
37b3fd1e08d0f48df5af4dccc784a2bd9c8903f0
b6b61f21c3a6968cb492b9058bbbcf36a8f4786b66b5400cb934ee642c9257a7
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 03:47:52 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 21 Jan 2023 21:23:11 GMT
Expires: Sat, 28 Jan 2023 21:23:10 GMT
Etag: "37b3fd1e08d0f48df5af4dccc784a2bd9c8903f0"
Cache-Control: max-age=321917,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78ee07aace71b4ee-OSL
intelligenceadx.com/iGpVjf.html?_=BQFiAAAAAAAACZUAAqNLSo7EX3B2uhRr8Lrm6OFiUpt9JgpKNF6iiXkAFp4tJpJCdMvPI0eUxag4wIwfoNMBHzAU77fX0K0r03ckCGpBDiMv9OWervPqosJjrL4M6CewgZRT-fB1UvN0zprG0uPPVTYak9VIGqL0nqNhfmhkIQOYXoMn8V6tgjQkkT05c3DlB6m3j08BqN2H14oT4Yo5iXcFF0g1fGArdUk76j6Q41VCE6MUKqw2qTRunIi-n3LLgQWDoAydNTCP-fxRKmsk5nfQ4OPI1c2JujcZFF3vzTVDcaFCm0mjZWnsgs0v5ibjkZdhT5y3WwXEtYHoo8MdJzwQrEYd1x9psQ-ysBWKPCn4N9B7ccMq3FxZX0gf1TrVWTXRwzKi3dJJHRYe7TV2eaaO1ADtIms7y-KvUlSxNAacDWT_ZXDoqbstXajfInrqeYFMLwmzoRu6mH4vF_BoxQZqQ9kiPiPAeYSbe5Y&v=4&DwBSdbGJ=4619607&minBid=&rPJRWMVf=0,0&TsgZzNtv=&HAZazblV=&s=1280,1024,1,1280,1024,0
208.95.114.100200 OK 95 B URL HTTP/2 intelligenceadx.com/iGpVjf.html?_=BQFiAAAAAAAACZUAAqNLSo7EX3B2uhRr8Lrm6OFiUpt9JgpKNF6iiXkAFp4tJpJCdMvPI0eUxag4wIwfoNMBHzAU77fX0K0r03ckCGpBDiMv9OWervPqosJjrL4M6CewgZRT-fB1UvN0zprG0uPPVTYak9VIGqL0nqNhfmhkIQOYXoMn8V6tgjQkkT05c3DlB6m3j08BqN2H14oT4Yo5iXcFF0g1fGArdUk76j6Q41VCE6MUKqw2qTRunIi-n3LLgQWDoAydNTCP-fxRKmsk5nfQ4OPI1c2JujcZFF3vzTVDcaFCm0mjZWnsgs0v5ibjkZdhT5y3WwXEtYHoo8MdJzwQrEYd1x9psQ-ysBWKPCn4N9B7ccMq3FxZX0gf1TrVWTXRwzKi3dJJHRYe7TV2eaaO1ADtIms7y-KvUlSxNAacDWT_ZXDoqbstXajfInrqeYFMLwmzoRu6mH4vF_BoxQZqQ9kiPiPAeYSbe5Y&v=4&DwBSdbGJ=4619607&minBid=&rPJRWMVf=0,0&TsgZzNtv=&HAZazblV=&s=1280,1024,1,1280,1024,0
IP 208.95.114.100:0
Hash a0ae1ba8d35511fee2b98129fc3682ef
16601e877858f26fd740aec582c691669cda8f3f
d380e1562e8558a7217a134901ac751fd78542f890b2962d16791776a94eed44
GET /iGpVjf.html?_=BQFiAAAAAAAACZUAAqNLSo7EX3B2uhRr8Lrm6OFiUpt9JgpKNF6iiXkAFp4tJpJCdMvPI0eUxag4wIwfoNMBHzAU77fX0K0r03ckCGpBDiMv9OWervPqosJjrL4M6CewgZRT-fB1UvN0zprG0uPPVTYak9VIGqL0nqNhfmhkIQOYXoMn8V6tgjQkkT05c3DlB6m3j08BqN2H14oT4Yo5iXcFF0g1fGArdUk76j6Q41VCE6MUKqw2qTRunIi-n3LLgQWDoAydNTCP-fxRKmsk5nfQ4OPI1c2JujcZFF3vzTVDcaFCm0mjZWnsgs0v5ibjkZdhT5y3WwXEtYHoo8MdJzwQrEYd1x9psQ-ysBWKPCn4N9B7ccMq3FxZX0gf1TrVWTXRwzKi3dJJHRYe7TV2eaaO1ADtIms7y-KvUlSxNAacDWT_ZXDoqbstXajfInrqeYFMLwmzoRu6mH4vF_BoxQZqQ9kiPiPAeYSbe5Y&v=4&DwBSdbGJ=4619607&minBid=&rPJRWMVf=0,0&TsgZzNtv=&HAZazblV=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: intelligenceadx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Wed, 25 Jan 2023 03:47:52 GMT
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
151.101.130.133200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 151.101.130.133:0
Hash cfb3a7f93d14e08351dfbc9e5310454d
d402bf3483981a1ab3bb358613769a49b42be12c
5bc80a2a4cd81c101ba9d0e2406c770be80ca1599547ccc904d7309db5e174b9
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 939
Server: nginx
Content-Type: application/ocsp-response
Expires: Sun, 29 Jan 2023 01:25:29 GMT
ETag: "d402bf3483981a1ab3bb358613769a49b42be12c"
Last-Modified: Wed, 25 Jan 2023 01:25:30 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 25 Jan 2023 03:47:53 GMT
Age: 1264
X-Served-By: cache-qpg1244-QPG, cache-bma1639-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 4, 118
X-Timer: S1674618473.071689,VS0,VE0
ocsp2.globalsign.com/gsalphasha2g2
151.101.130.133200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 151.101.130.133:0
Hash 855ef36f0e7938197d404b22d232e47b
9bd1d3df7a93870bf06739e6af8af3a0ce95091a
