rossewstv.onepage.me/
34.89.236.29301 Moved Permanently 175 B IP 34.89.236.29:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 27d3037d4815f88b7bb724cb258524e1
092678ca1f61e13d97f37f7be9438e7b32b722e9
0c0a343c76a265d5b6b5b3708383afaf77f187eaa7f3fa8f1fec18cdf4ebe198
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET / HTTP/1.1
Host: rossewstv.onepage.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: openresty/1.19.9.1
Date: Fri, 04 Nov 2022 02:41:08 GMT
Content-Type: text/html
Content-Length: 175
Connection: keep-alive
Location: https://rossewstv.onepage.me/
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b720c31d9c036cd2ef10e35fa29f5345
ac625d2e69284e5080bede4b37c31af62c26338b
323b76eceb5d3ad339a1c55bfa7eea4e39741258e08d5005b691f712a9e9c81c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "323B76ECEB5D3AD339A1C55BFA7EEA4E39741258E08D5005B691F712A9E9C81C"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5773
Expires: Fri, 04 Nov 2022 04:17:21 GMT
Date: Fri, 04 Nov 2022 02:41:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2740
Expires: Fri, 04 Nov 2022 03:26:48 GMT
Date: Fri, 04 Nov 2022 02:41:08 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2842f538168981f07b56e2c69379841a
0cc4ad0a78c1407bc9b7850eb0fb1a02130e3b22
3f9e8fb02409a19ceb54fee3f0f7f73eeed9e0ad63fa778eac7b3e4633d7d682
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1930
Cache-Control: max-age=112930
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 02:41:08 GMT
Etag: "63638a5c-1d7"
Expires: Sat, 05 Nov 2022 10:03:18 GMT
Last-Modified: Thu, 03 Nov 2022 09:31:08 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2842f538168981f07b56e2c69379841a
0cc4ad0a78c1407bc9b7850eb0fb1a02130e3b22
3f9e8fb02409a19ceb54fee3f0f7f73eeed9e0ad63fa778eac7b3e4633d7d682
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1930
Cache-Control: max-age=112930
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 02:41:08 GMT
Etag: "63638a5c-1d7"
Expires: Sat, 05 Nov 2022 10:03:18 GMT
Last-Modified: Thu, 03 Nov 2022 09:31:08 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: niJqALTdS3LkR1iRkv1RWzkZLNFYMfSxGay88P/fejIiMUEQTr/FyrNinbsxRLQGUFkyp7ukABxkWC0H+4jkoA==
x-amz-request-id: 69EH5B7TT7KEQBD0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 04 Nov 2022 01:46:36 GMT
age: 3272
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 02:41:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f7501807dc8925a3597ca6a7c0396787
d6bb5231a81b03031569dad3bc6847d0cf565e82
681953875d21cd9bd093f423de190a24e995af3beb58211ef0308ad7a29ae9ac
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=161042
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 02:41:08 GMT
Etag: "63644dd6-1d7"
Expires: Sat, 05 Nov 2022 23:25:10 GMT
Last-Modified: Thu, 03 Nov 2022 23:25:10 GMT
Server: nginx
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 670d0b2f341e8ff1e4ee9fe4fe21e210
dcd277daebf63623b985a81a96bcdc6a6f67c518
75029ab8db44811ac539aa3e2f1f8e015a45b80cb5a1099cec7d64e55e2a72a6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3722
Cache-Control: max-age=109662
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 02:41:08 GMT
Etag: "63637698-1d7"
Expires: Sat, 05 Nov 2022 09:08:50 GMT
Last-Modified: Thu, 03 Nov 2022 08:06:48 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9f110b50125acfd0b64d5f712f9941b0
d49421ea937df245aa6d380c146f5ac2305b762e
38598cf5e45ee08611342998f8c46d2ed6e88b97ae54d3916707bd508f7c8b61
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6498
Cache-Control: max-age=111340
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 02:41:09 GMT
Etag: "6363724f-1d7"
Expires: Sat, 05 Nov 2022 09:36:49 GMT
Last-Modified: Thu, 03 Nov 2022 07:48:31 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9f110b50125acfd0b64d5f712f9941b0
d49421ea937df245aa6d380c146f5ac2305b762e
38598cf5e45ee08611342998f8c46d2ed6e88b97ae54d3916707bd508f7c8b61
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 382
Cache-Control: max-age=105224
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 02:41:09 GMT
Etag: "6363724f-1d7"
Expires: Sat, 05 Nov 2022 07:54:53 GMT
