breakingnwz8.com/
82.180.175.123301 Moved Permanently 707 B IP 82.180.175.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 05 Feb 2023 16:31:57 GMT
server: LiteSpeed
location: https://breakingnwz8.com/
platform: hostinger
content-security-policy: upgrade-insecure-requests
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5280
Expires: Sun, 05 Feb 2023 17:59:57 GMT
Date: Sun, 05 Feb 2023 16:31:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13852
Expires: Sun, 05 Feb 2023 20:22:49 GMT
Date: Sun, 05 Feb 2023 16:31:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20229
Expires: Sun, 05 Feb 2023 22:09:06 GMT
Date: Sun, 05 Feb 2023 16:31:57 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 15:33:56 GMT
content-type: application/json
age: 3481
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: wuq3JNoU0fBiAGm5G42o1n4mx7fm/KjLtM0tMS3XWUk9Fp4qp0o7O3f0Zmza/Arpti/bHlujuqOCR3Lf7dtj+Q==
x-amz-request-id: EY20N1MQQS1SE36Q
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 16:24:32 GMT
age: 445
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 16:31:57 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 15:49:07 GMT
age: 2570
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6892
Expires: Sun, 05 Feb 2023 18:26:49 GMT
Date: Sun, 05 Feb 2023 16:31:57 GMT
Connection: keep-alive
breakingnwz8.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
82.180.175.123200 OK 11 kB URL HTTP/2 breakingnwz8.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 82.180.175.123:0
File type ASCII text, with very long lines (47826)
Hash ba5eac37229008eef8a48bb9c12da241
95a3100a0d65a7bd0ebeba66a7ef01146cf96a24
60a4012feb8a3fb3b7f5d411ee9241e12c9ef0e5b33f249aea1b1ad103a71c0f
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 16:31:58 GMT
content-type: text/css
last-modified: Thu, 05 Jan 2023 01:01:03 GMT
etag: "172a9-63b6214f-bfa8ad149546e4d9;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11353
date: Sun, 05 Feb 2023 16:31:58 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2
breakingnwz8.com/wp-includes/css/classic-themes.min.css?ver=1
82.180.175.123200 OK 217 B URL HTTP/2 breakingnwz8.com/wp-includes/css/classic-themes.min.css?ver=1
IP 82.180.175.123:0
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 16:31:58 GMT
content-type: text/css
last-modified: Thu, 05 Jan 2023 01:01:03 GMT
etag: "d9-63b6214f-8e82c3463866567;;;"
accept-ranges: bytes
content-length: 217
date: Sun, 05 Feb 2023 16:31:58 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2
breakingnwz8.com/wp-content/themes/hitmag/css/fonts.css
82.180.175.123200 OK 412 B URL HTTP/2 breakingnwz8.com/wp-content/themes/hitmag/css/fonts.css
IP 82.180.175.123:0
Hash da5553cc2ba89f881861227435536c8a
53cf94f9e0323ce29a32e4778a0d66e23fab3133
864d950e08267e6909eab2644efc863e57338ba747e9d09cca79bf8ef6bae2ac
GET /wp-content/themes/hitmag/css/fonts.css HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 16:31:58 GMT
content-type: text/css
last-modified: Mon, 22 Aug 2022 05:57:41 GMT
etag: "d5a-63031ad5-967eb33c3e8f8f41;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 412
date: Sun, 05 Feb 2023 16:31:58 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2
breakingnwz8.com/wp-content/themes/hitmag/css/font-awesome.min.css?ver=4.7.0
82.180.175.123200 OK 6.6 kB URL HTTP/2 breakingnwz8.com/wp-content/themes/hitmag/css/font-awesome.min.css?ver=4.7.0
IP 82.180.175.123:0
File type ASCII text, with very long lines (30837)
Hash b8c655d76feed5e34fcacac29f060170
41590916c5f2bbd8354d5002171bc2bc0a2c5cee
a8825f3d29353514ef7f5c8e5bcf286ae4df70e248fcedc02e4e184cc6c64650
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/hitmag/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 16:31:58 GMT
content-type: text/css
last-modified: Mon, 22 Aug 2022 05:57:41 GMT
etag: "7918-63031ad5-618f929bca1683a4;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6628
date: Sun, 05 Feb 2023 16:31:58 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2
breakingnwz8.com/wp-content/themes/hitmag/style.css?ver=6.1.1
82.180.175.123200 OK 12 kB URL HTTP/2 breakingnwz8.com/wp-content/themes/hitmag/style.css?ver=6.1.1
IP 82.180.175.123:0
File type ASCII text, with very long lines (659)
Hash 26257934d399a497c7c9b793b89d1199
e24bb1e1a936b3433d30efdf198e598a3c58391a
123d3a72de4e2093fa7ed4e4799b26849dac48692d4a8b8cdb81a69d772fc6cb
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/hitmag/style.css?ver=6.1.1 HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 16:31:58 GMT
content-type: text/css
last-modified: Mon, 22 Aug 2022 05:57:40 GMT
etag: "11130-63031ad4-42bb9b85d86232fa;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12030
date: Sun, 05 Feb 2023 16:31:58 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2
breakingnwz8.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
82.180.175.123200 OK 30 kB URL HTTP/2 breakingnwz8.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 82.180.175.123:0
File type ASCII text, with very long lines (65447)
Hash cdbbc979b5a5de31a3ac8296e0ef489e
b83000eb74956c3404fb58c87e95aed5bab2ed19
48a6489945365cddb4c75af60f1e6a8a15d6598a1596ef18eb1b4aaad33e96f3
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 16:31:58 GMT
content-type: application/x-javascript
last-modified: Thu, 05 Jan 2023 01:01:03 GMT
etag: "15e54-63b6214f-f7296108767063a0;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30075
date: Sun, 05 Feb 2023 16:31:58 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2
breakingnwz8.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
82.180.175.123200 OK 4.0 kB URL HTTP/2 breakingnwz8.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 82.180.175.123:0
File type ASCII text, with very long lines (11126)
Hash 4116c2be947ecf205a0c7fc117ca55f0
0cd8efc9fe349d67a86b49d1e5582a9b21d05add
6b1970b536b88a18b0eb4fe138e677b9736294057660676507fabee57cb0462c
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 16:31:58 GMT
content-type: application/x-javascript
last-modified: Thu, 05 Jan 2023 01:01:03 GMT
etag: "2bd8-63b6214f-79472b47b45ec1f1;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3984
date: Sun, 05 Feb 2023 16:31:58 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2
breakingnwz8.com/wp-content/uploads/2023/01/1668970900-640x400-1-1-1-348x215.jpg
82.180.175.123200 OK 24 kB URL HTTP/2 breakingnwz8.com/wp-content/uploads/2023/01/1668970900-640x400-1-1-1-348x215.jpg
IP 82.180.175.123:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 348x215, components 3\012- data
Hash 77dfb395bf5262bdc66f2c4cf52a4437
7bf80529e033f0940e8601ea133fec13f22c7b33
737849d3d6c3ca81b5b61d5a8933711dd505902723c8286cb60e0fc5dc2bddb2
GET /wp-content/uploads/2023/01/1668970900-640x400-1-1-1-348x215.jpg HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 16:31:58 GMT
content-type: image/jpeg
last-modified: Tue, 31 Jan 2023 07:34:57 GMT
etag: "5eb6-63d8c4a1-e582d587f6a4f2f6;;;"
accept-ranges: bytes