a6dab38ffc578634a5b6076ec1ffbb6b26bedf0759bd2657d2c9ac4d2c0ff4ca
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1423
Server: nginx
Content-Type: application/ocsp-response
Expires: Sun, 29 Jan 2023 02:57:37 GMT
ETag: "9bd1d3df7a93870bf06739e6af8af3a0ce95091a"
Last-Modified: Wed, 25 Jan 2023 02:57:38 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 25 Jan 2023 03:47:53 GMT
Age: 3015
X-Served-By: cache-qpg1269-QPG, cache-bma1641-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 141
X-Timer: S1674618473.096520,VS0,VE0
hqq.to/js/video.counters.2.js?117
190.115.19.71200 OK 500 B URL HTTP/2 hqq.to/js/video.counters.2.js?117
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 524f88561af05561bf236a24a731dc95
a0bd0b5a1ad8efbb688ca19c4fb29993fe5f2b10
0e232e115ffdd3bdb6dd406eba4c992ca235e4e0bb7ef40bccb3a9db39796611
GET /js/video.counters.2.js?117 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/WWtZa044eFAzbUZaZ2lla1NrVS9Jdz09
Cookie: uid=c9wqo*fKHGFwruQLBrgDe3uxcZuQd_xY
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:52 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 06 Feb 2022 19:35:56 GMT
etag: W/"6200231c-2b8"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
server: Google Frontend
x-cache-status-inferno-s: HIT
x-inferno-location: static
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/tag.js
77.88.21.119200 OK 74 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 77.88.21.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash de9c4346801ea3636fb506b54c394b32
f998f9464013582483778132d544fbd106c6d9a1
c9a9f4cbaaf63148dbafd70126d101548d61884ac369c0b35b0e4efa244a9670
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73853
date: Wed, 25 Jan 2023 03:47:53 GMT
access-control-allow-origin: *
etag: "63c93a4b-1207d"
expires: Wed, 25 Jan 2023 04:47:53 GMT
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: application/javascript
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 25 Jan 2023 03:47:53 GMT
access-control-allow-origin: *
etag: "63c93a4b-2b"
expires: Wed, 25 Jan 2023 04:47:53 GMT
accept-ranges: bytes
last-modified: Thu, 19 Jan 2023 15:40:43 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
cdn.apicdn87.xyz/12049087/65663961/65536/3
188.114.97.1200 OK 0 B URL HTTP/2 cdn.apicdn87.xyz/12049087/65663961/65536/3
IP 188.114.97.1:0
GET /12049087/65663961/65536/3 HTTP/1.1
Host: cdn.apicdn87.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://player-cdn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:48 GMT
content-type: text/html; charset="utf-8"
cache-control: public, max-age=2592000, stale-if-error=604800
access-control-allow-headers: *
access-control-allow-origin: https://player-cdn.com
cf-cache-status: MISS
last-modified: Wed, 25 Jan 2023 03:47:48 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KssYKYe390rINpPTg2Xyr57B1%2Bi6yvH1laj%2BxNt0SeI05VRSgcl%2F4T6iW4i7N1eumE%2FQU%2BYYsgyq2FW%2Bx93%2Bk7tjZTwPUmLSh0w%2BCqclrsC9%2BNXXfPhVSu%2F5wOOYlo0Pg5Hv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee079368a3b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
104.16.123.175200 OK 0 B URL HTTP/2 unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
IP 104.16.123.175:0
GET /progressbar.js@1.1.0/dist/progressbar.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7315-VGu3QlAvqjb4wruVTC8CgYdmBAQ"
via: 1.1 fly.io
fly-request-id: 01F3YGTHVETVB9B7TG2TW5GR8F
cf-cache-status: HIT
age: 23929231
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78ee078e4cbe0b45-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.apicdn87.xyz/12049087/65663961/65536/0