Last-Modified: Thu, 03 Nov 2022 07:48:31 GMT
Server: ECS (amb/6BB9)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9f110b50125acfd0b64d5f712f9941b0
d49421ea937df245aa6d380c146f5ac2305b762e
38598cf5e45ee08611342998f8c46d2ed6e88b97ae54d3916707bd508f7c8b61
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=104842
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 02:41:09 GMT
Etag: "6363724f-1d7"
Expires: Sat, 05 Nov 2022 07:48:31 GMT
Last-Modified: Thu, 03 Nov 2022 07:48:31 GMT
Server: nginx
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9f110b50125acfd0b64d5f712f9941b0
d49421ea937df245aa6d380c146f5ac2305b762e
38598cf5e45ee08611342998f8c46d2ed6e88b97ae54d3916707bd508f7c8b61
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=104842
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 02:41:09 GMT
Etag: "6363724f-1d7"
Expires: Sat, 05 Nov 2022 07:48:31 GMT
Last-Modified: Thu, 03 Nov 2022 07:48:31 GMT
Server: nginx
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9f110b50125acfd0b64d5f712f9941b0
d49421ea937df245aa6d380c146f5ac2305b762e
38598cf5e45ee08611342998f8c46d2ed6e88b97ae54d3916707bd508f7c8b61
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=104842
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 02:41:09 GMT
Etag: "6363724f-1d7"
Expires: Sat, 05 Nov 2022 07:48:31 GMT
Last-Modified: Thu, 03 Nov 2022 07:48:31 GMT
Server: nginx
Content-Length: 471
push.services.mozilla.com/
54.149.101.24101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.101.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: a8ZhPlwyiX0s7LEqlKpbeQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Wpyd4Qyo8LfAg/jvTfR3KCpYcLg=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e24e6457c0b3a1675e432dbbbba05560
71ce9407ec244d1582fc0c4980083b6c001c91c0
e3152a94c5d4891e12f69c092f8a6964c49e7d6b1cceea1a8442d246df926610
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3152A94C5D4891E12F69C092F8A6964C49E7D6B1CCEEA1A8442D246DF926610"
Last-Modified: Wed, 02 Nov 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21554
Expires: Fri, 04 Nov 2022 08:40:23 GMT
Date: Fri, 04 Nov 2022 02:41:09 GMT
Connection: keep-alive
static.onepage.io/b/client/1666176905872/modern/js/bootstrap.bundle.js
104.26.8.225200 OK 222 kB URL HTTP/2 static.onepage.io/b/client/1666176905872/modern/js/bootstrap.bundle.js
IP 104.26.8.225:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 222 kB (221641 bytes)
Hash 4e843afb969faff2933a9ee755d0f956
ee699ba7db27953425627d1505fdaf9d374c0012
59575f6e873bdfbffc8dc4dd5cab11b00f19b55933fe2c5bf2abaabfc6ccd514
GET /b/client/1666176905872/modern/js/bootstrap.bundle.js HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rossewstv.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:09 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=898055
etag: W/"3a6350835ea8b9234b119ee848de2a2d"
last-modified: Wed, 19 Oct 2022 11:00:22 GMT
x-amz-id-2: VUKw1m1hr1htTHiQkcJV9fIGOBPjxFh24pyPHjFuk3OmkcdsXw9ekMKYRJDt4oOhZtXVpgqLS5M=
x-amz-request-id: BQS6AFQ1Y827WJ4M
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1350080
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zkl8SciEZ15OGnVysPOEvDw0gg2uUkDS%2BoQNU68E8MjV1rUHIIpKVeo0puEAl79UPIV0u%2BA82DN2NdfAJ45f7L4F5D77uX7l7MMzWxPQ4TtMZrv7BUJxSJ2VuTBNPI5%2BnYPq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7649fd2f7a951c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.onepage.io/umd/react-dom/experimental/react-dom.production.min.js
104.26.8.225200 OK 43 kB URL HTTP/2 static.onepage.io/umd/react-dom/experimental/react-dom.production.min.js
IP 104.26.8.225:0
File type ASCII text, with very long lines (732)
Hash 69f811d1017428abe3f727aa7e2a2895
0976db0dc77d37facfd70f6fe3217d46a5f743f3
9e855f04a689d467204c33325fc8620d1ef373c5316aa0ecf9767e6f7226f942
GET /umd/react-dom/experimental/react-dom.production.min.js HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rossewstv.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:09 GMT
content-type: application/javascript
x-amz-id-2: hhGTrzIcLSj4nU+YgappD9E7nh4qEeQTNvv9zJGVsit3khNouIisOjTrY1A7wAmLkaOeuvyNiBy4Y8yWJJQouQ==
