urlscan.io logo urlscan.io
SecurityTrails logo

zkltm.qzgxqt.com Open in urlscan Pro
185.56.234.205  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://grooveinvestments.com/
Effective URL: https://zkltm.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=trac...
Submission: On August 03 via manual from IN — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 5 countries across 9 domains to perform 57 HTTP transactions. The main IP is 185.56.234.205, located in Netherlands and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is zkltm.qzgxqt.com.
TLS certificate: Issued by R3 on June 16th 2023. Valid for: 3 months.
This is the only time zkltm.qzgxqt.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 20 54.38.179.64 16276 (OVH)
1 3 2.59.222.122 209155 (ONEHOSTPL...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2.59.222.119 209155 (ONEHOSTPL...)
8 2a00:1450:400... 15169 (GOOGLE)
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
10 185.56.234.205 39572 (ADVANCEDH...)
1 2a02:b4a:1:7:... 39572 (ADVANCEDH...)
11 2606:4700:303... 13335 (CLOUDFLAR...)
57 9
20    54.38.179.64 (France)

ASN16276 (OVH, FR)
PTR: ns3115837.ip-54-38-179.eu
grooveinvestments.com
3    2.59.222.122 (Kyiv, Ukraine)

ASN209155 (ONEHOSTPLANET, CZ)
stay.linestoget.com
go.linestoget.com
2    2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2.59.222.119 (Kyiv, Ukraine)

ASN209155 (ONEHOSTPLANET, CZ)
get.linestoget.com
8    2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
cqwajn.com
10    185.56.234.205 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
qzgxqt.com
ht539.qzgxqt.com
y7h9l.qzgxqt.com
tl6ci.qzgxqt.com
6fpln.qzgxqt.com
shai9.qzgxqt.com
ie3qh.qzgxqt.com
h2gta.qzgxqt.com
bkhlp.qzgxqt.com
zkltm.qzgxqt.com
1    2a02:b4a:1:7::9166:1 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
bcuiaw.com
11    2606:4700:3035::ac43:924a (United States)

ASN13335 (CLOUDFLARENET, US)
ulmoyc.com
Apex Domain
Subdomains		 Transfer
20 grooveinvestments.com
grooveinvestments.com
1 MB
11 ulmoyc.com
ulmoyc.com — Cisco Umbrella Rank: 38947
52 KB
10 qzgxqt.com
qzgxqt.com — Cisco Umbrella Rank: 606476
ht539.qzgxqt.com
y7h9l.qzgxqt.com
tl6ci.qzgxqt.com
6fpln.qzgxqt.com
shai9.qzgxqt.com
ie3qh.qzgxqt.com
h2gta.qzgxqt.com
bkhlp.qzgxqt.com
zkltm.qzgxqt.com
129 KB
8 gstatic.com
fonts.gstatic.com
147 KB
4 linestoget.com
stay.linestoget.com — Cisco Umbrella Rank: 498382
get.linestoget.com — Cisco Umbrella Rank: 630724
go.linestoget.com — Cisco Umbrella Rank: 648364 Failed
3 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 79
3 KB
1 bcuiaw.com
bcuiaw.com
101 B
1 cqwajn.com
cqwajn.com — Cisco Umbrella Rank: 249438 Failed
544 B
0 ecrwqu.com Failed
ecrwqu.com Failed
57 9
Domain Requested by
20 grooveinvestments.com 1 redirects grooveinvestments.com
11 ulmoyc.com qzgxqt.com
ulmoyc.com
ht539.qzgxqt.com
y7h9l.qzgxqt.com
tl6ci.qzgxqt.com
6fpln.qzgxqt.com
shai9.qzgxqt.com
ie3qh.qzgxqt.com
h2gta.qzgxqt.com
bkhlp.qzgxqt.com
zkltm.qzgxqt.com
8 fonts.gstatic.com fonts.googleapis.com
2 go.linestoget.com get.linestoget.com
2 fonts.googleapis.com grooveinvestments.com
1 zkltm.qzgxqt.com bkhlp.qzgxqt.com
1 bkhlp.qzgxqt.com h2gta.qzgxqt.com
1 h2gta.qzgxqt.com ie3qh.qzgxqt.com
1 ie3qh.qzgxqt.com shai9.qzgxqt.com
1 shai9.qzgxqt.com 6fpln.qzgxqt.com
1 6fpln.qzgxqt.com tl6ci.qzgxqt.com
1 tl6ci.qzgxqt.com y7h9l.qzgxqt.com
1 y7h9l.qzgxqt.com ht539.qzgxqt.com
1 ht539.qzgxqt.com qzgxqt.com
1 bcuiaw.com qzgxqt.com
1 qzgxqt.com go.linestoget.com
1 cqwajn.com go.linestoget.com
1 get.linestoget.com stay.linestoget.com
1 stay.linestoget.com grooveinvestments.com
0 ecrwqu.com Failed zkltm.qzgxqt.com
57 20

This site contains no links.

Subject Issuer Validity Valid
grooveinvestments.com
cPanel, Inc. Certification Authority		 2023-05-24 -
2023-08-22		 3 months crt.sh
stay.linestoget.com
R3		 2023-07-13 -
2023-10-11		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-07-10 -
2023-10-02		 3 months crt.sh
get.linestoget.com
R3		 2023-07-14 -
2023-10-12		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-07-10 -
2023-10-02		 3 months crt.sh
go.linestoget.com
R3		 2023-07-14 -
2023-10-12		 3 months crt.sh
qzgxqt.com
R3		 2023-06-16 -
2023-09-14		 3 months crt.sh
bcuiaw.com
R3		 2023-07-31 -
2023-10-29		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-01-29 -
2024-01-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://zkltm.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=9
Frame ID: 31188D7FACD4FDE5B9DAC68F10926D8F
Requests: 57 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Checking your browser