content-length: 24246
date: Sun, 05 Feb 2023 16:31:58 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.149.190.160101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.190.160:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HoeJDIavp4YCwbaQH2HJgA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kBYc2TPh+vOk3C/V9xAHSgLirVQ=
breakingnwz8.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
82.180.175.123200 OK 4.6 kB URL HTTP/2 breakingnwz8.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 82.180.175.123:0
File type ASCII text, with very long lines (15660)
Hash 4402e98c197d70e9bc78b1da062e658a
b1d2477c6b1dfa9283d79a0a3944098dde573f68
4e646c55a8c057d08458aed4f913f5ae713e1351aadc0bcdf947bc48fb6a73ed
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 16:31:58 GMT
content-type: application/x-javascript
last-modified: Thu, 05 Jan 2023 01:01:03 GMT
etag: "48b9-63b6214f-6de3197e0d754ce6;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4572
date: Sun, 05 Feb 2023 16:31:58 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2
breakingnwz8.com/wp-content/themes/hitmag/js/navigation.js?ver=20151215
82.180.175.123200 OK 1.2 kB URL HTTP/2 breakingnwz8.com/wp-content/themes/hitmag/js/navigation.js?ver=20151215
IP 82.180.175.123:0
Hash d27510f28ff46cd6c34bf3f107a1eea1
111cee0bca674720ab9f9d6f0ba736376e425d33
83f59995da26b9552feb207bb4db5b2456a8587d411568327e9d24c8bc84e5a5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/hitmag/js/navigation.js?ver=20151215 HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 16:31:58 GMT
content-type: application/x-javascript
last-modified: Mon, 22 Aug 2022 05:57:39 GMT
etag: "f05-63031ad3-ae8c3ab55b178051;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1186
date: Sun, 05 Feb 2023 16:31:58 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2
breakingnwz8.com/wp-content/themes/hitmag/js/skip-link-focus-fix.js?ver=20151215
82.180.175.123200 OK 330 B URL HTTP/2 breakingnwz8.com/wp-content/themes/hitmag/js/skip-link-focus-fix.js?ver=20151215
IP 82.180.175.123:0
Hash d043d1861d252a7d0f880dcabd765312
22f827de461431a02be25490f2c270614cdf7c48
a35480f80ce5023eb5585389e72dedb0878204d7d5a40d9ed75e348820ca0192
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/hitmag/js/skip-link-focus-fix.js?ver=20151215 HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 16:31:58 GMT
content-type: application/x-javascript
last-modified: Mon, 22 Aug 2022 05:57:39 GMT
etag: "2ab-63031ad3-db7de221ae8c26a6;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 330
date: Sun, 05 Feb 2023 16:31:58 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2
breakingnwz8.com/wp-content/themes/hitmag/js/scripts.js?ver=6.1.1
82.180.175.123200 OK 504 B URL HTTP/2 breakingnwz8.com/wp-content/themes/hitmag/js/scripts.js?ver=6.1.1
IP 82.180.175.123:0
File type ASCII text, with CRLF line terminators
Hash 62f3f2e4b4d5d73426b91844507299f6
5b7f98e876075a5849e6ad25ba92b9fefad72470
ee31e56b89ed2b637d09cdc2578204fc19f89e478d189ee48148abd0898ab9de
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/hitmag/js/scripts.js?ver=6.1.1 HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 16:31:58 GMT
content-type: application/x-javascript
last-modified: Mon, 22 Aug 2022 05:57:39 GMT
etag: "549-63031ad3-a9e834fde7900a12;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 504
date: Sun, 05 Feb 2023 16:31:58 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 53cba227a97b6edccc1a1e1b60f417fe
3cd263f0f0ebec4a15b3082f9506c6d5c975289e
cffd01187e8ae3eda0f5798217846ac1261cd6eb22ae095af61727f789662513
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFFD01187E8AE3EDA0F5798217846AC1261CD6EB22AE095AF61727F789662513"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11978
Expires: Sun, 05 Feb 2023 19:51:36 GMT
Date: Sun, 05 Feb 2023 16:31:58 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 28c3f02ba8cac75c2f1945e7be499cae
82390270ea7ee981db3fae587295029f335726da
ce1f772f6bd3cdd88e6f161731958d8bce7e3c019c9e618d0ed37560b79b0a4c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2047
Cache-Control: max-age=125472
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:31:58 GMT
Etag: "63df191f-118"
Expires: Tue, 07 Feb 2023 03:23:10 GMT
Last-Modified: Sun, 05 Feb 2023 02:49:03 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 26a15a1b880ec1026360b696b1c27074
fd35f80a1cf599da2a8e68a44477465a580440a5
a6d5caec988319523c120bc435a4ff0200b7ead114db10db19a09caeace978f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:31:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 28c3f02ba8cac75c2f1945e7be499cae
82390270ea7ee981db3fae587295029f335726da
ce1f772f6bd3cdd88e6f161731958d8bce7e3c019c9e618d0ed37560b79b0a4c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2047
Cache-Control: max-age=125472
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:31:58 GMT
Etag: "63df191f-118"
Expires: Tue, 07 Feb 2023 03:23:10 GMT
Last-Modified: Sun, 05 Feb 2023 02:49:03 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i
142.250.74.106200 OK 1.5 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i
IP 142.250.74.106:0
Hash 847b282d633581950a821f37ff07bcf0
22d6e0998cd0cd40e768c8b63fe5f503b26caac5
f15a733fe7efe4aec8b696afbff04568d7f898f1396c0235a5bbe69aa300700f
GET /css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 16:31:58 GMT
date: Sun, 05 Feb 2023 16:31:58 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pl18264885.highcpmrevenuenetwork.com/23e77ac007b9ac36c1a7aea9064eacdb/invoke.js
173.233.137.52200 OK 9.3 kB URL HTTP/1.1 pl18264885.highcpmrevenuenetwork.com/23e77ac007b9ac36c1a7aea9064eacdb/invoke.js
IP 173.233.137.52:0
File type Unicode text, UTF-8 text, with very long lines (25098), with no line terminators
Hash f5c320cac452b7747159000f027bcdbb
2449029b6ecc4cfc19423ba8933fb6bc2840033a
33cd41e87099904c3d5d36913cdbe2ab785db336bed0bece250a0876f4fca47f
Analyzer Verdict Alert quad9 Sinkholed
GET /23e77ac007b9ac36c1a7aea9064eacdb/invoke.js HTTP/1.1
Host: pl18264885.highcpmrevenuenetwork.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Feb 2023 16:31:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5f821f781542f4b7cd14ebf83614b87e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
breakingnwz8.com/
82.180.175.123200 OK 31 kB IP 82.180.175.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash 246cbd977b040aacd1a0b04dd684237a
dc1b62dfff233400907d1c5b0d15023a65bd8243
73940c63290413ee159139fab3f99a5a3952e16b8b92046f37342df9f5a4e2b2
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: breakingnwz8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
content-type: text/html; charset=UTF-8
link: <https://breakingnwz8.com/index.php?rest_route=/>; rel="https://api.w.org/"
etag: "464950-1675150560;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Feb 2023 16:31:57 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bfea74a6190e45e6b339a9ed62e59fd1