x-amz-request-id: 5SJ3EPKRSEWN3Z2F
last-modified: Mon, 21 Dec 2020 12:33:00 GMT
etag: W/"5847db660713a8c221c220cfac3c0852"
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1775611
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BR%2FXXLyi5i1Q47%2ByG5hqtKyREUwaNqhbXHTtql8sbInHFk7sqOuqVQhnos5pdJNV9cdjnK2SE4pORUVH2fmtnrvm%2Fy0aeRDFcCESowsJSOfbGDeYo%2BEYNQmWGGrePDClYhF2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7649fd2f9aa41c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
feliznewstv.com/?api=1&lan=twthk&ht=2&counter0=josvip222
147.182.144.225200 OK 512 kB URL HTTP/1.1 feliznewstv.com/?api=1&lan=twthk&ht=2&counter0=josvip222
IP 147.182.144.225:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63717), with CRLF line terminators
Size 512 kB (512271 bytes)
Hash e4a1870a45a419f901357affae3fd52a
5607c149e70abf0db6bb83502c2b31d344041dda
226a456b782b6dbc27773152722e0f875676658de58837bba64b765c983e80b2
GET /?api=1&lan=twthk&ht=2&counter0=josvip222 HTTP/1.1
Host: feliznewstv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rossewstv.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 04 Nov 2022 02:41:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=a4rceq748rnkh8fk89m3btrnl9; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
feliznewstv.com/location
147.182.144.225301 Moved Permanently 241 B IP 147.182.144.225:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2d26acd39ecd1a69f0d4019746bac7da
5996b124ec05053dd8708e453f78a78f0256ffb6
08664eb7296f9bf300c88e3b1d63eb282481a8bd4e9105b4f6b7756be3316a20
Analyzer Verdict Alert fortinet Malware
GET /location HTTP/1.1
Host: feliznewstv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rossewstv.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 04 Nov 2022 02:41:10 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 241
Connection: keep-alive
Location: https://feliznewstv.com/location/
feliznewstv.com/location/
147.182.144.225200 OK 468 B URL HTTP/1.1 feliznewstv.com/location/
IP 147.182.144.225:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Hash 6f1497d5364a6cfda0e81dd10d409ebf
4db66111b55d4b33203ba3a888e12ba6163cdfdf
3cf8f3dd6ae89d4970edad8007c999d712327c53c1da0998db6f32c7ad99c4e2
Analyzer Verdict Alert fortinet Malware
GET /location/ HTTP/1.1
Host: feliznewstv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rossewstv.onepage.me/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 04 Nov 2022 02:41:10 GMT
Content-Type: application/javascript
Content-Length: 468
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
widgets.amung.us/classic/00/8.png
172.67.8.141200 OK 1.4 kB URL HTTP/2 widgets.amung.us/classic/00/8.png
IP 172.67.8.141:0
File type PNG image data, 81 x 29, 8-bit colormap, non-interlaced\012- data
Hash 3664423d2ad0a1545fa63d62a8551393
4d05ca47d92aebd285ee79d7433f984e8d6ec2fb
c1dc2cc26ca102520d01cf8e6e5404659d58f92c6c344b983a9cd68a983e5b72
GET /classic/00/8.png HTTP/1.1
Host: widgets.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rossewstv.onepage.me/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:10 GMT
content-type: image/png
content-length: 1431
last-modified: Sun, 13 Jun 2010 09:03:09 GMT
etag: "4c149ecd-597"
expires: Thu, 03 Nov 2022 19:55:33 GMT
cache-control: max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 110737
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7649fd3848a0b51e-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6903
Expires: Fri, 04 Nov 2022 04:36:13 GMT
Date: Fri, 04 Nov 2022 02:41:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6903
Expires: Fri, 04 Nov 2022 04:36:13 GMT
Date: Fri, 04 Nov 2022 02:41:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6903
Expires: Fri, 04 Nov 2022 04:36:13 GMT
Date: Fri, 04 Nov 2022 02:41:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6903
Expires: Fri, 04 Nov 2022 04:36:13 GMT
Date: Fri, 04 Nov 2022 02:41:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6903
Expires: Fri, 04 Nov 2022 04:36:13 GMT