188.114.97.1200 OK 0 B URL HTTP/2 cdn.apicdn87.xyz/12049087/65663961/65536/0
IP 188.114.97.1:0
GET /12049087/65663961/65536/0 HTTP/1.1
Host: cdn.apicdn87.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://player-cdn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:48 GMT
content-type: text/html; charset="utf-8"
cache-control: public, max-age=2592000, stale-if-error=604800
access-control-allow-headers: *
access-control-allow-origin: https://player-cdn.com
cf-cache-status: MISS
last-modified: Wed, 25 Jan 2023 03:47:48 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q309q1vX5cfXcheR1ZZo2gNrMZMtxcl%2BTUEgdKospgiaDrs%2F%2FOKWGEK5dylOKpQygw0ur%2FCyhZcDB80mK93UM7sU4YdKpETQjkHYqLxH3AAHhP9JaGg3nOj1Ae9SrgLK1zwR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee079378a8b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rxeosevsso.com/lv/esnk/1871912/code.js
62.122.171.6200 OK 0 B URL HTTP/2 rxeosevsso.com/lv/esnk/1871912/code.js
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /lv/esnk/1871912/code.js HTTP/1.1
Host: rxeosevsso.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 03:47:46 GMT
content-type: application/javascript
last-modified: Fri, 20 Jan 2023 10:39:19 GMT
vary: Accept-Encoding
etag: W/"63ca6f57-1a5e2"
x-js-ab1: var12
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
iamcdn.net/players/jwplayer/8.4.2/plugins/related.js
188.114.96.1200 OK 0 B URL HTTP/2 iamcdn.net/players/jwplayer/8.4.2/plugins/related.js
IP 188.114.96.1:0
GET /players/jwplayer/8.4.2/plugins/related.js HTTP/1.1
Host: iamcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
last-modified: Sat, 28 Jul 2018 18:41:44 GMT
etag: W/"15b55-164e2324a40"
cf-cache-status: HIT
age: 4116
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7afoutUwS1%2FoRZPCDtTv4OktI0kq%2BPcHrDUXx9JCoPuvGWx6ZYL4MyvIfOnl7AxOUE53QWW%2BjCGFk2LIllAF3ZTWwy0%2F3H2hNxwTPx4ixkBA4YaiHm9T%2BiG%2Bng9G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee07901962b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/js/script-2.12.5.js
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/js/script-2.12.5.js
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /js/script-2.12.5.js HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/WWtZa044eFAzbUZaZ2lla1NrVS9Jdz09
Cookie: uid=c9wqo*fKHGFwruQLBrgDe3uxcZuQd_xY
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 01 Dec 2020 19:28:37 GMT
etag: W/"5fc69965-4cb8"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
server: Google Frontend
x-cache-status-inferno-s: HIT
x-inferno-location: static
X-Firefox-Spdy: h2
player-cdn.com/?v=05Ys-xFcI
172.67.71.153200 OK 0 B URL HTTP/2 player-cdn.com/?v=05Ys-xFcI
IP 172.67.71.153:0
GET /?v=05Ys-xFcI HTTP/1.1
Host: player-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hdgay.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=5, s-maxage=604800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kDySTGFTSgmjEpgo1aB%2FVtjEODsm6WE67VUpZskq22mxI648Bm7ckT4nIUPw%2Bn%2FV4vEPyMZKGN68zLSNDddm3L%2F4tCLRf5tCOwCD5gCZvH3ey7kS%2Fd2%2F6ij4tgRJn50o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee078c89a60afa-OSL
content-encoding: br
X-Firefox-Spdy: h2
c.adsco.re/
104.17.167.186200 OK 0 B IP 104.17.167.186:0
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Sat, 25 Feb 2023 03:47:47 GMT
etag: W/"xkCBFtC0Wl/JiS60JFipuQ=="
cf-cache-status: HIT
age: 2008428