52a5787e4375d9012a8653c14cd5c66d68909ffb
f1251329302001bd0d2de99dfe1100887ff6a7b69de4ad2b9a2a718efe6c91d1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F1251329302001BD0D2DE99DFE1100887FF6A7B69DE4AD2B9A2A718EFE6C91D1"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5023
Expires: Sun, 05 Feb 2023 17:55:41 GMT
Date: Sun, 05 Feb 2023 16:31:58 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 2b9fa7773944abe31f5a0d2c89fcf83f
dd497be3ec7fff255da6600a2d92c45d0f4b9a50
68342c1715a25165c46c7832671ce7d31cc3afeda203b110c999875bb79ba116
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 16:31:58 GMT
Last-Modified: Sun, 05 Feb 2023 14:50:33 GMT
Server: ECS (nyb/1D35)
X-Cache: Miss from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: xDdcOAeOUcz4ntHwb5YaISwbGzc9b9uimjEZ8Op4MDr4CXOnG5sFKA==
Age: 6085
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 2b9fa7773944abe31f5a0d2c89fcf83f
dd497be3ec7fff255da6600a2d92c45d0f4b9a50
68342c1715a25165c46c7832671ce7d31cc3afeda203b110c999875bb79ba116
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=165397
Date: Sun, 05 Feb 2023 16:31:58 GMT
Etag: "63dfaf99-1d7"
Expires: Tue, 07 Feb 2023 14:28:35 GMT
Last-Modified: Sun, 05 Feb 2023 13:31:05 GMT
Server: ECS (nyb/1D2C)
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EyvkUNi7FupdHWaToGLJHsyU7J71IpPJwsAx1eYB-7yuvTCPZoSdMA==
Age: 3450
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash 9203d0f685faa3636a5ab344ccc11ecc
a706458dac739a5ea21f66bc5d19b06c893a2942
de6dd06a65b5bda1523d1be9c54201220849061cb6f76baf73c299271f3812e6
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://breakingnwz8.com
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 16:31:59 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://breakingnwz8.com
access-control-allow-credentials: true
set-cookie: uid_id2=bc4a9d15-450b-4309-bbba-37233fb3fabd:1:1; expires=Wed, 02 Feb 2033 16:31:59 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash cdefe060393eab664fdfec4c512a58cc
62b368aa74e326c0585f3c00bbc82bca843a3fee
60f5e90fef5c5e14441255a46c220372f4f6a23268b1c33196d15fa8e7fd33c9
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://breakingnwz8.com
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 16:31:59 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://breakingnwz8.com
access-control-allow-credentials: true
set-cookie: uid_id2=6269f639-1d29-4485-8978-3fde32f1cdef:3:1; expires=Wed, 02 Feb 2033 16:31:59 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bfea74a6190e45e6b339a9ed62e59fd1
52a5787e4375d9012a8653c14cd5c66d68909ffb
f1251329302001bd0d2de99dfe1100887ff6a7b69de4ad2b9a2a718efe6c91d1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F1251329302001BD0D2DE99DFE1100887FF6A7B69DE4AD2B9A2A718EFE6C91D1"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5022
Expires: Sun, 05 Feb 2023 17:55:41 GMT
Date: Sun, 05 Feb 2023 16:31:59 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:31:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:31:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sun, 05 Feb 2023 15:44:08 GMT
expires: Sun, 05 Feb 2023 17:44:08 GMT
cache-control: public, max-age=7200
age: 2871
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:31:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:31:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j99&a=1052954131&t=pageview&_s=1&dl=https%3A%2F%2Fbreakingnwz8.com%2F%25E2%2580%259Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FsKIIpAJysWk%25E2%2580%259D&ul=en-us&de=UTF-8&dt=Oops%2C%20something%20lost&sd=24-bit&sr=1280x1024&vp=288x150&je=0&_u=IEBAAEABAAAAACAAI~&jid=1120958719&gjid=1853338840&cid=784201589.1675614760&tid=UA-26575989-46&_gid=2021940770.1675614760&_r=1&_slc=1&z=749119686
142.250.74.110200 OK 4 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=1052954131&t=pageview&_s=1&dl=https%3A%2F%2Fbreakingnwz8.com%2F%25E2%2580%259Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FsKIIpAJysWk%25E2%2580%259D&ul=en-us&de=UTF-8&dt=Oops%2C%20something%20lost&sd=24-bit&sr=1280x1024&vp=288x150&je=0&_u=IEBAAEABAAAAACAAI~&jid=1120958719&gjid=1853338840&cid=784201589.1675614760&tid=UA-26575989-46&_gid=2021940770.1675614760&_r=1&_slc=1&z=749119686
IP 142.250.74.110:0
File type ASCII text, with no line terminators
Hash 9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
POST /j/collect?v=1&_v=j99&a=1052954131&t=pageview&_s=1&dl=https%3A%2F%2Fbreakingnwz8.com%2F%25E2%2580%259Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FsKIIpAJysWk%25E2%2580%259D&ul=en-us&de=UTF-8&dt=Oops%2C%20something%20lost&sd=24-bit&sr=1280x1024&vp=288x150&je=0&_u=IEBAAEABAAAAACAAI~&jid=1120958719&gjid=1853338840&cid=784201589.1675614760&tid=UA-26575989-46&_gid=2021940770.1675614760&_r=1&_slc=1&z=749119686 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://breakingnwz8.com
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://breakingnwz8.com
date: Sun, 05 Feb 2023 16:31:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=1525354453&t=pageview&_s=1&dl=https%3A%2F%2Fbreakingnwz8.com%2F%25E2%2580%259Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FsKIIpAJysWk%25E2%2580%259D&ul=en-us&de=UTF-8&dt=Oops%2C%20something%20lost&sd=24-bit&sr=1280x1024&vp=&je=0&_u=AACAAEABAAAAACAAI~&jid=&gjid=&cid=784201589.1675614760&tid=UA-26575989-46&_gid=2021940770.1675614760&_slc=1&z=385875541
142.250.74.110200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=1525354453&t=pageview&_s=1&dl=https%3A%2F%2Fbreakingnwz8.com%2F%25E2%2580%259Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FsKIIpAJysWk%25E2%2580%259D&ul=en-us&de=UTF-8&dt=Oops%2C%20something%20lost&sd=24-bit&sr=1280x1024&vp=&je=0&_u=AACAAEABAAAAACAAI~&jid=&gjid=&cid=784201589.1675614760&tid=UA-26575989-46&_gid=2021940770.1675614760&_slc=1&z=385875541
IP 142.250.74.110:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j99&a=1525354453&t=pageview&_s=1&dl=https%3A%2F%2Fbreakingnwz8.com%2F%25E2%2580%259Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FsKIIpAJysWk%25E2%2580%259D&ul=en-us&de=UTF-8&dt=Oops%2C%20something%20lost&sd=24-bit&sr=1280x1024&vp=&je=0&_u=AACAAEABAAAAACAAI~&jid=&gjid=&cid=784201589.1675614760&tid=UA-26575989-46&_gid=2021940770.1675614760&_slc=1&z=385875541 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://breakingnwz8.com
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://breakingnwz8.com
date: Sun, 05 Feb 2023 16:31:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7d0d220f09fd4e551c580aba5585dd4e
253600178ddd512448c0ef2235c6af183b635efc
8a377369950c02383870aa83fe870bd93fcf5bc5d75ad1e081f743fe6ea0f913
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8A377369950C02383870AA83FE870BD93FCF5BC5D75AD1E081F743FE6EA0F913"
Last-Modified: Fri, 03 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4694
Expires: Sun, 05 Feb 2023 17:50:13 GMT