Date: Fri, 04 Nov 2022 02:41:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98808735-da09-4166-b898-eee474b2aed2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98808735-da09-4166-b898-eee474b2aed2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c472942cb4b85610a3e83edf7527f923
8191eb019b21bed2b9f53c755e1c24d08dc70760
0dc7f9902567b0130c1c34b6e356b8239f8e6c83e1d38ac9b74588270000279c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98808735-da09-4166-b898-eee474b2aed2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10810
x-amzn-requestid: 85c9096f-2671-4f0e-94a3-607254d036d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC057E5yIAMFcXw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364350c-3c93b6e56e6141a63d1285eb;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:39:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Rr6GO1Bb6pdxYxNFuwmG2Srs9uGM7tOTffgnyWys0zDjGCDrONRxUA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:00 GMT
etag: "8191eb019b21bed2b9f53c755e1c24d08dc70760"
content-type: image/jpeg
age: 17290
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
api-eu.onepage.io/api/v1/stats-service?_collect.event
104.26.9.225200 OK 8.1 kB URL HTTP/2 api-eu.onepage.io/api/v1/stats-service?_collect.event
IP 104.26.9.225:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d8f21a96c8ce3357bb732a8d67c902cf
0863f6d3f91a2cd13806e850e64bea88bb317de1
37bb624f75304f82f68e264030a2e471b4f6af302db033deddcf07fea7d45f51
POST /api/v1/stats-service?_collect.event HTTP/1.1
Host: api-eu.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rossewstv.onepage.me/
Content-Type: application/json
Origin: https://rossewstv.onepage.me
Content-Length: 416
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:10 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
etag: W/"4b-OvDo1dDJQIj+h1en8917QUf5rEU"
x-envoy-upstream-service-time: 4
access-control-allow-origin: https://rossewstv.onepage.me
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: Accept, Authorization, Content-Type, Origin, User-Agent, X-REQUEST-ID, X-USER
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KMhZqRv3S5aammprDOCR2FsFrxdXiRfsMHr0BNhw2HZIuPJzUbK82hwKUpuysy4d0l8ElY%2BEUmhBHq3KoUtKMpQMgtiCHpaqGrdnnxx1Orq30LF8MtdanS23MvIKCEe8bCZM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7649fd379872b529-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a722edb-0fc6-4ca7-9ed5-bd6c6c645eca.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a722edb-0fc6-4ca7-9ed5-bd6c6c645eca.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f0a34ff81072351418756b7a8860e50
37934e64176b86d8d6a18892e6afd64ea697e8de
483f6c7b06adb736ec4318d1878b1210c567c49629f30f244e6302434cab9f49
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a722edb-0fc6-4ca7-9ed5-bd6c6c645eca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5383
x-amzn-requestid: b0c80d59-657e-414a-ba71-1c0e928d76f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC1EJHcaIAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364354d-07d7fa560ed4e3c01a12f415;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:40:29 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HZrl00jCOuqjCaT5yMSV8DFmusINm_sUxyTiVwEpp0JwcDDiWfj6qw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:00 GMT
age: 17290
etag: "37934e64176b86d8d6a18892e6afd64ea697e8de"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e8d44f8-0c00-4a8a-be62-f3074a628773.webp
34.120.237.76200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e8d44f8-0c00-4a8a-be62-f3074a628773.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c51fb56e3d2ff1c96ac94fa6dc04d7ff
4b6eeba25ea9eb878f06c9fdd158baa08095816a
5007b706cd8c32431ba8d023f2c85eb3d5faa29a89e52530f66a11fa6d56a487
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e8d44f8-0c00-4a8a-be62-f3074a628773.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3129
x-amzn-requestid: d2f79c4c-1685-495e-add4-66db55669be5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC1EeF2YoAMFzwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364354f-6957babc65b33a56575d4deb;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NoRwUtjf1DSIEZ8lMSJg8UT7lUyeew3B1Fwa44BrN3Av6H4TXsdTVw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:51:52 GMT