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee078db894b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rxeosevsso.com/get/1871912?zoneid=1871912&jp=_clxjc1g3iuejme0mnznk8j&nojs=0&ix=0&abvar=12&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=3768922492975708
62.122.171.6200 OK 0 B URL HTTP/2 rxeosevsso.com/get/1871912?zoneid=1871912&jp=_clxjc1g3iuejme0mnznk8j&nojs=0&ix=0&abvar=12&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=3768922492975708
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1871912?zoneid=1871912&jp=_clxjc1g3iuejme0mnznk8j&nojs=0&ix=0&abvar=12&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=3768922492975708 HTTP/1.1
Host: rxeosevsso.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 03:47:46 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2301242247ec71ab5bdf624c61b8c9379f79; Path=/; Expires=Thu, 25 Jan 2024 03:47:46 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
www.intelligenceadx.com/l20n.min.js
185.76.9.15200 OK 0 B URL HTTP/2 www.intelligenceadx.com/l20n.min.js
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
GET /l20n.min.js HTTP/1.1
Host: www.intelligenceadx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hdgay.net
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/x-javascript
alt-svc: quic="185.76.9.13:443"; ma=2592000; v="44,43,39"
expires: Sat, 28 Jan 2023 04:16:52 GMT
access-control-allow-origin: *
link: <https://intelligenceadx.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-accel-expires: @1674879412
server: CDN77-Turbo
x-77-nzt: AblMCQ37Ugb/Lz8FAA
x-77-nzt-ray: c0a4cc28dd78e98563a6d063190eee00
x-cache: HIT
x-age: 343855
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
104.16.123.175200 OK 0 B URL HTTP/2 unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
IP 104.16.123.175:0
GET /jquery.cookie@1.4.1/jquery.cookie.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sun, 27 Apr 2014 20:04:54 GMT
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
via: 1.1 fly.io
fly-request-id: 01G75513388K1MR4R8RW1AYXTV-fra
cf-cache-status: HIT
age: 17661968
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78ee078ddcaf0b45-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.apicdn87.xyz/12049087/65663961/65536/2
188.114.97.1200 OK 0 B URL HTTP/2 cdn.apicdn87.xyz/12049087/65663961/65536/2
IP 188.114.97.1:0
GET /12049087/65663961/65536/2 HTTP/1.1
Host: cdn.apicdn87.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://player-cdn.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:48 GMT
content-type: text/html; charset="utf-8"
cache-control: public, max-age=2592000, stale-if-error=604800
access-control-allow-headers: *
access-control-allow-origin: https://player-cdn.com
cf-cache-status: MISS
last-modified: Wed, 25 Jan 2023 03:47:48 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vJQmUuxOMcCUdcqqEpYrFZMlgo0h%2F5NFRi7D3O%2F60vYdhX4WNkYfPlgLlZ3Bvg%2BzQ3fLzXG2xTr4vUd6adSIzg9v2BnFQzz%2BTTncdreOtncf7qKApUEUoRJfdLJt%2FvVG8DzP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee07944901b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
godpvqnszo.com/aas/r45d/vki/1836670/9b58627f.js
62.122.171.6200 OK 0 B URL HTTP/2 godpvqnszo.com/aas/r45d/vki/1836670/9b58627f.js
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /aas/r45d/vki/1836670/9b58627f.js HTTP/1.1
Host: godpvqnszo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 03:47:46 GMT
content-type: application/javascript
last-modified: Fri, 20 Jan 2023 10:41:00 GMT
vary: Accept-Encoding
etag: W/"63ca6fbc-12d43"
x-js-ab1: var13
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
hqq.to/e/WWtZa044eFAzbUZaZ2lla1NrVS9Jdz09