Page URL History Show full URLs

  1. http://grooveinvestments.com/ HTTP 301
    https://grooveinvestments.com/ Page URL
  2. https://go.linestoget.com/final.php?id=7457648&sid=34257&lid=576586 HTTP 302
    https://go.linestoget.com/go.php?id=776&gid=5578775564 Page URL
  3. https://cqwajn.com/gosl/InNpZCI6MTI0ODg5MSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=tr... HTTP 302
    https://qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNy... Page URL
  4. https://ht539.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNy... Page URL
  5. https://y7h9l.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNy... Page URL
  6. https://tl6ci.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNy... Page URL
  7. https://6fpln.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNy... Page URL
  8. https://shai9.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNy... Page URL
  9. https://ie3qh.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNy... Page URL
  10. https://h2gta.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNy... Page URL
  11. https://bkhlp.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNy... Page URL
  12. https://zkltm.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNy... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
  • wp-embed\.min\.js\?ver=([\d.]+)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

57
Requests

95 %
HTTPS

56 %
IPv6

9
Domains

20
Subdomains

9
IPs

5
Countries

1384 kB
Transfer

2979 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://grooveinvestments.com/ HTTP 301
    https://grooveinvestments.com/ Page URL
  2. https://go.linestoget.com/final.php?id=7457648&sid=34257&lid=576586 HTTP 302
    https://go.linestoget.com/go.php?id=776&gid=5578775564 Page URL
  3. https://cqwajn.com/gosl/InNpZCI6MTI0ODg5MSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=tracy&si2=garrygoon HTTP 302
    https://qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon Page URL
  4. https://ht539.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=1 Page URL
  5. https://y7h9l.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=2 Page URL
  6. https://tl6ci.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=3 Page URL
  7. https://6fpln.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=4 Page URL
  8. https://shai9.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=5 Page URL
  9. https://ie3qh.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=6 Page URL
  10. https://h2gta.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=7 Page URL
  11. https://bkhlp.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=8 Page URL
  12. https://zkltm.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=9 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://grooveinvestments.com/ HTTP 301
  • https://grooveinvestments.com/
Request Chain 32
  • https://go.linestoget.com/final.php?id=7457648&sid=34257&lid=576586 HTTP 302
  • https://go.linestoget.com/go.php?id=776&gid=5578775564
Request Chain 34
  • https://cqwajn.com/gosl/InNpZCI6MTI0ODg5MSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=tracy&si2=garrygoon HTTP 302
  • https://qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon

57 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
grooveinvestments.com/
Redirect Chain
  • http://grooveinvestments.com/
  • https://grooveinvestments.com/
43 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
99607aabc224e591735a87e2c411e92e8aad47cf37bcaa8cdd79d563c4a00119

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 03 Aug 2023 03:54:56 GMT
Keep-Alive
timeout=5, max=100
Link
<https://grooveinvestments.com/wp-json/>; rel="https://api.w.org/", <https://grooveinvestments.com/wp-json/wp/v2/pages/70>; rel="alternate"; type="application/json", <https://grooveinvestments.com/>; rel=shortlink
Server
Apache
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 03 Aug 2023 03:54:53 GMT
Keep-Alive
timeout=5, max=100
Location
https://grooveinvestments.com/
Server
Apache
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Redirect-By
WordPress
get.js
stay.linestoget.com/scripts/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stay.linestoget.com/scripts/get.js?ver=4.2.1
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.59.222.122 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),
Reverse DNS
Software
nginx /
Resource Hash
53efebc5ac99521dc5b64f1eab51dcdab7bf5d89d999d194bd180502c129a7a1
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:54:58 GMT
strict-transport-security
max-age=15768000;
content-encoding
gzip
last-modified
Tue, 01 Aug 2023 06:05:21 GMT
server
nginx
etag
W/"64c8a0a1-db9"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.min.css
grooveinvestments.com/wp-includes/css/dist/block-library/ 		53 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://grooveinvestments.com/wp-includes/css/dist/block-library/style.min.css?ver=5.5.12
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:57 GMT
Content-Encoding
br
Last-Modified
Wed, 02 Sep 2020 03:34:17 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
7456
css
fonts.googleapis.com/ 		29 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
61eeaf3752ec4a775d833ab1ffe79787a750f59cb9c2933aad9cc276a36eb5fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 03 Aug 2023 03:54:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 03 Aug 2023 03:32:18 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 03 Aug 2023 03:54:57 GMT
style.css
grooveinvestments.com/wp-content/themes/Divi/ 		776 KB
72 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://grooveinvestments.com/wp-content/themes/Divi/style.css?ver=4.6.0
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
55b20ad86e6c37af51b2a59c083dcddb573af13825a307b6bfec55c2c7f4b757

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:57 GMT
Content-Encoding
br
Last-Modified
Sun, 30 Aug 2020 08:39:03 GMT
Server
Apache
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
css
fonts.googleapis.com/ 		41 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPlayfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic%7CSaira+Extra+Condensed%3A100%2C200%2C300%2Cregular%2C500%2C600%2C700%2C800%2C900&subset=latin%2Clatin-ext&display=swap&ver=5.5.12
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2ed95e3bc506faa4f0edce03f28d083446878a2c259ec5b0f816c9f5238e82a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 03 Aug 2023 03:54:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 03 Aug 2023 03:54:57 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 03 Aug 2023 03:54:57 GMT
dashicons.min.css
grooveinvestments.com/wp-includes/css/ 		58 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://grooveinvestments.com/wp-includes/css/dashicons.min.css?ver=5.5.12
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
b7203ef7f18e8e70e9991515982b3bbd43524cf048e9591b7aab1e80db938774

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:57 GMT
Content-Encoding
br
Last-Modified
Thu, 13 May 2021 02:01:11 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
35105
jquery.js
grooveinvestments.com/wp-includes/js/jquery/ 		96 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://grooveinvestments.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
a2009bbd65147d0d9ed8c72fdbb420f2432fe3f696e888d84f2e972b92871a73

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:57 GMT
Content-Encoding
br
Last-Modified
Fri, 26 May 2023 08:21:42 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
33585
es6-promise.auto.min.js
grooveinvestments.com/wp-content/themes/Divi/core/admin/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://grooveinvestments.com/wp-content/themes/Divi/core/admin/js/es6-promise.auto.min.js?ver=5.5.12
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
7b3a7e4265228a39bea0d22ac1aedb86219a7b521a831827f7f4579ca5ae4156