age: 17358
etag: "4b6eeba25ea9eb878f06c9fdd158baa08095816a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F877911e5-70a1-471d-b418-3ee8665daf00.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F877911e5-70a1-471d-b418-3ee8665daf00.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f787d03ccf6f14f05b9fb00149a92f49
0d3c7535f83ced168b1efb0f849e353de31d40db
bda8d5d8dee8c1b3b9a0dd81407bc920a3a2a737dceaaebf75e8554ef1cdcec8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F877911e5-70a1-471d-b418-3ee8665daf00.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8016
x-amzn-requestid: 971369d4-3728-4fef-9d82-794fd184d26d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0S3FbeIAMFceg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63643412-0efd014e4b25ed9c4aed13cb;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZPGScUHAZtgr_egNkJ2bOzK_ftHSd0Yr1U_S7jYUelg56FCtTOC2TA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:05 GMT
age: 17285
etag: "0d3c7535f83ced168b1efb0f849e353de31d40db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bd006407a4ea0fbeec2f1351a71f30bc
d1625420cdc79643e759247b0e9ac89dadfbe956
fd461665ee463fad26300630684a11e3c520485e3b001c2f08439d50589ddbb7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10527
x-amzn-requestid: 1b709c25-8424-49d8-bc0e-dac3fbc154ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apNEzH5ZoAMFWdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359f551-3fb0703f27b571cf7f85e59e;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 03:04:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 9A2gds6rdrlTJCrN3m05Yl3azoOYGCEaCd2OBH8qq21wHR8WgqI3CA==
via: 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 00:54:07 GMT
age: 6423
etag: "d1625420cdc79643e759247b0e9ac89dadfbe956"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
static.onepage.io/b/client/1666176905872/modern/js/main.bundle.js
104.26.8.225200 OK 0 B URL HTTP/2 static.onepage.io/b/client/1666176905872/modern/js/main.bundle.js
IP 104.26.8.225:0
GET /b/client/1666176905872/modern/js/main.bundle.js HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rossewstv.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:09 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=437579
etag: W/"51528bdd762a09555241f3253bbe5ef9"
last-modified: Wed, 19 Oct 2022 11:00:22 GMT
x-amz-id-2: 7zVQ1YkOAyC8oBeeXPhzZuRD5OXMEU/sYJkH6E35ObWWyJSCyS4Xhvo1vUeK3VA+2n7gYrWS+fg=
x-amz-request-id: BQSB0XRJ2WKHGYE2
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1350080
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BeP4WV9j3CdUHgT8WdtzBcxf6ChOO%2FIr0znAY4tTWx%2BDPFQp%2BK1lZvaXDekGCxMOYwpFdJiU7yI6b80C5VxhrYjm9bcCWOCvYkDfbb92cHxLdpdyB2u39zqiwm8UIJN3pJnH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7649fd2f7a901c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
api-eu.onepage.io/api/v1/stats-service?_collect.event
104.26.9.225200 OK 0 B URL HTTP/2 api-eu.onepage.io/api/v1/stats-service?_collect.event
IP 104.26.9.225:0
POST /api/v1/stats-service?_collect.event HTTP/1.1
Host: api-eu.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rossewstv.onepage.me/
Content-Type: application/json
Origin: https://rossewstv.onepage.me
Content-Length: 416
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:09 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
etag: W/"4b-+9EHgEwB284buiQmrrzvbGcGr+k"
x-envoy-upstream-service-time: 6
access-control-allow-origin: https://rossewstv.onepage.me
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: Accept, Authorization, Content-Type, Origin, User-Agent, X-REQUEST-ID, X-USER
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pIqMFAOV9xvjWiEUChFT1w%2FhU85wvdl61m5HDqeRkV1mUQssjLKQnCaSF%2BEm4UZi4aU2KV0TNJHUrs%2B758bUaK3I1%2B8wdmeNzKrUSdINJAGJMxQxulQm8yJtvnxySZomYeho"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7649fd328e64b529-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.onepage.io/umd/leaflet/1.3.1/leaflet.css
104.26.8.225200 OK 0 B URL HTTP/2 static.onepage.io/umd/leaflet/1.3.1/leaflet.css
IP 104.26.8.225:0