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/e/WWtZa044eFAzbUZaZ2lla1NrVS9Jdz09
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /e/WWtZa044eFAzbUZaZ2lla1NrVS9Jdz09 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:46 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//hqq.to>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//signal.netu.tv>; rel=dns-prefetch; crossorigin,<//wss.commentsengine.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//deliver.vkcdnservice.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
pragma: no-cache
x-origin-location: player
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
content-encoding: gzip
server: Google Frontend
x-cache-status-inferno: MISS
x-inferno-location: player
x-inferno-limit-req: PASSED
X-Firefox-Spdy: h2
hqq.to/styles/global/embed_player.3.css?130
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/styles/global/embed_player.3.css?130
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /styles/global/embed_player.3.css?130 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/WWtZa044eFAzbUZaZ2lla1NrVS9Jdz09
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:46 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 09 Dec 2020 22:16:37 GMT
etag: W/"5fd14cc5-1701"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
server: Google Frontend
x-cache-status-inferno-s: HIT
x-inferno-location: static
X-Firefox-Spdy: h2
testingmetriksbre.ru/netu.php
172.67.204.243200 OK 0 B URL HTTP/2 testingmetriksbre.ru/netu.php
IP 172.67.204.243:0
GET /netu.php HTTP/1.1
Host: testingmetriksbre.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mFoxPPPYzM8Gio%2F8pjFhfAgwuQDx15OFAE6S%2FsnZuM71lAItLst%2BIR%2FOjMUzidh03LcqejPwjwvKsDVAQg52FHeyAJ9eI3MgQF76zHyDRzhdts%2Biy0AR%2F8q2s6cEtdtM5pkM0C%2F5xw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ee078e3f34b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
player-cdn.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1674604800
172.67.71.153200 OK 0 B URL HTTP/2 player-cdn.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1674604800
IP 172.67.71.153:0
GET /cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1674604800 HTTP/1.1
Host: player-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:48 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
vary: accept-encoding
x-control-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ps40NNivb9VhzTP9YhdsIhmJ3VIx70ged5iZX04aW585yoxdFFFec%2BDM8U5yQAtbbN0h6sBnm%2BBiY1U1Itys2U70cK%2BHKoCUQXaRsvAUtVgdOMJsq5zxuWHQme7%2F8bqH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ee07925b410afa-OSL
content-encoding: br
X-Firefox-Spdy: h2
player-cdn.com/js/335bb04952457e66b2.js
172.67.71.153200 OK 0 B URL HTTP/2 player-cdn.com/js/335bb04952457e66b2.js
IP 172.67.71.153:0
GET /js/335bb04952457e66b2.js HTTP/1.1
Host: player-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/?v=05Ys-xFcI
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=5, s-maxage=3600
etag: W/"7f07-GjJgC85Z/I+DT9UPmkE+AvX+Yo8"
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G%2FQxA2yDhn9WDIPSdNF2j%2BQZwz3lJczD%2BJJ3JeJcC63fEne54JtqSbQlnbuvFDpNaHvO8kkScxVdEn5r8JSB7GqJ340FZ6GK%2FOtkxaKDXdnsT0YTKYSNzY6GxOUrs%2F16"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee078f9a8f0afa-OSL
content-encoding: br
X-Firefox-Spdy: h2
player-cdn.com/cdn-cgi/trace
172.67.71.153200 OK 0 B URL HTTP/2 player-cdn.com/cdn-cgi/trace
IP 172.67.71.153:0
GET /cdn-cgi/trace HTTP/1.1
Host: player-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://player-cdn.com/?v=05Ys-xFcI