Date: Sun, 05 Feb 2023 16:31:59 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:31:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-26575989-46&cid=784201589.1675614760&jid=1120958719&gjid=1853338840&_gid=2021940770.1675614760&_u=IEBAAEAAAAAAACAAI~&z=685622541
64.233.165.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-26575989-46&cid=784201589.1675614760&jid=1120958719&gjid=1853338840&_gid=2021940770.1675614760&_u=IEBAAEAAAAAAACAAI~&z=685622541
IP 64.233.165.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-26575989-46&cid=784201589.1675614760&jid=1120958719&gjid=1853338840&_gid=2021940770.1675614760&_u=IEBAAEAAAAAAACAAI~&z=685622541 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://breakingnwz8.com
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://breakingnwz8.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 05 Feb 2023 16:31:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:31:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:31:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 040d512b73ad828b2dd7409c0c9dab49
a7b7256940377241abd22db537a864ec6348bf90
6e7f979d255eba736072b159be75a5865fd307781806c412ea66bb0f80e38aa6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:31:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8422
Expires: Sun, 05 Feb 2023 18:52:21 GMT
Date: Sun, 05 Feb 2023 16:31:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8422
Expires: Sun, 05 Feb 2023 18:52:21 GMT
Date: Sun, 05 Feb 2023 16:31:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8422
Expires: Sun, 05 Feb 2023 18:52:21 GMT
Date: Sun, 05 Feb 2023 16:31:59 GMT
Connection: keep-alive
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-26575989-46&cid=784201589.1675614760&jid=1120958719&_u=IEBAAEAAAAAAACAAI~&z=398853212
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-26575989-46&cid=784201589.1675614760&jid=1120958719&_u=IEBAAEAAAAAAACAAI~&z=398853212
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-26575989-46&cid=784201589.1675614760&jid=1120958719&_u=IEBAAEAAAAAAACAAI~&z=398853212 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 16:31:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-26575989-46&cid=784201589.1675614760&jid=1120958719&_u=IEBAAEAAAAAAACAAI~&z=398853212
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-26575989-46&cid=784201589.1675614760&jid=1120958719&_u=IEBAAEAAAAAAACAAI~&z=398853212
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-26575989-46&cid=784201589.1675614760&jid=1120958719&_u=IEBAAEAAAAAAACAAI~&z=398853212 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 16:31:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7a466d89c75ff3459b7328591db52cf
c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb
e73243be3d01d12a224c4e9826c4f52610cf7722eee69f62755278d7550705f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3474
x-amzn-requestid: 5846c080-9f25-4590-863c-8af2126cdbe1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WXEEbnoAMFRdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded0f9-1bd490125feadc14366e7ca0;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:41:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d8aQmkW-aqLFpb79RynlJG2vY1GTDbjLNY0Qukgg_WIjdI6cmbVKFw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:51:26 GMT
age: 67233
etag: "c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: 6a8c6487-6069-47d1-afa1-648626f85439
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyDqqGg5oAMFV-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd7fdd-0a772cde1e6fba6d7da97435;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:42:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CHWhIpyzhoPtMUplzh1430Q9FfCM1wkTc_hQsgQk6InM9tYBPGYnNg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:05:45 GMT
age: 66374
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 013fa296-a431-410b-b3fb-7417b3e877eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpIQAFCMIAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ed99-2e1daa8b75977de07c48b8fc;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 04:42:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UzQGDCYe_8AuYYLaLSAWzHQhwJMpzpXWbjE5AwukevW6G6SLDxDjmA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:42:59 GMT
age: 46140
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WVfpilnwhnRXBhJkHBWjxxoP09f7SqlRk8CdWRWOubIIwe0CX89bUA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:09:58 GMT
age: 66121
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3825d7eb-9bf8-4ff1-ac96-196cbf5c1873.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3825d7eb-9bf8-4ff1-ac96-196cbf5c1873.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 93ef9da6520124f03883a2b5241e0623
41b557bb05e1769c124aa0195c398e2dbd1fc0e9
dd6a1589ae40fb69c60f1675ea49a6a1a00d43e29d1a18f0d30b7c4e9bceee5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3825d7eb-9bf8-4ff1-ac96-196cbf5c1873.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11198
x-amzn-requestid: f21313a6-3ca8-4c58-981c-a1700769719c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKUGu6IAMFsww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-1d60cc337f91692e436f2990;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DDUhCZQq-ZcClUUIfE1SlG5JisHCxScF2b3LjJd0KjvcB6E-RBhL9A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 15:02:59 GMT
age: 5340
etag: "41b557bb05e1769c124aa0195c398e2dbd1fc0e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:24:01 GMT
age: 18478
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 9d7d54937b70d60ca299d07980bc1e1e
42ee245e31b6c480419253d420a75159e107cc65
fd8c0e9b7ce1332347da031c471053f5acaab963f5aafd0e29bb94b90bcf9293
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:31:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:31:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aeeefd2d41311d21e58a79216388b8ec
61b6224aed9721be9b600640073c26f91fe2566b
70abf72a66f3491630ee6d380cd655a33489aa411b1bac80319190f31d2a6295
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "70ABF72A66F3491630EE6D380CD655A33489AA411B1BAC80319190F31D2A6295"
Last-Modified: Sat, 04 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16204
Expires: Sun, 05 Feb 2023 21:02:03 GMT
Date: Sun, 05 Feb 2023 16:31:59 GMT
Connection: keep-alive
permissioncornshrine.com/ntv.json?key=23e77ac007b9ac36c1a7aea9064eacdb&vstc=4
192.243.59.12200 OK 23 kB URL HTTP/1.1 permissioncornshrine.com/ntv.json?key=23e77ac007b9ac36c1a7aea9064eacdb&vstc=4
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (23345), with no line terminators
Hash a0b255c5458af5a71152c2b9135f3986
a0a50c5a61eb0bb290a63004d30bff54c174b3a7
5085781fb58961f2658b5a97e4d9dbcc86041eddc0ae37723aa2b1e7e99ce3e2
Analyzer Verdict Alert quad9 Sinkholed
GET /ntv.json?key=23e77ac007b9ac36c1a7aea9064eacdb&vstc=4 HTTP/1.1
Host: permissioncornshrine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://breakingnwz8.com
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 16:31:59 GMT
Content-Type: application/json