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:57 GMT
Content-Encoding
br
Last-Modified
Sun, 30 Aug 2020 08:39:03 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2559
recaptcha.js
grooveinvestments.com/wp-content/themes/Divi/core/admin/js/ 		2 KB
960 B 		Script
General
Check archive.org
Download Go to
Full URL
https://grooveinvestments.com/wp-content/themes/Divi/core/admin/js/recaptcha.js?ver=5.5.12
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
6c1510ef35e8322bf3c09c53aa955cd3b0a9e5ac65d15dd518c84ffc4b511c9f

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:57 GMT
Content-Encoding
br
Last-Modified
Sun, 30 Aug 2020 08:39:03 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
661
et-core-unified-70-16900147809451.min.css
grooveinvestments.com/wp-content/et-cache/70/ 		39 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://grooveinvestments.com/wp-content/et-cache/70/et-core-unified-70-16900147809451.min.css
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
d5292fb456268cbeb9e29d7c5c1756c4c2e7d53a7c0600476f1c1d47f8c12b70

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:57 GMT
Content-Encoding
br
Last-Modified
Sat, 22 Jul 2023 08:33:01 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3284
groove-investments.png
grooveinvestments.com/wp-content/uploads/2020/07/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://grooveinvestments.com/wp-content/uploads/2020/07/groove-investments.png
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
2a6881e17ac1518f592930b45ed11c87e50c573e51157af19c1f0cb8ed08fa18

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:58 GMT
Last-Modified
Sun, 12 Jul 2020 19:51:28 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
18850
img19.jpg
grooveinvestments.com/wp-content/uploads/2020/07/ 		282 KB
282 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://grooveinvestments.com/wp-content/uploads/2020/07/img19.jpg
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
a4da8c0ce4cd8f1a484cc2536a194b3532d2f6665410cfabadbd05c1287edae3

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:58 GMT
Last-Modified
Sun, 12 Jul 2020 20:11:54 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
Content-Length
288485
image.jpg
grooveinvestments.com/wp-content/uploads/2020/08/ 		121 KB
121 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://grooveinvestments.com/wp-content/uploads/2020/08/image.jpg
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
31c4147063bfeccc2bb5339c4120be278be616b34a20ba645142846d5f25281b

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:58 GMT
Last-Modified
Mon, 10 Aug 2020 10:24:08 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=94
Content-Length
123998
custom.unified.js
grooveinvestments.com/wp-content/themes/Divi/js/ 		466 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://grooveinvestments.com/wp-content/themes/Divi/js/custom.unified.js?ver=4.6.0
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
af3230f535d0c6601e0de31802cac16efb0d9548e40ee67e9fa578e1673d05cb

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:58 GMT
Content-Encoding
br
Last-Modified
Sun, 30 Aug 2020 08:39:03 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
116853
common.js
grooveinvestments.com/wp-content/themes/Divi/core/admin/js/ 		1 KB
794 B 		Script
General
Check archive.org
Download Go to
Full URL
https://grooveinvestments.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.6.0
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
c05ee8fac93fde19412046a913b9aecd86210aba6b72cff7c94e01170dd11e3b

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:58 GMT
Content-Encoding
br
Last-Modified
Sun, 30 Aug 2020 08:39:03 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
495
wp-embed.min.js
grooveinvestments.com/wp-includes/js/ 		1 KB
1002 B 		Script
General
Check archive.org
Download Go to
Full URL
https://grooveinvestments.com/wp-includes/js/wp-embed.min.js?ver=5.5.12
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:58 GMT
Content-Encoding
br
Last-Modified
Tue, 16 May 2023 18:41:15 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
703
global.js
get.linestoget.com/scripts/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.linestoget.com/scripts/global.js
Requested by
Host: stay.linestoget.com
URL: https://stay.linestoget.com/scripts/get.js?ver=4.2.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2.59.222.119 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),
Reverse DNS
Software
nginx /
Resource Hash
928654f09ab57bcd0f95fac16e1f00164c338d127788b1b45906a249eea7afa9
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:54:59 GMT
strict-transport-security
max-age=15768000;
content-encoding
gzip
last-modified
Fri, 14 Jul 2023 10:22:37 GMT
server
nginx
etag
W/"64b121ed-b70"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-emoji-release.min.js
grooveinvestments.com/wp-includes/js/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://grooveinvestments.com/wp-includes/js/wp-emoji-release.min.js?ver=5.5.12
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
c6cddb28012c77fd3f0ca667d3b303f2b37d945f898a75bd5e6f8ad8e99be0c3

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:58 GMT
Content-Encoding
br
Last-Modified
Fri, 26 May 2023 08:21:42 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=93
Content-Length
5055
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://grooveinvestments.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 09:02:59 GMT
x-content-type-options
nosniff
age
499920
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48412
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:08:53 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 27 Jul 2024 09:02:59 GMT
uae-israel-flag-v2.jpg
grooveinvestments.com/wp-content/uploads/2020/09/ 		185 KB
185 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://grooveinvestments.com/wp-content/uploads/2020/09/uae-israel-flag-v2.jpg
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/wp-content/et-cache/70/et-core-unified-70-16900147809451.min.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
3b2c6dd4025d9f9c1fc1bb0e602be6e5cba85f9aa9d61e5d53a4b27a9c1785f0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/wp-content/et-cache/70/et-core-unified-70-16900147809451.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:59 GMT
Last-Modified
Wed, 02 Sep 2020 10:42:08 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=92
Content-Length
189694
mirabela-popeci-lensblur.jpg
grooveinvestments.com/wp-content/uploads/2020/08/ 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://grooveinvestments.com/wp-content/uploads/2020/08/mirabela-popeci-lensblur.jpg
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/wp-content/et-cache/70/et-core-unified-70-16900147809451.min.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
26a51bcebdfc08eb95f4865d0b37d141e3833c0f3d21cae91c57ac0589ffbb9a