GET /umd/leaflet/1.3.1/leaflet.css HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rossewstv.onepage.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:09 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=10620
etag: W/"bc9d12159cd3502d4178b4d1557ccbcd"
last-modified: Thu, 20 Aug 2020 15:23:52 GMT
x-amz-id-2: WhjbCJqBHm2tb6rs4QMGfwVh5PvHFAP/vZTVDtswpPFGQIbppkePeG/+wzC9/wqooSEpO2nj2vA=
x-amz-request-id: 5SJF57XRPCPY33EK
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1775612
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ypzJzwLuOyU1hGKAiTnyMsl9g343YHh2j3bzraxcIj7G4uC67UXufEjDlVQzOGAN5is3bxxe9Pdm5m52redyf02YAvmB50d%2BKJs0OLJO90oZBg1LFubJvYzOAK7fgpo7HSha"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7649fd307ad91c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.onepage.io/font-storage/fonts/manrope/manrope.css
104.26.8.225200 OK 0 B URL HTTP/2 static.onepage.io/font-storage/fonts/manrope/manrope.css
IP 104.26.8.225:0
GET /font-storage/fonts/manrope/manrope.css HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rossewstv.onepage.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:09 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1645
etag: W/"28c1e4cbc0191c338e23805d955c08fe"
last-modified: Wed, 04 May 2022 13:35:33 GMT
x-amz-id-2: Tb/BvtLGOyZltQ3XBmM5QzKeTLe/x1TxYi2Ruf/dKMhslGzOtn6lZWyk619AxAF0nX3pdogjJaA=
x-amz-request-id: K27FJ0QJEHQ7C0ZR
cache-control: max-age=16070400
cf-cache-status: HIT
age: 100956
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uyTEUezC%2BTPKXSODqU%2FTa93rejehWgiQPj3KrwASkvhy9Lolcn2bAijln0KCYqMR4O%2FayKqKWKjw9O7ftND9NjcSiTns5JsgMHWtIQixy4JWhDp%2FjkV7O3BbENJIDO4gz2Zy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7649fd30eaff1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
whos.amung.us/widget/josvip222
172.67.8.141307 Temporary Redirect 0 B URL HTTP/2 whos.amung.us/widget/josvip222
IP 172.67.8.141:0
GET /widget/josvip222 HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rossewstv.onepage.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Fri, 04 Nov 2022 02:41:10 GMT
content-type: text/html; charset=UTF-8
location: https://widgets.amung.us/classic/00/8.png
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7649fd37782fb51e-OSL
X-Firefox-Spdy: h2
static.onepage.io/umd/react/experimental/react.production.min.js
104.26.8.225200 OK 0 B URL HTTP/2 static.onepage.io/umd/react/experimental/react.production.min.js
IP 104.26.8.225:0
GET /umd/react/experimental/react.production.min.js HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rossewstv.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:09 GMT
content-type: application/javascript
x-amz-id-2: FbDSSlVwReN2mkpbvLKmiYR5QoIcKqAnwv0oVeQvDVWqOOUUmBQgaUl/LRf+7eFzPdd2nE4ghnY=
x-amz-request-id: 5SJDMX8ZGK7N46RJ
last-modified: Mon, 21 Dec 2020 12:32:15 GMT
etag: W/"eba6573728f039c397bd316647d53a46"
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1775611
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gIdeTJmGjWc%2FwprB3M%2BVNfOtFRUm1DjtUeWXTAGukYBWO8Lo9wFbne5bfc6v%2FPS%2FwvY%2BPOXTTyKwEhNLHVI15I%2BbROIR6g%2Bpj%2BfRfI6mgHplaiwejj%2FwaC1NRGGA79VEOH31"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7649fd2f7a8a1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
api-eu.onepage.io/api/v1/stats-service?_collect.event
104.26.9.225200 OK 0 B URL HTTP/2 api-eu.onepage.io/api/v1/stats-service?_collect.event
IP 104.26.9.225:0
POST /api/v1/stats-service?_collect.event HTTP/1.1
Host: api-eu.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rossewstv.onepage.me/
Content-Type: application/json
Origin: https://rossewstv.onepage.me
Content-Length: 412
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:10 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
etag: W/"4b-Ia0sU19dlRAcjXjQrBRT7jBdNVo"
x-envoy-upstream-service-time: 4
access-control-allow-origin: https://rossewstv.onepage.me
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: Accept, Authorization, Content-Type, Origin, User-Agent, X-REQUEST-ID, X-USER