Content-Length: 23374
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://breakingnwz8.com
Access-Control-Allow-Origin: https://breakingnwz8.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=18164386; expires=Mon, 06 Feb 2023 16:31:59 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 06 Feb 2023 16:31:59 GMT; secure; SameSite=None
uncs=1; expires=Mon, 06 Feb 2023 16:31:59 GMT; secure; SameSite=None
pdhtkv49=true; expires=Mon, 06 Feb 2023 16:31:59 GMT; secure; SameSite=None
uncs49=1; expires=Mon, 06 Feb 2023 16:31:59 GMT; secure; SameSite=None
nlec23e77ac007b9ac36c1a7aea9064eacdb=[3262618,3262616]; expires=Sun, 05 Feb 2023 16:32:04 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2a123d3771f9cef268f586625ba5e56c
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5f4f9de46d151bfa44759fb27891ca86
32093efd72880b7e95e674d7c2d9b5dd0e758995
4f1843ca112bd8dd3628e3fbd599b5952459b695f6ba8b97d320b54c1bb86150
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4F1843CA112BD8DD3628E3FBD599B5952459B695F6BA8B97D320B54C1BB86150"
Last-Modified: Sun, 05 Feb 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15723
Expires: Sun, 05 Feb 2023 20:54:02 GMT
Date: Sun, 05 Feb 2023 16:31:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 32f2303686dd97bd505c717191db295e
ec7f36c2f8416458cac98eee989c51c7f880c747
8f093240519e2239d7c63c9236cb862fe2483d9f641c2beb99287b71d69c789e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F093240519E2239D7C63C9236CB862FE2483D9F641C2BEB99287B71D69C789E"
Last-Modified: Sun, 05 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5334
Expires: Sun, 05 Feb 2023 18:00:53 GMT
Date: Sun, 05 Feb 2023 16:31:59 GMT
Connection: keep-alive
permissioncornshrine.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSvW8c1Rd9k%2BzvJwQ0oFCkm5IgtJ7ZD6%2BXIFmY4MgiOCYJcv2%2BZv3Yt%2FOG92Z21ktjiIQiqi0oQqrxWTsWYEVJSYGE1hRErjINcoERfwMSHQLtZqWFK83cc9%2B5xTn33i%2F2s3MSIKNnWx%2BYodKaLjWrgf%2F6toqFyZ2%2FeccPg2pw1d9W8XLjqj%2BY%2Fmz%2FrTBoVoMr%2FnXJu2apFoRBEAahv66sjMxgacZCJcftsNoOqo1aNWw2MLD%2FrV3mwVEPon9OXoUS5f92nj6B4hPEvcfXpOumJnnzvV6maWos%2BuLoo7gbmzxGbwEj6yGKj%2BbdMK4k5P4FmPho7gCmfzB1AKZK4v0SgsVHc5lg%2FcPnSpmGjMHES8j7E0g9gaITcHMXSjwjABfYvIm493DT2JzuPmfplC1J5c8%2FoPKSVH69hLj3aE2rgX%2Fb6CxVJnYYRAXUYALVmSDJTpAOPaj8BDz9HEoQxL0CShQz10pNoKIJtByBOg%2FZ9FMesshDlnjoiTOfNttRELQiFtXrKw3Oeb3OeXNlWTRFvbESBcj4VNYIaTIC1yNwu4fE7qGrRrDZj3A7BZzw4NKSeB%2FuoS8K5JIgdwQ5JcgVQZ4S5P3iUGhXc8VDoV3GwnmuzXO9GJu0s08PTdqRMdlPzskr03l4r70BdOWZX6vLVovyIGixNuX1ZR7SFpW0HSw3JOWCwakCyl2YWR2qkvh%2F5UhUSf5%2F5WUwegKnT8DVRdAsBM3HrVoAujNurAQYxsexzF2j%2BUlS5aYHYQokaQXprrevz8nl2V7Cnx9A8tPVdPj79UeXPgW3BRJb4GP1E0FH3xvfMjk5uGVyR57cTFLVU0M63dntlKby4rfvy93cWLFxzY2%2BeYdPiSk8viNdeoPGQsUdR75bU0JIu24sl%2BSHDbct2VbmdtYyG2fJja131zd6iZXOKRNPQNWz7mfgqiQv9MvZNV7%2B8nsoO4HNCvSyUzIPKHMCnuzBJQv1zhBYvehhiYc8K8a2xhaPWhFouagpK%2BD%2BVbMF3nf30LEV0PTu7Ab7tkBfF6B6BJe9OE4Te7r69OtpPADTlTHTtnLAtNVfzUZbkrdXH0%2FR%2FZIsVStw6syXzSiIZFCTLGqzqEUD0Y4abUbboWyxJg2RupL%2Fdvb3PwAAAP%2F%2FAQAA%2F%2F%2BfgGGCdAQAAA%3D%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 permissioncornshrine.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSvW8c1Rd9k%2BzvJwQ0oFCkm5IgtJ7ZD6%2BXIFmY4MgiOCYJcv2%2BZv3Yt%2FOG92Z21ktjiIQiqi0oQqrxWTsWYEVJSYGE1hRErjINcoERfwMSHQLtZqWFK83cc9%2B5xTn33i%2F2s3MSIKNnWx%2BYodKaLjWrgf%2F6toqFyZ2%2FeccPg2pw1d9W8XLjqj%2BY%2Fmz%2FrTBoVoMr%2FnXJu2apFoRBEAahv66sjMxgacZCJcftsNoOqo1aNWw2MLD%2FrV3mwVEPon9OXoUS5f92nj6B4hPEvcfXpOumJnnzvV6maWos%2BuLoo7gbmzxGbwEj6yGKj%2BbdMK4k5P4FmPho7gCmfzB1AKZK4v0SgsVHc5lg%2FcPnSpmGjMHES8j7E0g9gaITcHMXSjwjABfYvIm493DT2JzuPmfplC1J5c8%2FoPKSVH69hLj3aE2rgX%2Fb6CxVJnYYRAXUYALVmSDJTpAOPaj8BDz9HEoQxL0CShQz10pNoKIJtByBOg%2FZ9FMesshDlnjoiTOfNttRELQiFtXrKw3Oeb3OeXNlWTRFvbESBcj4VNYIaTIC1yNwu4fE7qGrRrDZj3A7BZzw4NKSeB%2FuoS8K5JIgdwQ5JcgVQZ4S5P3iUGhXc8VDoV3GwnmuzXO9GJu0s08PTdqRMdlPzskr03l4r70BdOWZX6vLVovyIGixNuX1ZR7SFpW0HSw3JOWCwakCyl2YWR2qkvh%2F5UhUSf5%2F5WUwegKnT8DVRdAsBM3HrVoAujNurAQYxsexzF2j%2BUlS5aYHYQokaQXprrevz8nl2V7Cnx9A8tPVdPj79UeXPgW3BRJb4GP1E0FH3xvfMjk5uGVyR57cTFLVU0M63dntlKby4rfvy93cWLFxzY2%2BeYdPiSk8viNdeoPGQsUdR75bU0JIu24sl%2BSHDbct2VbmdtYyG2fJja131zd6iZXOKRNPQNWz7mfgqiQv9MvZNV7%2B8nsoO4HNCvSyUzIPKHMCnuzBJQv1zhBYvehhiYc8K8a2xhaPWhFouagpK%2BD%2BVbMF3nf30LEV0PTu7Ab7tkBfF6B6BJe9OE4Te7r69OtpPADTlTHTtnLAtNVfzUZbkrdXH0%2FR%2FZIsVStw6syXzSiIZFCTLGqzqEUD0Y4abUbboWyxJg2RupL%2Fdvb3PwAAAP%2F%2FAQAA%2F%2F%2BfgGGCdAQAAA%3D%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSvW8c1Rd9k%2BzvJwQ0oFCkm5IgtJ7ZD6%2BXIFmY4MgiOCYJcv2%2BZv3Yt%2FOG92Z21ktjiIQiqi0oQqrxWTsWYEVJSYGE1hRErjINcoERfwMSHQLtZqWFK83cc9%2B5xTn33i%2F2s3MSIKNnWx%2BYodKaLjWrgf%2F6toqFyZ2%2FeccPg2pw1d9W8XLjqj%2BY%2Fmz%2FrTBoVoMr%2FnXJu2apFoRBEAahv66sjMxgacZCJcftsNoOqo1aNWw2MLD%2FrV3mwVEPon9OXoUS5f92nj6B4hPEvcfXpOumJnnzvV6maWos%2BuLoo7gbmzxGbwEj6yGKj%2BbdMK4k5P4FmPho7gCmfzB1AKZK4v0SgsVHc5lg%2FcPnSpmGjMHES8j7E0g9gaITcHMXSjwjABfYvIm493DT2JzuPmfplC1J5c8%2FoPKSVH69hLj3aE2rgX%2Fb6CxVJnYYRAXUYALVmSDJTpAOPaj8BDz9HEoQxL0CShQz10pNoKIJtByBOg%2FZ9FMesshDlnjoiTOfNttRELQiFtXrKw3Oeb3OeXNlWTRFvbESBcj4VNYIaTIC1yNwu4fE7qGrRrDZj3A7BZzw4NKSeB%2FuoS8K5JIgdwQ5JcgVQZ4S5P3iUGhXc8VDoV3GwnmuzXO9GJu0s08PTdqRMdlPzskr03l4r70BdOWZX6vLVovyIGixNuX1ZR7SFpW0HSw3JOWCwakCyl2YWR2qkvh%2F5UhUSf5%2F5WUwegKnT8DVRdAsBM3HrVoAujNurAQYxsexzF2j%2BUlS5aYHYQokaQXprrevz8nl2V7Cnx9A8tPVdPj79UeXPgW3BRJb4GP1E0FH3xvfMjk5uGVyR57cTFLVU0M63dntlKby4rfvy93cWLFxzY2%2BeYdPiSk8viNdeoPGQsUdR75bU0JIu24sl%2BSHDbct2VbmdtYyG2fJja131zd6iZXOKRNPQNWz7mfgqiQv9MvZNV7%2B8nsoO4HNCvSyUzIPKHMCnuzBJQv1zhBYvehhiYc8K8a2xhaPWhFouagpK%2BD%2BVbMF3nf30LEV0PTu7Ab7tkBfF6B6BJe9OE4Te7r69OtpPADTlTHTtnLAtNVfzUZbkrdXH0%2FR%2FZIsVStw6syXzSiIZFCTLGqzqEUD0Y4abUbboWyxJg2RupL%2Fdvb3PwAAAP%2F%2FAQAA%2F%2F%2BfgGGCdAQAAA%3D%3D HTTP/1.1
Host: permissioncornshrine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Cookie: u_pl=18164386; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 16:31:59 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 13cc29e39e198f525437dff54769717f
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 98f0950ed03ec36f411e972a9c167b2a
f5da8f3faa05536769ce459ed3028a1f0bec4fb0
9db298b3908012b0310ffc50ae948424d0ec38a8f1f9b6ae09c36a64f596e91b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9DB298B3908012B0310FFC50AE948424D0EC38A8F1F9B6AE09C36A64F596E91B"
Last-Modified: Fri, 03 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2929
Expires: Sun, 05 Feb 2023 17:20:48 GMT
Date: Sun, 05 Feb 2023 16:31:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 98f0950ed03ec36f411e972a9c167b2a
f5da8f3faa05536769ce459ed3028a1f0bec4fb0
9db298b3908012b0310ffc50ae948424d0ec38a8f1f9b6ae09c36a64f596e91b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9DB298B3908012B0310FFC50AE948424D0EC38A8F1F9B6AE09C36A64F596E91B"
Last-Modified: Fri, 03 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2929
Expires: Sun, 05 Feb 2023 17:20:48 GMT
Date: Sun, 05 Feb 2023 16:31:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 98f0950ed03ec36f411e972a9c167b2a