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/wp-content/et-cache/70/et-core-unified-70-16900147809451.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:59 GMT
Last-Modified
Sat, 08 Aug 2020 10:17:00 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
35663
consutant-03.jpg
grooveinvestments.com/wp-content/uploads/2020/07/ 		86 KB
86 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://grooveinvestments.com/wp-content/uploads/2020/07/consutant-03.jpg
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/wp-content/et-cache/70/et-core-unified-70-16900147809451.min.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
ba97cff753bdc41fb2b181af865e467c57a1a0d182f6d56a2aff578ce459462c

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://grooveinvestments.com/wp-content/et-cache/70/et-core-unified-70-16900147809451.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:59 GMT
Last-Modified
Sun, 12 Jul 2020 19:37:21 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
88320
pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPlayfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic%7CSaira+Extra+Condensed%3A100%2C200%2C300%2Cregular%2C500%2C600%2C700%2C800%2C900&subset=latin%2Clatin-ext&display=swap&ver=5.5.12
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://grooveinvestments.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Sun, 30 Jul 2023 00:14:41 GMT
x-content-type-options
nosniff
age
358818
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8000
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:59:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 29 Jul 2024 00:14:41 GMT
modules.ttf
grooveinvestments.com/wp-content/themes/Divi/core/admin/fonts/ 		90 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://grooveinvestments.com/wp-content/themes/Divi/core/admin/fonts/modules.ttf
Requested by
Host: grooveinvestments.com
URL: https://grooveinvestments.com/wp-content/themes/Divi/style.css?ver=4.6.0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.38.179.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3115837.ip-54-38-179.eu
Software
Apache /
Resource Hash
d201a2c3118a00c82cc48e89815f5139f23956bbe248107dcf522acc77b97c09

Request headers

Referer
https://grooveinvestments.com/wp-content/themes/Divi/style.css?ver=4.6.0
Origin
https://grooveinvestments.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date
Thu, 03 Aug 2023 03:54:59 GMT
Content-Encoding
br
Last-Modified
Sun, 30 Aug 2020 08:39:03 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
font/ttf
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
36317
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPlayfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic%7CSaira+Extra+Condensed%3A100%2C200%2C300%2Cregular%2C500%2C600%2C700%2C800%2C900&subset=latin%2Clatin-ext&display=swap&ver=5.5.12
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://grooveinvestments.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Sat, 29 Jul 2023 17:52:03 GMT
x-content-type-options
nosniff
age
381776
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7816
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:11:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 28 Jul 2024 17:52:03 GMT
nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
fonts.gstatic.com/s/playfairdisplay/v30/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPlayfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic%7CSaira+Extra+Condensed%3A100%2C200%2C300%2Cregular%2C500%2C600%2C700%2C800%2C900&subset=latin%2Clatin-ext&display=swap&ver=5.5.12
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://grooveinvestments.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 16:20:39 GMT
x-content-type-options
nosniff
age
473660
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35764
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 19:06:36 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 27 Jul 2024 16:20:39 GMT
-nFvOHYr-vcC7h8MklGBkrvmUG9rbpkisrTrN2zh2wph.woff2
fonts.gstatic.com/s/sairaextracondensed/v11/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sairaextracondensed/v11/-nFvOHYr-vcC7h8MklGBkrvmUG9rbpkisrTrN2zh2wph.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPlayfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic%7CSaira+Extra+Condensed%3A100%2C200%2C300%2Cregular%2C500%2C600%2C700%2C800%2C900&subset=latin%2Clatin-ext&display=swap&ver=5.5.12
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f98575e529167086cc3204f8dc203333faa809c4390b0e80d1a3fdf87df4dbc3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://grooveinvestments.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 04:10:52 GMT
x-content-type-options
nosniff
age
517447
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16672
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:19:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 27 Jul 2024 04:10:52 GMT
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPlayfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic%7CSaira+Extra+Condensed%3A100%2C200%2C300%2Cregular%2C500%2C600%2C700%2C800%2C900&subset=latin%2Clatin-ext&display=swap&ver=5.5.12
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://grooveinvestments.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Sat, 29 Jul 2023 05:30:43 GMT
x-content-type-options
nosniff
age
426256
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7748
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:21:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 28 Jul 2024 05:30:43 GMT
pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPlayfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic%7CSaira+Extra+Condensed%3A100%2C200%2C300%2Cregular%2C500%2C600%2C700%2C800%2C900&subset=latin%2Clatin-ext&display=swap&ver=5.5.12
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://grooveinvestments.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 12:23:15 GMT
x-content-type-options
nosniff
age
487904
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7840
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:51:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 27 Jul 2024 12:23:15 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2
fonts.gstatic.com/s/opensans/v35/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b97d8aeabc66d08ec6dd27c699cfc1a10887dda861e9bc3b6fc9a971841ad8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://grooveinvestments.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Fri, 28 Jul 2023 04:10:38 GMT
x-content-type-options
nosniff
age
517461
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16528
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:08:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 27 Jul 2024 04:10:38 GMT
final.php
go.linestoget.com/ 		0
0
go.php
go.linestoget.com/
Redirect Chain
  • https://go.linestoget.com/final.php?id=7457648&sid=34257&lid=576586
  • https://go.linestoget.com/go.php?id=776&gid=5578775564
497 B
440 B 		Document
General
Check archive.org
Download Go to
Full URL
https://go.linestoget.com/go.php?id=776&gid=5578775564
Requested by
Host: get.linestoget.com
URL: https://get.linestoget.com/scripts/global.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.59.222.122 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;

Request headers

Referer
https://grooveinvestments.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-length
298
content-type
text/html; charset=UTF-8
date
Thu, 03 Aug 2023 03:55:00 GMT
server
nginx
strict-transport-security
max-age=15768000;
vary
Accept-Encoding

Redirect headers

content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 03 Aug 2023 03:55:00 GMT
location
https://go.linestoget.com/go.php?id=776&gid=5578775564
server
nginx
strict-transport-security
max-age=15768000;
InNpZCI6MTI0ODg5MSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs
cqwajn.com/gosl/ 		0
0
checking-browser
qzgxqt.com/
Redirect Chain
  • https://cqwajn.com/gosl/InNpZCI6MTI0ODg5MSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=tracy&si2=garrygoon
  • https://qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon
25 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon
Requested by
Host: go.linestoget.com
URL: https://go.linestoget.com/go.php?id=776&gid=5578775564
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash
55158db41f6511969abd25fe939bb10d6ed13bdbf2e1b000c7e1f76821727a75