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:48 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 78ee07928b550afa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
hdgay.net/2021/10/enthusiastic-butt-i/
188.114.97.1200 OK 0 B URL HTTP/2 hdgay.net/2021/10/enthusiastic-butt-i/
IP 188.114.97.1:0
GET /2021/10/enthusiastic-butt-i/ HTTP/1.1
Host: hdgay.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:46 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding
last-modified: Wed, 25 Jan 2023 03:47:06 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RiJ2kcZ23XjVn8OLL1vNd%2FlCfI5UVzhFvRaQmI%2Bsqm0y44OXvkFp2ey5m0jNa4W6MLi%2B7Apke9wuBsyFuyem0udYgn5dXdSqWo%2FCQald%2FvDjkU3L6JcjeOh2mqk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ee07870f93fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
godpvqnszo.com/get/1836670?zoneid=1836670&jp=_clffr8vq7wp1nin15p5wnu&nojs=0&ix=0&abvar=13&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=1517122679302783
62.122.171.6200 OK 0 B URL HTTP/2 godpvqnszo.com/get/1836670?zoneid=1836670&jp=_clffr8vq7wp1nin15p5wnu&nojs=0&ix=0&abvar=13&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=1517122679302783
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1836670?zoneid=1836670&jp=_clffr8vq7wp1nin15p5wnu&nojs=0&ix=0&abvar=13&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=1517122679302783 HTTP/1.1
Host: godpvqnszo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdgay.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=230124224721803d0e6f1d474598c8cf7526; Path=/; Expires=Thu, 25 Jan 2024 03:47:47 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
hqq.to/js/websocket_ip.min.js
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/js/websocket_ip.min.js
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /js/websocket_ip.min.js HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/WWtZa044eFAzbUZaZ2lla1NrVS9Jdz09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:46 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Fri, 20 Jan 2023 13:44:36 GMT
etag: W/"63ca9ac4-121c"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: gzip
server: Google Frontend
x-cache-status-inferno-s: HIT
x-inferno-location: static
X-Firefox-Spdy: h2
iamcdn.net/players/jwplayer/8.4.2/jwpsrv.js
188.114.96.1200 OK 0 B URL HTTP/2 iamcdn.net/players/jwplayer/8.4.2/jwpsrv.js
IP 188.114.96.1:0
GET /players/jwplayer/8.4.2/jwpsrv.js HTTP/1.1
Host: iamcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://player-cdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
last-modified: Thu, 02 Apr 2020 05:44:19 GMT
etag: W/"a5f1-171396b3338"
cf-cache-status: HIT
age: 905
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTsqLTDaLv7Po16gQxSqLHIwZWR194oEoQRaJTKDpxNL273BZtTVsL55Cbz5q%2BttS1tklDH5VrFuto52hkhEdqajVfbmVGhwx4CIyTxLDQ0IObcHLbNWEHXSJ9KK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ee0790296db521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unpkg.com/jquery@2.2.4/dist/jquery.min.js
104.16.123.175200 OK 0 B URL HTTP/2 unpkg.com/jquery@2.2.4/dist/jquery.min.js
IP 104.16.123.175:0
GET /jquery@2.2.4/dist/jquery.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 03:47:47 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Fri, 20 May 2016 17:24:42 GMT
etag: W/"14e4a-abtp4lyn1e8JNTF1hOYVPz/ZqIw"
via: 1.1 fly.io
fly-request-id: 01G754SVY4BFC19MXYRYRMED91-fra
cf-cache-status: HIT
age: 17661968
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78ee078e3cbc0b45-OSL
content-encoding: br
X-Firefox-Spdy: h2