f5da8f3faa05536769ce459ed3028a1f0bec4fb0
9db298b3908012b0310ffc50ae948424d0ec38a8f1f9b6ae09c36a64f596e91b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9DB298B3908012B0310FFC50AE948424D0EC38A8F1F9B6AE09C36A64F596E91B"
Last-Modified: Fri, 03 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2929
Expires: Sun, 05 Feb 2023 17:20:48 GMT
Date: Sun, 05 Feb 2023 16:31:59 GMT
Connection: keep-alive
gecpbt.com/.cdn/3a8241/6512bd/8716577075384ec0b2f8f13a21b2708a/d0b63766f5fa1a54.jpeg
217.67.179.205200 OK 28 kB URL HTTP/2 gecpbt.com/.cdn/3a8241/6512bd/8716577075384ec0b2f8f13a21b2708a/d0b63766f5fa1a54.jpeg
IP 217.67.179.205:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 250x250, components 3\012- data
Hash 98d7676dc1256718ea0415f9bb341649
e89b2a94a0818e46b98605d99c0f55b4cc89e70c
fcd61508ce497d47c124faedc6635ee0d887425ef8c5bfc6ee7bd667d45ae296
GET /.cdn/3a8241/6512bd/8716577075384ec0b2f8f13a21b2708a/d0b63766f5fa1a54.jpeg HTTP/1.1
Host: gecpbt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 Feb 2023 16:31:59 GMT
content-type: image/jpeg
content-length: 27691
last-modified: Thu, 17 Nov 2022 17:29:03 GMT
etag: "63766f5f-6c2b"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/d9/9c/40/d99c40e1c422b99f0f3dbf72a2110fc8/1646332401.jpg
45.133.44.9200 OK 32 kB URL HTTP/2 cdn.cloudimagesb.com/si/d9/9c/40/d99c40e1c422b99f0f3dbf72a2110fc8/1646332401.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash ea53222bc6d98d3f7b975e4cc11ced5f
117f8485c07e3b47d84d8a32af9138d218a329d1
ea04845576344a213018dbff710422f681b2f17b6aa2a34eff6041698100bca6
GET /si/d9/9c/40/d99c40e1c422b99f0f3dbf72a2110fc8/1646332401.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 16:31:59 GMT
content-type: image/jpeg
content-length: 32219
server: nginx/1.17.6
last-modified: Thu, 03 Mar 2022 18:33:28 GMT
etag: "622109f8-7ddb"
expires: Tue, 07 Feb 2023 16:31:59 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
solitudearbitrary.com/sbar.json?key=8104dca4b35566a00c940655df365051&uuid=bc4a9d15-450b-4309-bbba-37233fb3fabd%3A1%3A1
173.233.137.60200 OK 3.5 kB URL HTTP/1.1 solitudearbitrary.com/sbar.json?key=8104dca4b35566a00c940655df365051&uuid=bc4a9d15-450b-4309-bbba-37233fb3fabd%3A1%3A1
IP 173.233.137.60:0
File type JSON data\012- , ASCII text, with very long lines (6056), with no line terminators
Hash b2f3228c363a241d121bac6890aa64d1
ce5c66c4263696b8154b2b7de02fec0686f99ecd
578a5a28755ab9b15f7d3dafa5f082f32240ff612a9c7da1fb3d1c593c271f8b
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=8104dca4b35566a00c940655df365051&uuid=bc4a9d15-450b-4309-bbba-37233fb3fabd%3A1%3A1 HTTP/1.1
Host: solitudearbitrary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://breakingnwz8.com
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Feb 2023 16:31:59 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://breakingnwz8.com
Access-Control-Allow-Origin: https://breakingnwz8.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=18161256; expires=Mon, 06 Feb 2023 16:31:59 GMT; secure; SameSite=None
uid_id2=bc4a9d15-450b-4309-bbba-37233fb3fabd:1:1; expires=Sun, 12 Feb 2023 16:31:59 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 06 Feb 2023 16:31:59 GMT; secure; SameSite=None
uncs=1; expires=Mon, 06 Feb 2023 16:31:59 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 06 Feb 2023 16:31:59 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 06 Feb 2023 16:31:59 GMT; secure; SameSite=None
slec8104dca4b35566a00c940655df365051=[3078195]; expires=Sun, 05 Feb 2023 16:32:04 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 97afcf5e7e99e4764c94f3936888b86d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
permissioncornshrine.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSvW8c1Rd9k%2BzvJwQ0oFCkm5IgtJ7ZD6%2BXIFmY4MgiOCYJcv2%2BZv3Yt%2FOG92Z21ktjiIQiqi0oQqrxWTsWYEVJRYWE1hRErjINcoERfwMSHQLtZqWFK83ce9%2B5xTnn3i%2F2s3MSIKNnWx%2BYodKaLjWrgf%2F6toqFyZ2%2FeccPg2pw1d9W8XLjqj%2BY%2Fmz%2FrTBoVoMr%2FnXJu2apFoRBEAahv66sjMxgaYZCJcftsNoOqo1aNWw2MLD%2F7V3mwVEPon9OXoUS5f92nj6B4hPEvcfXpOumJnnzvV6maWos%2BuLoo7gbmzxGb1FG1kMUH82nYVxJyP0LMPHRXAFM%2F2CqAEyVxPslBIuP5jTB%2BofPmTINGYOJl5D3J5B6AkUn4OYulHhGAC6weRNx7%2BGmsTndfY7SKVqSyp9%2FQOUlqfx6CXHv0ZpWA%2F%2B20VmqTOwwiAqowQSqM0GSnSAdelD5CXj6OZQgiHsFlChmqpWaQEUTaDkCdR6y6ac8ZJGHLPHQE2c%2BbbajIGhFLKrXVxqc83qd8%2BbKsmiKemMlCpDxKa0R0mQErkfgdg%2BJ3UNXjWCzH%2BF2CjjhwaUl8T7cQ18UyCVB7ghySpArgjwlyPvFodCu5oqHQruMhfNcm%2Bd6MTZpZ58emrQjY7KfnJNXpn54r70BdOWZX6vLVovyIGixNuX1ZR7SFpW0HSw3JOWCwakCyl2YSR2qkvh%2F5UhUSf5%2F5WUwegKnT8DVRdAsBM3HrVoAujNurAQYxsexzF2j%2BUlS5aYHYQokaQXprrevz8nl2V7Cn%2B9D8tPVdPj79UeXPgW3BRJb4GP1E0FH3xvfMjk5uGVyR57cTFLVU0M63dntlKby4rfvy93cWLFxzY2%2BeYdPgWl5fEe69AaNhYo7jny3poSQdt1YLskPG25bsq3M7axlNs6SG1vvrm%2F0EiudUyaegKpn3c%2FAVUle6Jeza7z85fdQdgKbFehlp2QeUOYEPNmDSxbsnSGwejHDkovIs2Jsa2zxqBWBlouesgLuXz1b1PvuHjq2Aprend1g3xbo6wJUj%2BCyF8dpYk9Xn349jQdgujJm2lYOmLb6q6m1D0ry9urjmcklWapW4NSZL5tREMmgJlnUZlGLBqIdNdqMtkPZYk0aInUl%2F%2B3s738AAAD%2F%2FwEAAP%2F%2FMQJKBXQEAAA%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 permissioncornshrine.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSvW8c1Rd9k%2BzvJwQ0oFCkm5IgtJ7ZD6%2BXIFmY4MgiOCYJcv2%2BZv3Yt%2FOG92Z21ktjiIQiqi0oQqrxWTsWYEVJRYWE1hRErjINcoERfwMSHQLtZqWFK83ce9%2B5xTnn3i%2F2s3MSIKNnWx%2BYodKaLjWrgf%2F6toqFyZ2%2FeccPg2pw1d9W8XLjqj%2BY%2Fmz%2FrTBoVoMr%2FnXJu2apFoRBEAahv66sjMxgaYZCJcftsNoOqo1aNWw2MLD%2F7V3mwVEPon9OXoUS5f92nj6B4hPEvcfXpOumJnnzvV6maWos%2BuLoo7gbmzxGb1FG1kMUH82nYVxJyP0LMPHRXAFM%2F2CqAEyVxPslBIuP5jTB%2BofPmTINGYOJl5D3J5B6AkUn4OYulHhGAC6weRNx7%2BGmsTndfY7SKVqSyp9%2FQOUlqfx6CXHv0ZpWA%2F%2B20VmqTOwwiAqowQSqM0GSnSAdelD5CXj6OZQgiHsFlChmqpWaQEUTaDkCdR6y6ac8ZJGHLPHQE2c%2BbbajIGhFLKrXVxqc83qd8%2BbKsmiKemMlCpDxKa0R0mQErkfgdg%2BJ3UNXjWCzH%2BF2CjjhwaUl8T7cQ18UyCVB7ghySpArgjwlyPvFodCu5oqHQruMhfNcm%2Bd6MTZpZ58emrQjY7KfnJNXpn54r70BdOWZX6vLVovyIGixNuX1ZR7SFpW0HSw3JOWCwakCyl2YSR2qkvh%2F5UhUSf5%2F5WUwegKnT8DVRdAsBM3HrVoAujNurAQYxsexzF2j%2BUlS5aYHYQokaQXprrevz8nl2V7Cn%2B9D8tPVdPj79UeXPgW3BRJb4GP1E0FH3xvfMjk5uGVyR57cTFLVU0M63dntlKby4rfvy93cWLFxzY2%2BeYdPgWl5fEe69AaNhYo7jny3poSQdt1YLskPG25bsq3M7axlNs6SG1vvrm%2F0EiudUyaegKpn3c%2FAVUle6Jeza7z85fdQdgKbFehlp2QeUOYEPNmDSxbsnSGwejHDkovIs2Jsa2zxqBWBlouesgLuXz1b1PvuHjq2Aprend1g3xbo6wJUj%2BCyF8dpYk9Xn349jQdgujJm2lYOmLb6q6m1D0ry9urjmcklWapW4NSZL5tREMmgJlnUZlGLBqIdNdqMtkPZYk0aInUl%2F%2B3s738AAAD%2F%2FwEAAP%2F%2FMQJKBXQEAAA%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSvW8c1Rd9k%2BzvJwQ0oFCkm5IgtJ7ZD6%2BXIFmY4MgiOCYJcv2%2BZv3Yt%2FOG92Z21ktjiIQiqi0oQqrxWTsWYEVJRYWE1hRErjINcoERfwMSHQLtZqWFK83ce9%2B5xTnn3i%2F2s3MSIKNnWx%2BYodKaLjWrgf%2F6toqFyZ2%2FeccPg2pw1d9W8XLjqj%2BY%2Fmz%2FrTBoVoMr%2FnXJu2apFoRBEAahv66sjMxgaYZCJcftsNoOqo1aNWw2MLD%2F7V3mwVEPon9OXoUS5f92nj6B4hPEvcfXpOumJnnzvV6maWos%2BuLoo7gbmzxGb1FG1kMUH82nYVxJyP0LMPHRXAFM%2F2CqAEyVxPslBIuP5jTB%2BofPmTINGYOJl5D3J5B6AkUn4OYulHhGAC6weRNx7%2BGmsTndfY7SKVqSyp9%2FQOUlqfx6CXHv0ZpWA%2F%2B20VmqTOwwiAqowQSqM0GSnSAdelD5CXj6OZQgiHsFlChmqpWaQEUTaDkCdR6y6ac8ZJGHLPHQE2c%2BbbajIGhFLKrXVxqc83qd8%2BbKsmiKemMlCpDxKa0R0mQErkfgdg%2BJ3UNXjWCzH%2BF2CjjhwaUl8T7cQ18UyCVB7ghySpArgjwlyPvFodCu5oqHQruMhfNcm%2Bd6MTZpZ58emrQjY7KfnJNXpn54r70BdOWZX6vLVovyIGixNuX1ZR7SFpW0HSw3JOWCwakCyl2YSR2qkvh%2F5UhUSf5%2F5WUwegKnT8DVRdAsBM3HrVoAujNurAQYxsexzF2j%2BUlS5aYHYQokaQXprrevz8nl2V7Cn%2B9D8tPVdPj79UeXPgW3BRJb4GP1E0FH3xvfMjk5uGVyR57cTFLVU0M63dntlKby4rfvy93cWLFxzY2%2BeYdPgWl5fEe69AaNhYo7jny3poSQdt1YLskPG25bsq3M7axlNs6SG1vvrm%2F0EiudUyaegKpn3c%2FAVUle6Jeza7z85fdQdgKbFehlp2QeUOYEPNmDSxbsnSGwejHDkovIs2Jsa2zxqBWBlouesgLuXz1b1PvuHjq2Aprend1g3xbo6wJUj%2BCyF8dpYk9Xn349jQdgujJm2lYOmLb6q6m1D0ry9urjmcklWapW4NSZL5tREMmgJlnUZlGLBqIdNdqMtkPZYk0aInUl%2F%2B3s738AAAD%2F%2FwEAAP%2F%2FMQJKBXQEAAA%3D HTTP/1.1