Request headers

Referer
https://go.linestoget.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 03 Aug 2023 03:55:00 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu4

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
7f0b9f6119e6d53c-CDG
content-type
text/html; charset=UTF-8
date
Thu, 03 Aug 2023 03:55:00 GMT
location
https://qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon
max-age
0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9MRznak%2BTsgZmny96RQ07DsktyyWr00%2BPjQ8MyArdZDu1fUdozL4eC0nOdXzGDPm0ptFDUI5s%2BHkISWllCCqAv9YGUx4YTRAueZX3QXnAw5FWQROSL40EUkfcgO6DbJuYAjdTMy1IUNo"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-zone
eu
rpe
bcuiaw.com/ 		0
101 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcuiaw.com/rpe?a=1&s=1&act=17&src=2&p=1054030&st=1248891&wd=469097&d=qzgxqt.com&tpl=44&rnd=0.8561042978696816&sbid=tracy&sbid2=garrygoon
Requested by
Host: qzgxqt.com
URL: https://qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2a02:b4a:1:7::9166:1 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://qzgxqt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 03 Aug 2023 03:55:00 GMT
accept-ch
Sec-CH-UA-Platform-Version
server
nginx/1.18.0
content-length
0
sdk.js
ulmoyc.com/v1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=44&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNpMSI6InRyYWN5Iiwic2kyIjoiZ2Fycnlnb29uIn0=eyJwaWQ
Requested by
Host: qzgxqt.com
URL: https://qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:924a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f83f94a10038fe5b0fc416c890c3dac5e1f9bb8abd135179b7d4f9f7653ec05

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://qzgxqt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:55:00 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"88Rs6cR2aQnmFJYvb0V3MvfZivk"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cijnABmHXPmCxTt0GMkwqgnI%2FyFq5hxMbhgp0yPWJOhVt7LO570Zq9tINAAxXhFNPv7zRV2G9amITMQ41FUhbgBmNLr1sfE9LsBtJANav%2BUrFSrvqPg1Berm7UWNOlH4ITfDmdFo98du"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://qzgxqt.com
cache-control
public, max-age=14400
x-zone
eu
cf-ray
7f0b9f629d340073-CDG
alt-svc
h3=":443"; ma=86400
fp.js
ulmoyc.com/ 		1 KB
875 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/fp.js?d=qzgxqt.com
Requested by
Host: ulmoyc.com
URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=44&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNpMSI6InRyYWN5Iiwic2kyIjoiZ2Fycnlnb29uIn0=eyJwaWQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:924a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6f136f74cdeb12c9222a4a65d0aff1cc76f6b46a9954e938d7829f3f8d47cd1

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://qzgxqt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:55:00 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Thu, 03 Aug 2023 03:54:58 GMT
max-age
0
server
cloudflare
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MqcPX3xoguoibzZcyLSdwebd8a1c98%2B57ys9EKtSZzb2pBJgSuPib8XIeIuSoPPMyh2AYvDhsx3uk%2FxeNE%2Fj9G0%2BjKRCk1LDj2qmLnTZMSrmOpkcGA9xvBscI2zW2ss8WQPS9XlD9BC3"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://qzgxqt.com
cache-control
max-age=14400
x-zone
eu
cf-ray
7f0b9f62dd4d0073-CDG
alt-svc
h3=":443"; ma=86400
checking-browser
ht539.qzgxqt.com/ 		25 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ht539.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=1
Requested by
Host: qzgxqt.com
URL: https://qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash
5518b84552f070132470b83c07a79ce2344e79cb3381428cb4dad26a233d6a7c

Request headers

Referer
https://qzgxqt.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 03 Aug 2023 03:55:01 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu
sdk.js
ulmoyc.com/v1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=44&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNpMSI6InRyYWN5Iiwic2kyIjoiZ2Fycnlnb29uIiwiaSI6IjEifQ==eyJwaWQ
Requested by
Host: ht539.qzgxqt.com
URL: https://ht539.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:924a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6151c13f3b9086ff42b74f583dec3cff10065f2583a82454de07266155a5bf95

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://ht539.qzgxqt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:55:01 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"gxNvFwU/v+R4EP7dy4WA+decYEk"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IoAeCX1b1eAwSfY8nHjh6Il0%2ByahKCF5wNyoFvltw4vIJRZa8crRyXOEICCRIQbSJ%2FujAGpmrUJbVYgUm8wWJSx86KQWHwViw6QrWfDsCOdx%2F3B3RE1iGFCY7og%2B2%2BSEJn5HuWZhjvdU"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://qzgxqt.com
cache-control
public, max-age=14400
x-zone
eu
cf-ray
7f0b9f63c8fc035a-CDG
alt-svc
h3=":443"; ma=86400
checking-browser
y7h9l.qzgxqt.com/ 		25 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://y7h9l.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=2
Requested by
Host: ht539.qzgxqt.com
URL: https://ht539.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash
cff65de11bbe3c2fafde5ce97defe194d2a3ec730ffd2a0a60aabe1a9d429267

Request headers

Referer
https://ht539.qzgxqt.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 03 Aug 2023 03:55:01 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu3
sdk.js
ulmoyc.com/v1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=44&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNpMSI6InRyYWN5Iiwic2kyIjoiZ2Fycnlnb29uIiwiaSI6IjIifQ==eyJwaWQ
Requested by
Host: y7h9l.qzgxqt.com
URL: https://y7h9l.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:924a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1095b90eb353ca82c6ae5ab340a666d9346551348bee09d743bfc3e3fe01c634