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oQaAgs%2BcVb%2B3aRuv%2FcMGcyb9ojYVwpxur2lxg0%2Ft%2B%2Be6gtB0AA%2BJd5WnD0goxD8c%2BIoH1QzAXYpA0fHqIIyxJ7ioavqxvSRbCAFbuuDbZrss4vsbLtSwGzPGNiB2OzXpCglB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7649fd379873b529-OSL
content-encoding: br
X-Firefox-Spdy: h2
rossewstv.onepage.me/
34.89.236.29200 OK 0 B IP 34.89.236.29:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET / HTTP/1.1
Host: rossewstv.onepage.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Fri, 04 Nov 2022 02:41:08 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: Express
x-envoy-upstream-service-time: 49
x-envoy-decorator-operation: client-manager-service.default.svc.cluster.local:80/*
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
api-eu.onepage.io/api/v1/stats-service?_collect.event
104.26.9.225200 OK 0 B URL HTTP/2 api-eu.onepage.io/api/v1/stats-service?_collect.event
IP 104.26.9.225:0
POST /api/v1/stats-service?_collect.event HTTP/1.1
Host: api-eu.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rossewstv.onepage.me/
Content-Type: application/json
Origin: https://rossewstv.onepage.me
Content-Length: 412
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:09 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
etag: W/"4b-Vt08RpOtU7C5H7WljTw3EUFFJlM"
x-envoy-upstream-service-time: 4
access-control-allow-origin: https://rossewstv.onepage.me
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: Accept, Authorization, Content-Type, Origin, User-Agent, X-REQUEST-ID, X-USER
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dycRhERYUs9vO1YCxlbTIDuYuMY8S08Q02mJ%2FC%2BvoouhCdByYZ%2FUrpd37x8jnG87COmYoCz7%2BW9JSBXbJZTNJVIIP0UraFxPoW96T8tMXbL33EQrN51v0rBD1ZMmnabdMugs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7649fd328e63b529-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.onepage.io/umd/lazysizes/5.2.0/lazysizes.min.js
104.26.8.225200 OK 0 B URL HTTP/2 static.onepage.io/umd/lazysizes/5.2.0/lazysizes.min.js
IP 104.26.8.225:0
GET /umd/lazysizes/5.2.0/lazysizes.min.js HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rossewstv.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:09 GMT
content-type: application/javascript
x-amz-id-2: sEwM+N0b/ugSIFRTJ+s5oGa9s1lqfzFpHPtlzg51UL+5QTs4ZkRH4lFhWPEQk4szHH3JH6FfMLI=
x-amz-request-id: 5SJ2262CK0YPS13Y
last-modified: Thu, 20 Aug 2020 17:34:06 GMT
etag: W/"0812d0f17b90a4aefd97bb91085ad252"
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1775612
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dG27H%2B45NfunFzImKj2WiN1NvUqn4frcGhqWzFh4CUzNraFJtUuV1RU%2BguRHZA1C7YZWQ%2BJrj0xitd0SVnzrqCkK56bFJA8ecIrDptWUj9ZupcbfIrtCdlXtBu5jjz0kZvLe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7649fd309ae71c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
app.onepage.io/favicon_16x16.png
104.26.8.225200 OK 0 B URL HTTP/2 app.onepage.io/favicon_16x16.png
IP 104.26.8.225:0
GET /favicon_16x16.png HTTP/1.1
Host: app.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rossewstv.onepage.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:09 GMT
content-type: text/plain
last-modified: Wed, 19 Oct 2022 11:04:10 GMT
etag: W/"634fd9aa-1ad"
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pWouW9cegggn5h55ezf3XOUj%2BjGdYu5RdBPOdkUMjZieqqF8WT64qflaVoUN%2BD6vjEnKLz8kCkKpBC7Fgev0iPqXAnvHQXUD4YheN85N%2Fios62tQ4XAWP6BQdgDnUhA8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7649fd339bb81c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
app.onepage.io/favicon_144x144.png
104.26.8.225200 OK 0 B URL HTTP/2 app.onepage.io/favicon_144x144.png
IP 104.26.8.225:0
GET /favicon_144x144.png HTTP/1.1
Host: app.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rossewstv.onepage.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 04 Nov 2022 02:41:09 GMT
content-type: text/plain
last-modified: Wed, 19 Oct 2022 11:04:10 GMT
etag: W/"634fd9aa-7f0"
x-envoy-upstream-service-time: 1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XaH6AqPpyp2OYUrSSqMGTYHj9MaGkpfD3chit9dTuVJMuTKBkTam8VEeMCyQBVheik1ZIu0mC968e9GGJXmOW9WBMVzCXJGzfK0NKiCSfkniiFkEq1oJAsfn6Q3g%2F6dP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7649fd339bb71c06-OSL
content-encoding: br
X-Firefox-Spdy: h2