Host: permissioncornshrine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Cookie: u_pl=18164386; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 16:31:59 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 25fbbbf5088b279895dc09b599e29903
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.cloudimagesb.com/si/94/30/16/943016812427f40c3bcdfc6fc12e85e8/1646332388.jpg
45.133.44.9200 OK 25 kB URL HTTP/2 cdn.cloudimagesb.com/si/94/30/16/943016812427f40c3bcdfc6fc12e85e8/1646332388.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash ab0a111cdb0802728adcf708dcf882ad
242030cc8137d11ee6a939a6e119aa21c420b1e9
775967ffcce6d9f00fca07a1ed0099f42dc6bb00f2ec0ce69fb3a24344cebe89
GET /si/94/30/16/943016812427f40c3bcdfc6fc12e85e8/1646332388.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 16:31:59 GMT
content-type: image/jpeg
content-length: 24911
server: nginx/1.17.6
last-modified: Thu, 03 Mar 2022 18:33:15 GMT
etag: "622109eb-614f"
expires: Tue, 07 Feb 2023 16:31:59 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/14/d6/f0/14d6f0079ffda60cd9961f9c32e1cb1b/1674209884.png
45.133.44.9200 OK 108 kB URL HTTP/2 cdn.cloudimagesb.com/si/14/d6/f0/14d6f0079ffda60cd9961f9c32e1cb1b/1674209884.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced\012- data
Size 108 kB (108061 bytes)
Hash f25a89906f49b309b04a788657e63775
fafed8a699a3942ca5d277b5f329e1e2377d3747
05d3612dca9ad5a805bd967d52285f06a4e8f028a3e94f4cef6031b985b9796d
GET /si/14/d6/f0/14d6f0079ffda60cd9961f9c32e1cb1b/1674209884.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 16:31:59 GMT
content-type: image/png
content-length: 108061
server: nginx/1.17.6
last-modified: Fri, 20 Jan 2023 10:18:12 GMT
etag: "63ca6a64-1a61d"
expires: Tue, 07 Feb 2023 16:31:59 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
solitudearbitrary.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuu3t3fz4OyoCiioPTBgwtmtnq6e5JxD2JcI8E1G3ZXcq5%2FPSnT09VWdU9PcgouyB7Hm8fOM8kGNYj7AUSZeFly2vEgczB%2BBUEUL6LMZGTwhar3z1MFz%2Fu876cH5TmhKNlk8wOzp9OUXY8b1H99S2fSVM7fuOcHtEFv%2BFs6a0U3%2FP70sr03Axo36DX%2FPSV2zPUmDSgNaOCvaasS078%2BQ6Hzk3bQaNNG1GwEcYS%2B%2FW%2FuSg%2BOeZC9c%2FIctBz%2Fb%2FvxI2gxQtb95qZyO4XJ33i3W6asMBY9efxhtpOZKkN3ESbWQ5Idz1%2FDuDEhn1%2BCyY7nHcD0DqcdgOsx8X4KwLPjOU3w3tEFU55CZeDyaVS9EVQ6gmYjCHMfWj4hgJDYuI2s%2B3DD2IrtXqBsio7JlT9%2Bg67G5MrPzyPrfr2a6r5%2F16RloU3m0E9q6P4IujNCXp6i2POgq1OI4hNoSZB1a2g5eY2LiLVlEC9FMeVLUUjbS5xzthQuN8Mw4WHCuJxJo%2FUIOhkhVQMw56GcHu2hTDyUuYeunPgsbieULic8CcOVSAgRhkLEKy0ZyzBaSShKMeU%2BQJEPINIBhN1Hbvexowew5fdw2zWc9OAKgp6sUSmCyhFUjKDSBFVBUPXqI5m6pqsfytSVPJj75tyH9dAUnQN2ZIqOyshBfk6enQrmvfDqNnbUxF8JaCQFi3gYx60Wo1S0I9qKY5mErZjGAZyuod2lWZt7ekz8vyrkekz%2Bf%2B0ZcHYKl55C6Mtg5Stg1XC5ScG2h9EKxV52kqnKRfHHeUOYLqSpkRdXUOx6B%2Bk5eWk2uMafIZQ4I3ODsDVyW%2BMj%2FQNBJ30wvGMqcnjHVI48up0Xuqv32HSodwtWKO%2FL99VuZaxcv%2BkGX7wtpsA0PLmnXHGLZVJnHUe%2BWtVSKrtmrFDk23W3pfhm6bZXS5uV%2Ba3Nd9bWu7lVzmmTjcD0k6tXIfSYPPX499m6vnj%2BMrQdwZY1uuWCqTanEPk%2BXL6oOUNg00XOcw9VWQ9tky%2BKqSZI1SJnvIZTZ9%2F9%2Bu%2BnRXzgHqBjPbDi%2FmxJe7ZGL63B0gFceXlY5PbsrR%2FDmYGn3pCn1jvkqU0%2Fu5DW6Ymv4oQmijYVT9o8WWZUtpOozVk7UMs8ZgEKNxa%2FTP7%2BBwAA%2F%2F8BAAD%2F%2FyN7YLGGBAAA
173.233.137.60200 OK 7 B URL HTTP/1.1 solitudearbitrary.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuu3t3fz4OyoCiioPTBgwtmtnq6e5JxD2JcI8E1G3ZXcq5%2FPSnT09VWdU9PcgouyB7Hm8fOM8kGNYj7AUSZeFly2vEgczB%2BBUEUL6LMZGTwhar3z1MFz%2Fu876cH5TmhKNlk8wOzp9OUXY8b1H99S2fSVM7fuOcHtEFv%2BFs6a0U3%2FP70sr03Axo36DX%2FPSV2zPUmDSgNaOCvaasS078%2BQ6Hzk3bQaNNG1GwEcYS%2B%2FW%2FuSg%2BOeZC9c%2FIctBz%2Fb%2FvxI2gxQtb95qZyO4XJ33i3W6asMBY9efxhtpOZKkN3ESbWQ5Idz1%2FDuDEhn1%2BCyY7nHcD0DqcdgOsx8X4KwLPjOU3w3tEFU55CZeDyaVS9EVQ6gmYjCHMfWj4hgJDYuI2s%2B3DD2IrtXqBsio7JlT9%2Bg67G5MrPzyPrfr2a6r5%2F16RloU3m0E9q6P4IujNCXp6i2POgq1OI4hNoSZB1a2g5eY2LiLVlEC9FMeVLUUjbS5xzthQuN8Mw4WHCuJxJo%2FUIOhkhVQMw56GcHu2hTDyUuYeunPgsbieULic8CcOVSAgRhkLEKy0ZyzBaSShKMeU%2BQJEPINIBhN1Hbvexowew5fdw2zWc9OAKgp6sUSmCyhFUjKDSBFVBUPXqI5m6pqsfytSVPJj75tyH9dAUnQN2ZIqOyshBfk6enQrmvfDqNnbUxF8JaCQFi3gYx60Wo1S0I9qKY5mErZjGAZyuod2lWZt7ekz8vyrkekz%2Bf%2B0ZcHYKl55C6Mtg5Stg1XC5ScG2h9EKxV52kqnKRfHHeUOYLqSpkRdXUOx6B%2Bk5eWk2uMafIZQ4I3ODsDVyW%2BMj%2FQNBJ30wvGMqcnjHVI48up0Xuqv32HSodwtWKO%2FL99VuZaxcv%2BkGX7wtpsA0PLmnXHGLZVJnHUe%2BWtVSKrtmrFDk23W3pfhm6bZXS5uV%2Ba3Nd9bWu7lVzmmTjcD0k6tXIfSYPPX499m6vnj%2BMrQdwZY1uuWCqTanEPk%2BXL6oOUNg00XOcw9VWQ9tky%2BKqSZI1SJnvIZTZ9%2F9%2Bu%2BnRXzgHqBjPbDi%2FmxJe7ZGL63B0gFceXlY5PbsrR%2FDmYGn3pCn1jvkqU0%2Fu5DW6Ymv4oQmijYVT9o8WWZUtpOozVk7UMs8ZgEKNxa%2FTP7%2BBwAA%2F%2F8BAAD%2F%2FyN7YLGGBAAA
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2skxRuu3t3fz4OyoCiioPTBgwtmtnq6e5JxD2JcI8E1G3ZXcq5%2FPSnT09VWdU9PcgouyB7Hm8fOM8kGNYj7AUSZeFly2vEgczB%2BBUEUL6LMZGTwhar3z1MFz%2Fu876cH5TmhKNlk8wOzp9OUXY8b1H99S2fSVM7fuOcHtEFv%2BFs6a0U3%2FP70sr03Axo36DX%2FPSV2zPUmDSgNaOCvaasS078%2BQ6Hzk3bQaNNG1GwEcYS%2B%2FW%2FuSg%2BOeZC9c%2FIctBz%2Fb%2FvxI2gxQtb95qZyO4XJ33i3W6asMBY9efxhtpOZKkN3ESbWQ5Idz1%2FDuDEhn1%2BCyY7nHcD0DqcdgOsx8X4KwLPjOU3w3tEFU55CZeDyaVS9EVQ6gmYjCHMfWj4hgJDYuI2s%2B3DD2IrtXqBsio7JlT9%2Bg67G5MrPzyPrfr2a6r5%2F16RloU3m0E9q6P4IujNCXp6i2POgq1OI4hNoSZB1a2g5eY2LiLVlEC9FMeVLUUjbS5xzthQuN8Mw4WHCuJxJo%2FUIOhkhVQMw56GcHu2hTDyUuYeunPgsbieULic8CcOVSAgRhkLEKy0ZyzBaSShKMeU%2BQJEPINIBhN1Hbvexowew5fdw2zWc9OAKgp6sUSmCyhFUjKDSBFVBUPXqI5m6pqsfytSVPJj75tyH9dAUnQN2ZIqOyshBfk6enQrmvfDqNnbUxF8JaCQFi3gYx60Wo1S0I9qKY5mErZjGAZyuod2lWZt7ekz8vyrkekz%2Bf%2B0ZcHYKl55C6Mtg5Stg1XC5ScG2h9EKxV52kqnKRfHHeUOYLqSpkRdXUOx6B%2Bk5eWk2uMafIZQ4I3ODsDVyW%2BMj%2FQNBJ30wvGMqcnjHVI48up0Xuqv32HSodwtWKO%2FL99VuZaxcv%2BkGX7wtpsA0PLmnXHGLZVJnHUe%2BWtVSKrtmrFDk23W3pfhm6bZXS5uV%2Ba3Nd9bWu7lVzmmTjcD0k6tXIfSYPPX499m6vnj%2BMrQdwZY1uuWCqTanEPk%2BXL6oOUNg00XOcw9VWQ9tky%2BKqSZI1SJnvIZTZ9%2F9%2Bu%2BnRXzgHqBjPbDi%2FmxJe7ZGL63B0gFceXlY5PbsrR%2FDmYGn3pCn1jvkqU0%2Fu5DW6Ymv4oQmijYVT9o8WWZUtpOozVk7UMs8ZgEKNxa%2FTP7%2BBwAA%2F%2F8BAAD%2F%2FyN7YLGGBAAA HTTP/1.1
Host: solitudearbitrary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Cookie: u_pl=18161256; uid_id2=bc4a9d15-450b-4309-bbba-37233fb3fabd:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Feb 2023 16:32:00 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 501ddd1dad1e351c9fc9db14cd9619d2
Strict-Transport-Security: max-age=0; includeSubdomains