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://y7h9l.qzgxqt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:55:01 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"xELnboeUuGyZwXdwtYDWv8L6/xI"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=66POVBMItGoVBifENEeY34b8rk5SzHzyZktivR9OQdYegE0mPaNed%2FhjwIV%2FPlzLizsT9ghkha0xSa8mT4GhugT%2FQLbaOvchI6j3n6xUvngz28X6sVm1SGYWPJol6yyH3iQgyA9nOz0Q"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://qzgxqt.com
cache-control
public, max-age=14400
x-zone
eu
cf-ray
7f0b9f64e992035a-CDG
alt-svc
h3=":443"; ma=86400
checking-browser
tl6ci.qzgxqt.com/ 		25 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tl6ci.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=3
Requested by
Host: y7h9l.qzgxqt.com
URL: https://y7h9l.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash
acbe8a213354aac91089db4eaba86ea2223890adcbcc0010b64c0a3714fec7e9

Request headers

Referer
https://y7h9l.qzgxqt.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 03 Aug 2023 03:55:01 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu
sdk.js
ulmoyc.com/v1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=44&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNpMSI6InRyYWN5Iiwic2kyIjoiZ2Fycnlnb29uIiwiaSI6IjMifQ==eyJwaWQ
Requested by
Host: tl6ci.qzgxqt.com
URL: https://tl6ci.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:924a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b6cf94479cdf945e5dda5307f91e86074b1bea055f97e0e90009475fcff8999

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://tl6ci.qzgxqt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:55:01 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2276
etag
W/"XTVlG9eQ+j+JXdBLctH6LAm6FKI"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IxGTvYZOV3Jeq%2FbRT0rm9oQuQhPOp%2FzFzemQLZ%2F2BxRUS7AHcUB8gu0ZAtlTaL1jSAVaTnDL01yBXqrwFRBtSmH8GdhtR1suPIFUF%2BItTrz0IR9SS5kZmF61HGylCQPrlIU4cvQIs%2BGR"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://qzgxqt.com
cache-control
public, max-age=14400
x-zone
eu
cf-ray
7f0b9f661a2b035a-CDG
alt-svc
h3=":443"; ma=86400
checking-browser
6fpln.qzgxqt.com/ 		25 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://6fpln.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=4
Requested by
Host: tl6ci.qzgxqt.com
URL: https://tl6ci.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash
e6ead7842a7863fa29ee1a6b4876ada7855a70b14c76f07884ffded2d1b994c4

Request headers

Referer
https://tl6ci.qzgxqt.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 03 Aug 2023 03:55:01 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu3
sdk.js
ulmoyc.com/v1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=44&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNpMSI6InRyYWN5Iiwic2kyIjoiZ2Fycnlnb29uIiwiaSI6IjQifQ==eyJwaWQ
Requested by
Host: 6fpln.qzgxqt.com
URL: https://6fpln.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:924a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9eec80fdae41283db0533aaaccbde716b215115966d8af6ae9a0ff631b19b67c

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://6fpln.qzgxqt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:55:02 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"+cbGUYVG4oBeDQl59uBiUjzrmKc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4p9nfLp7jUsSCgBTPNvqA2XwdmoCyoUzQHf9gDo%2B0Hprg8kC%2BsGV58P7G7MlHJptRjIdozP4l7UhbEEXok8zrtAE5k%2BbGexEH1dwpoj%2F5v1hFygP1D%2BbHWApaEJ2ntKraiqJfaqJs9g0"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://qzgxqt.com
cache-control
public, max-age=14400
x-zone
eu
cf-ray
7f0b9f698bde035a-CDG
alt-svc
h3=":443"; ma=86400
checking-browser
shai9.qzgxqt.com/ 		25 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://shai9.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=5
Requested by
Host: 6fpln.qzgxqt.com
URL: https://6fpln.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash
a3894b5bed189174dfdcc9398c69566c5901190635ba9aedaf70aee97411fca1

Request headers

Referer
https://6fpln.qzgxqt.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 03 Aug 2023 03:55:02 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu4
sdk.js
ulmoyc.com/v1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=44&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNpMSI6InRyYWN5Iiwic2kyIjoiZ2Fycnlnb29uIiwiaSI6IjUifQ==eyJwaWQ
Requested by
Host: shai9.qzgxqt.com
URL: https://shai9.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:924a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
00956aac78eb4c953f7ee4248b607c7196bfd8961a1dc46719213b37d6d46449

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://shai9.qzgxqt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:55:02 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2266
etag
W/"Fh2eDFBFO5a2aGmLQt9elG01jfQ"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l0vK119NGpKsmF1A6iBpLxrg33RgMjny29Z2Gin3SWoqI4SSHCgHKs5outZ%2Ff9Mu4NC04AYbArCOxWTc3DJfSiixSieDxuVm9druRB2R5%2BpcPa%2BkPSnmjqGFejsewWwiJwJVwW27WZQG"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://qzgxqt.com
cache-control
public, max-age=14400
x-zone
eu
cf-ray
7f0b9f6aac55035a-CDG
alt-svc
h3=":443"; ma=86400
checking-browser
ie3qh.qzgxqt.com/ 		25 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ie3qh.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=6
Requested by
Host: shai9.qzgxqt.com
URL: https://shai9.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash
2902054cc7066f55e232aa5d357fc28ba2083b6cfae1b53da23edabab4891add

Request headers

Referer
https://shai9.qzgxqt.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 03 Aug 2023 03:55:02 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu3
sdk.js
ulmoyc.com/v1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=44&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNpMSI6InRyYWN5Iiwic2kyIjoiZ2Fycnlnb29uIiwiaSI6IjYifQ==eyJwaWQ
Requested by
Host: ie3qh.qzgxqt.com
URL: https://ie3qh.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=6
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:924a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70df0e83d3a1ef0d6d585b125aee33f0990f7cadee3dbdc34c64fcf81bafe88b

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://ie3qh.qzgxqt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:55:02 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2261
etag
W/"/5+EpKDg/t6YVqP0dwT7a05axEk"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r0kHWPdVz3Uh5QF9v%2BHbG7HMpOcplGpaluM%2FzGxsx2US1T9tnER4lngOjoclwGXUHa9G6OQPeHy%2BU2R1bi8Xam%2FJsf%2Fr4boPYa95F8GpPPRVFyQPV0EIoEZu3vGPm5ZgwwvBXcmOjXEd"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://qzgxqt.com
cache-control
public, max-age=14400
x-zone
eu
cf-ray
7f0b9f6beccc035a-CDG
alt-svc
h3=":443"; ma=86400
checking-browser
h2gta.qzgxqt.com/ 		25 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://h2gta.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=7
Requested by
Host: ie3qh.qzgxqt.com
URL: https://ie3qh.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash
90f99b33967782915541ed8b578ec16fceaaf9ec1e41c7f6cee5092040034262

Request headers

Referer
https://ie3qh.qzgxqt.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 03 Aug 2023 03:55:02 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu3
sdk.js
ulmoyc.com/v1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=44&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNpMSI6InRyYWN5Iiwic2kyIjoiZ2Fycnlnb29uIiwiaSI6IjcifQ==eyJwaWQ
Requested by
Host: h2gta.qzgxqt.com
URL: https://h2gta.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:924a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc3181aacf576b7faf6dee3c4ea54c4ed66fd443b2ee07d3de853274751b3f82

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://h2gta.qzgxqt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:55:02 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"U/iNYai3AkfgiDZuu/wT46oYs6M"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T0uRg9EpYxvUujT8wDIwg6Cmv0%2FStRZqoSlvcOW1ekJ97c2M3i%2F%2FuJrXo6ndlHpmn5aCoW3f%2B9xS7%2Bs6EY4ajGfuX%2FgY37hQ2kPn%2BjWMVniX33ySEpVPx8uwVzu31okdrO%2F0iknNdJPc"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://qzgxqt.com
cache-control
public, max-age=14400
x-zone
eu
cf-ray
7f0b9f6f1df2035a-CDG
alt-svc
h3=":443"; ma=86400
checking-browser
bkhlp.qzgxqt.com/ 		25 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bkhlp.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=8
Requested by
Host: h2gta.qzgxqt.com
URL: https://h2gta.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash
614de986183b42cf8c7e3b1490605f1ac0256056b53a915a53744e3dc53e934f

Request headers

Referer
https://h2gta.qzgxqt.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 03 Aug 2023 03:55:03 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu4
sdk.js
ulmoyc.com/v1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=44&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNpMSI6InRyYWN5Iiwic2kyIjoiZ2Fycnlnb29uIiwiaSI6IjgifQ==eyJwaWQ
Requested by
Host: bkhlp.qzgxqt.com
URL: https://bkhlp.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:924a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1dbce70a8a1a5f5689d5c56837095e6d3a841299dd69fe6d6a02d8c79536ce3

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://bkhlp.qzgxqt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:55:03 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2251
etag
W/"SvrmeFqfjLT7MfBulCiy/yQyFGE"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9oSmfGprJfqAeehp6XUTaW0GojrArClnvNfojMXN%2BSdioyy%2BRunn1Na8Ry%2FNE06SdqQnA%2FzWKVV6CsvuAuVyPTSiQ2tGoHQGe4yip%2FzKJEJrlYAtAwliqmeYVcrPvkdOFVcqNjeABzPg"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://qzgxqt.com
cache-control
public, max-age=14400
x-zone
eu
cf-ray
7f0b9f720f13035a-CDG
alt-svc
h3=":443"; ma=86400
Primary Request checking-browser
zkltm.qzgxqt.com/ 		25 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://zkltm.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=9
Requested by
Host: bkhlp.qzgxqt.com
URL: https://bkhlp.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.21.1 /
Resource Hash
04225d99780100bdfa74aba5cac434155d0c523038aa3eede0295da379406bdb

Request headers

Referer
https://bkhlp.qzgxqt.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 03 Aug 2023 03:55:03 GMT
server
nginx/1.21.1
vary
Accept-Encoding
x-zone
eu4
sdk.js
ulmoyc.com/v1/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=44&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNpMSI6InRyYWN5Iiwic2kyIjoiZ2Fycnlnb29uIiwiaSI6IjkifQ==eyJwaWQ
Requested by
Host: zkltm.qzgxqt.com
URL: https://zkltm.qzgxqt.com/checking-browser?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTcsInNyYyI6Mn0=eyJ&si1=tracy&si2=garrygoon&i=9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:924a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3626c7eed9177560ad91bf5883b511929fd28889c9dc2eee31b3e8335e372e32

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://zkltm.qzgxqt.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:55:03 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2246
etag
W/"Bo+sS6k4wsCqPUpx66CzFk9TEs4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NTTHjX68nFYHt3hTnwSJy5HL3Vj4mMJ2ZtMUP2oNrmQDvcrm38lhFxtLRRR7UNV328F1DHvSyQ%2FO3Y32qEq0n79m8HJ7RDRhktS8%2BP1KvJewDAH0iIEhfqEbBjJOiPMzohYlJ5cPKS6v"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://qzgxqt.com
cache-control
public, max-age=14400
x-zone
eu
cf-ray
7f0b9f733f83035a-CDG
alt-svc
h3=":443"; ma=86400
phtbload
ecrwqu.com/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
go.linestoget.com
URL
https://go.linestoget.com/final.php?id=7457648&sid=34257&lid=576586
Domain
cqwajn.com
URL
https://cqwajn.com/gosl/InNpZCI6MTI0ODg5MSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=tracy&si2=garrygoon
Domain
ecrwqu.com
URL
https://ecrwqu.com/phtbload?a=1&e=aeyJwaWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTd9

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| edPushSDK function| _0x2c0e function| _0x2f54

5 Cookies

Domain/Path Name / Value
grooveinvestments.com/ Name: pll_language
Value: en
grooveinvestments.com/ Name: wp-dd-muser
Value: 1
.qzgxqt.com/ Name: truniq
Value: 1
.qzgxqt.com/ Name: prompt
Value: 1
.qzgxqt.com/ Name: ufp2
Value: 9e9b3516eb5838139ca8ec85ca238b21dd677d09

3 Console Messages

Source Level URL
Text
security warning URL: https://grooveinvestments.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp(Line 4)
Message:
Mixed Content: The page at 'https://grooveinvestments.com/' was loaded over HTTPS, but requested an insecure element 'http://grooveinvestments.com/wp-content/uploads/2020/09/uae-israel-flag-v2.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://grooveinvestments.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp(Line 4)
Message:
Mixed Content: The page at 'https://grooveinvestments.com/' was loaded over HTTPS, but requested an insecure element 'http://grooveinvestments.com/wp-content/uploads/2020/08/mirabela-popeci-lensblur.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://grooveinvestments.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp(Line 4)
Message:
Mixed Content: The page at 'https://grooveinvestments.com/' was loaded over HTTPS, but requested an insecure element 'http://grooveinvestments.com/wp-content/uploads/2020/07/consutant-03.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6fpln.qzgxqt.com
bcuiaw.com
bkhlp.qzgxqt.com
cqwajn.com
ecrwqu.com
fonts.googleapis.com
fonts.gstatic.com
get.linestoget.com
go.linestoget.com
grooveinvestments.com
h2gta.qzgxqt.com
ht539.qzgxqt.com
ie3qh.qzgxqt.com
qzgxqt.com
shai9.qzgxqt.com
stay.linestoget.com
tl6ci.qzgxqt.com
ulmoyc.com
y7h9l.qzgxqt.com
zkltm.qzgxqt.com
cqwajn.com
ecrwqu.com
go.linestoget.com
185.56.234.205
2.59.222.119
2.59.222.122
2606:4700:3035::ac43:924a
2a00:1450:4001:80b::200a
2a00:1450:4001:80e::2003
2a02:b4a:1:7::9166:1
2a06:98c1:3120::3
54.38.179.64
00956aac78eb4c953f7ee4248b607c7196bfd8961a1dc46719213b37d6d46449
04225d99780100bdfa74aba5cac434155d0c523038aa3eede0295da379406bdb
1095b90eb353ca82c6ae5ab340a666d9346551348bee09d743bfc3e3fe01c634
22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
26a51bcebdfc08eb95f4865d0b37d141e3833c0f3d21cae91c57ac0589ffbb9a
2902054cc7066f55e232aa5d357fc28ba2083b6cfae1b53da23edabab4891add
2a6881e17ac1518f592930b45ed11c87e50c573e51157af19c1f0cb8ed08fa18
2ed95e3bc506faa4f0edce03f28d083446878a2c259ec5b0f816c9f5238e82a5
31c4147063bfeccc2bb5339c4120be278be616b34a20ba645142846d5f25281b
3626c7eed9177560ad91bf5883b511929fd28889c9dc2eee31b3e8335e372e32
3b2c6dd4025d9f9c1fc1bb0e602be6e5cba85f9aa9d61e5d53a4b27a9c1785f0
53efebc5ac99521dc5b64f1eab51dcdab7bf5d89d999d194bd180502c129a7a1
55158db41f6511969abd25fe939bb10d6ed13bdbf2e1b000c7e1f76821727a75
5518b84552f070132470b83c07a79ce2344e79cb3381428cb4dad26a233d6a7c
55b20ad86e6c37af51b2a59c083dcddb573af13825a307b6bfec55c2c7f4b757
5b6cf94479cdf945e5dda5307f91e86074b1bea055f97e0e90009475fcff8999
614de986183b42cf8c7e3b1490605f1ac0256056b53a915a53744e3dc53e934f
6151c13f3b9086ff42b74f583dec3cff10065f2583a82454de07266155a5bf95
61eeaf3752ec4a775d833ab1ffe79787a750f59cb9c2933aad9cc276a36eb5fb
6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd
6b97d8aeabc66d08ec6dd27c699cfc1a10887dda861e9bc3b6fc9a971841ad8d
6c1510ef35e8322bf3c09c53aa955cd3b0a9e5ac65d15dd518c84ffc4b511c9f
70df0e83d3a1ef0d6d585b125aee33f0990f7cadee3dbdc34c64fcf81bafe88b
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
7b3a7e4265228a39bea0d22ac1aedb86219a7b521a831827f7f4579ca5ae4156
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
90f99b33967782915541ed8b578ec16fceaaf9ec1e41c7f6cee5092040034262
928654f09ab57bcd0f95fac16e1f00164c338d127788b1b45906a249eea7afa9
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
99607aabc224e591735a87e2c411e92e8aad47cf37bcaa8cdd79d563c4a00119
9eec80fdae41283db0533aaaccbde716b215115966d8af6ae9a0ff631b19b67c
9f83f94a10038fe5b0fc416c890c3dac5e1f9bb8abd135179b7d4f9f7653ec05
a2009bbd65147d0d9ed8c72fdbb420f2432fe3f696e888d84f2e972b92871a73
a3894b5bed189174dfdcc9398c69566c5901190635ba9aedaf70aee97411fca1
a4da8c0ce4cd8f1a484cc2536a194b3532d2f6665410cfabadbd05c1287edae3
a6f136f74cdeb12c9222a4a65d0aff1cc76f6b46a9954e938d7829f3f8d47cd1
acbe8a213354aac91089db4eaba86ea2223890adcbcc0010b64c0a3714fec7e9
af3230f535d0c6601e0de31802cac16efb0d9548e40ee67e9fa578e1673d05cb
b7203ef7f18e8e70e9991515982b3bbd43524cf048e9591b7aab1e80db938774
ba97cff753bdc41fb2b181af865e467c57a1a0d182f6d56a2aff578ce459462c
c05ee8fac93fde19412046a913b9aecd86210aba6b72cff7c94e01170dd11e3b
c6cddb28012c77fd3f0ca667d3b303f2b37d945f898a75bd5e6f8ad8e99be0c3
cc3181aacf576b7faf6dee3c4ea54c4ed66fd443b2ee07d3de853274751b3f82
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cff65de11bbe3c2fafde5ce97defe194d2a3ec730ffd2a0a60aabe1a9d429267
d201a2c3118a00c82cc48e89815f5139f23956bbe248107dcf522acc77b97c09
d5292fb456268cbeb9e29d7c5c1756c4c2e7d53a7c0600476f1c1d47f8c12b70
e1dbce70a8a1a5f5689d5c56837095e6d3a841299dd69fe6d6a02d8c79536ce3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6ead7842a7863fa29ee1a6b4876ada7855a70b14c76f07884ffded2d1b994c4
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f98575e529167086cc3204f8dc203333faa809c4390b0e80d1a3fdf87df4dbc3