permissioncornshrine.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRSeDQdFQEKgUEC1JUHovHs%2FPh9BMpjgyCI4JglyPTszex48u7PM7N6ej8YiEkp5BUVItf7OjgVYUdLQIdCZgsgSEisk5AIjSjqkSHQBtOeTLJ60%2B96b7xXve9%2F32U52Qjxk9HjtfT2UStG5dt1zX12XMde5dVdvur5X9y656zKeb11yB9XP9N%2FwvXbdu%2BheEWxTzzU83%2FN8z3eXpRGhHsxNUcjkoOvXu1691aj77RYG5v%2B9zRxY6oD3T8iLkLx8euPRQ0g2QRw9uCzsZqqT19%2BNMkVTbdDn%2Bx%2FGm7HOY0RnZWgchPH%2BbBraloTcOQcd788YQPd3KwYIZEmcX30E8f5sTQT9vdNNAwURI%2BDPIu9PINQEkk7A9C1I%2FjMBGMfqNcTRvVVtcrp1itIKLUnt78eQeUlqv11AHN1fUnLg3tAqS6WOLQZhATmYQPYmSLJDpEMHMj8ESz%2BF5ARxVEDyYspayglkOIESI1DrIKs%2B6SALHWSJg4gfu7TdDT2vEwZhs7nQYow1m4y1F%2BZ5mzdbC6GHjFVrjZAmIzA1AjPbSMw2NuUIJvsedqOA5Q5sWhLng230eYFcEOSWIKcEuSTIU4K8X%2BxxZRu2uMeVzQJ%2Flhuz3CzGOu3t0D2d9kRMdpIT8kJ1D%2Bel14BNcew2mqLToczzOkGXsuY882mHCtr15luCMh7AygLSnptSHcqSuE9yJLIkz1x8DgE9hFWHYPIp0MwHzcedhge6MW4teBjGB7HIbav9cVJnOgLXBZK0hnTL2VEn5OWpLm8uPoBgR289%2F%2BfglyePvwEzBRJT4CP5A0FP3R5f1znZva5zSx5eS1IZySGtNLuR0lTUvnpPbOXa8JXLdvTl26wCqvLgprDpVRpzGfcs%2BXpJci7MsjZMkG9X7LoI1jK7sZSZOEuurr2zvBIlRlgrdTwBrfxXCSJLcv6fV6Z%2BdKOfIM0EJisQZUdkFpB6ApZswyZHi%2Bnwjyv3L3wCqwmMOpsJknPIs2JsGsHZo5IESpz1NChgxdkRAnH03V%2Bn2I69jZ6pgaa3pi7smwJ9VYCqEWx2fpwm5mjx0RdV3EWgauNAmdpuoIz6vCT%2Bj3enF66qOyWZq9dg5bEr2qEXCq8hgrAbhB3q8W7Y6ga064tO0KY%2BUluy34%2F%2F%2FQ8AAP%2F%2FAQAA%2F%2F%2FJcpiJdgQAAA%3D%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 permissioncornshrine.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRSeDQdFQEKgUEC1JUHovHs%2FPh9BMpjgyCI4JglyPTszex48u7PM7N6ej8YiEkp5BUVItf7OjgVYUdLQIdCZgsgSEisk5AIjSjqkSHQBtOeTLJ60%2B96b7xXve9%2F32U52Qjxk9HjtfT2UStG5dt1zX12XMde5dVdvur5X9y656zKeb11yB9XP9N%2FwvXbdu%2BheEWxTzzU83%2FN8z3eXpRGhHsxNUcjkoOvXu1691aj77RYG5v%2B9zRxY6oD3T8iLkLx8euPRQ0g2QRw9uCzsZqqT19%2BNMkVTbdDn%2Bx%2FGm7HOY0RnZWgchPH%2BbBraloTcOQcd788YQPd3KwYIZEmcX30E8f5sTQT9vdNNAwURI%2BDPIu9PINQEkk7A9C1I%2FjMBGMfqNcTRvVVtcrp1itIKLUnt78eQeUlqv11AHN1fUnLg3tAqS6WOLQZhATmYQPYmSLJDpEMHMj8ESz%2BF5ARxVEDyYspayglkOIESI1DrIKs%2B6SALHWSJg4gfu7TdDT2vEwZhs7nQYow1m4y1F%2BZ5mzdbC6GHjFVrjZAmIzA1AjPbSMw2NuUIJvsedqOA5Q5sWhLng230eYFcEOSWIKcEuSTIU4K8X%2BxxZRu2uMeVzQJ%2Flhuz3CzGOu3t0D2d9kRMdpIT8kJ1D%2Bel14BNcew2mqLToczzOkGXsuY882mHCtr15luCMh7AygLSnptSHcqSuE9yJLIkz1x8DgE9hFWHYPIp0MwHzcedhge6MW4teBjGB7HIbav9cVJnOgLXBZK0hnTL2VEn5OWpLm8uPoBgR289%2F%2BfglyePvwEzBRJT4CP5A0FP3R5f1znZva5zSx5eS1IZySGtNLuR0lTUvnpPbOXa8JXLdvTl26wCqvLgprDpVRpzGfcs%2BXpJci7MsjZMkG9X7LoI1jK7sZSZOEuurr2zvBIlRlgrdTwBrfxXCSJLcv6fV6Z%2BdKOfIM0EJisQZUdkFpB6ApZswyZHi%2Bnwjyv3L3wCqwmMOpsJknPIs2JsGsHZo5IESpz1NChgxdkRAnH03V%2Bn2I69jZ6pgaa3pi7smwJ9VYCqEWx2fpwm5mjx0RdV3EWgauNAmdpuoIz6vCT%2Bj3enF66qOyWZq9dg5bEr2qEXCq8hgrAbhB3q8W7Y6ga064tO0KY%2BUluy34%2F%2F%2FQ8AAP%2F%2FAQAA%2F%2F%2FJcpiJdgQAAA%3D%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSPWwcRRSeDQdFQEKgUEC1JUHovHs%2FPh9BMpjgyCI4JglyPTszex48u7PM7N6ej8YiEkp5BUVItf7OjgVYUdLQIdCZgsgSEisk5AIjSjqkSHQBtOeTLJ60%2B96b7xXve9%2F32U52Qjxk9HjtfT2UStG5dt1zX12XMde5dVdvur5X9y656zKeb11yB9XP9N%2FwvXbdu%2BheEWxTzzU83%2FN8z3eXpRGhHsxNUcjkoOvXu1691aj77RYG5v%2B9zRxY6oD3T8iLkLx8euPRQ0g2QRw9uCzsZqqT19%2BNMkVTbdDn%2Bx%2FGm7HOY0RnZWgchPH%2BbBraloTcOQcd788YQPd3KwYIZEmcX30E8f5sTQT9vdNNAwURI%2BDPIu9PINQEkk7A9C1I%2FjMBGMfqNcTRvVVtcrp1itIKLUnt78eQeUlqv11AHN1fUnLg3tAqS6WOLQZhATmYQPYmSLJDpEMHMj8ESz%2BF5ARxVEDyYspayglkOIESI1DrIKs%2B6SALHWSJg4gfu7TdDT2vEwZhs7nQYow1m4y1F%2BZ5mzdbC6GHjFVrjZAmIzA1AjPbSMw2NuUIJvsedqOA5Q5sWhLng230eYFcEOSWIKcEuSTIU4K8X%2BxxZRu2uMeVzQJ%2Flhuz3CzGOu3t0D2d9kRMdpIT8kJ1D%2Bel14BNcew2mqLToczzOkGXsuY882mHCtr15luCMh7AygLSnptSHcqSuE9yJLIkz1x8DgE9hFWHYPIp0MwHzcedhge6MW4teBjGB7HIbav9cVJnOgLXBZK0hnTL2VEn5OWpLm8uPoBgR289%2F%2BfglyePvwEzBRJT4CP5A0FP3R5f1znZva5zSx5eS1IZySGtNLuR0lTUvnpPbOXa8JXLdvTl26wCqvLgprDpVRpzGfcs%2BXpJci7MsjZMkG9X7LoI1jK7sZSZOEuurr2zvBIlRlgrdTwBrfxXCSJLcv6fV6Z%2BdKOfIM0EJisQZUdkFpB6ApZswyZHi%2Bnwjyv3L3wCqwmMOpsJknPIs2JsGsHZo5IESpz1NChgxdkRAnH03V%2Bn2I69jZ6pgaa3pi7smwJ9VYCqEWx2fpwm5mjx0RdV3EWgauNAmdpuoIz6vCT%2Bj3enF66qOyWZq9dg5bEr2qEXCq8hgrAbhB3q8W7Y6ga064tO0KY%2BUluy34%2F%2F%2FQ8AAP%2F%2FAQAA%2F%2F%2FJcpiJdgQAAA%3D%3D HTTP/1.1
Host: permissioncornshrine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Cookie: u_pl=18164386; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 16:32:00 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5673cb705d21ba5416caaf80719cf909
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5fc2e5e3dacb5f1694d1a313e41dfeff
a2b4b4257d0b674a067709e7fb363aaefb49b527
9bbe470357f73baef6b70ea5c067c0f513822d705a2b7b1c5c5b3711b90dfd11
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BBE470357F73BAEF6B70EA5C067C0F513822D705A2B7B1C5C5B3711B90DFD11"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12172
Expires: Sun, 05 Feb 2023 19:54:52 GMT
Date: Sun, 05 Feb 2023 16:32:00 GMT
Connection: keep-alive
permissioncornshrine.com/ren.gif?sid=H4sIAAAAAAAC%2F%2BxWy6%2FjVhn3bS8g8ViAQIhd1Isqirj32rGdxC3VkDjOy0mcd5wsiI6P7eQkfh8%2FkpRKfUioC5AuiEXpKnNu2xFQ0FQgMYK2oDssqGZBbjbVVGIQO3YgIZUFQqDcDprOjj%2BAz7LP7%2FPvSP5%2BPr%2Bj8337enSPokkE7rYa7hpZFjjlT%2BjUV4bI0d0Ep5q9FEOf0E%2BlhsjJcE%2BllvtHED%2FJ0PwJ%2FUSqbMCFe5qmGZpmaCZVQoFhusvTK5Yg7w2BORHoEy59wvAcWQYP5zg6IBgcED2%2BR32OIH33sdm7bxIEL4hj3ywaeBG63tckO7JA6AYk1m%2F0nYXjJg6xH0AzOCCmc%2BP%2BbOLiHUW9%2FAhxnRv3FRA3fnWvgGhoRx28xxDNuXG%2FTKLFr31YqWYRwyGa%2FimSxBfEsC4IAhcEui8SpF9ShECdNBXi2K833SABqw9ZsGd31OEHfyco2VGHf%2Fw8ceyfFSy0THVdKwqR62CyNDcELS8Iml4QL7pNwvUBQcltAsMXCNIp4tgbgvTNlWqELggyL4hlnBGAD0i0v9EBicwDEnkHxNbvpgAvmDSdNTWTZXMchJBlIeRzGZ3XWS5n0iSC%2B7LOSOidEWidERg8R7zgObJAZySIfkvwbEOwfkBwuKMO2s%2BRWN%2BQxKBIgimSAIokiCJJSJEk3rymWziNN6%2FrFo405v6Yvj%2Bym3M3nF4Hr7nh1HCo69496rP7%2F3Hwha8SsjDuptKskc0CSNNZTQCQzUAGZIEBBDrDGQDqGsFoQxB%2B5ErqGu2o1L8S4qEd9fEnPk00cJtg6zaB6FECIoaA5DybpgmYnXM5mqydNxwjwRzveyfQtYnubogXHpJwdXDdukd96WpdTk8OiQHvXHvme%2F%2F4zF8%2B%2BAOBwYZ4wYbM0e8oMrVeOu%2B4CfVqx00w9abihchGa7Bfs24IQoP6sWysEjfQq0V89qM83BN7%2BEbPwGEdODpyppj6SQHpuhGU3AAa1NtVPDS0VoRnhShwIq%2FeEktV2wsMjJHrXBCAdhT1578SiHbUJ94DV3784j9VgoLbJIjef%2BRbszD08JOnp1MDelq4F3Yac6dsluPpU2ghuLg2fXoxlGVuVff9NLJHYq2eh5jrTVddfr2SVr1yfmrApNRR1B6qzCJRyGs2WmU1LyzFVsdoZUaeXRmphUGrXJvkSo066zTkKgrScj3rRIZj8HQjnZstsw6wFd63YMMYDel2YW7l4pkxs7honBt2ZTVRgmrR5RBqO6xm4llQZLmJnm7KmUF%2FTS%2BYYCVNfL%2FQiXtD1Fut4cjRXE5d9Npa2VOKZnYMZCa7FnOTKNsrqFG6EVRlvu9ZZVzvHidxmC8HghwpEmuPii1%2BKIVC0Q%2F7PUMf0MOMEreqPVZfNENjXElkvsnUqk1d6vaw6C0VBYpVEWc4kyuNhOaIG2FQlisBfYxbfh%2BySjOYj2s5KHHTwOqok6A2iscIVZz1ZCwWYzZkp77q2CEuwjTtd0cLHcmt9RpiO3ab5U4g1kStXPPD0GhlJzFTVNSc1TvmhsdSNg%2F19kzqirXhVFqquV4%2FN4qLjhT2JoVBtTieg3VDKfETCzcVpjEQ%2FOpqxjtrxDqjYDpbj48NA4y7BVzj7QLWGk3RqWBTa%2Br%2B0mtIOb4cpRdR3nUTOZfDsoklU%2FTpSFoUtFqQUZeo3VEqwnzcx14dQtrSspJwXPBLelV3kGV6PZPTl5VImaeLAIS9OmtBB1tWJEVo0M3NRWJHd679jboKgtwLAr0X3zw6aindXiEvypN%2Bp949Onr%2F0W8%2B9l%2BX6otAi%2FDDLnWiwJpA1zFRYP%2FfrP%2BjWRfzqC0OJnlt1uXWYbhelbEay7wnxFEeHlcHpmI7DXVUn3LVtr8y66rBxmJ9usrZ0%2FW8Do5RGuebXU%2Bdutp62AmSslRN5tOWoHYKNTjLDDqDvB3XF1pLrchCF6rA0ods%2F7jMd9vY8YtNcZKAeUEfoYZoRqNMwvLlRFNa6WFhsOJiNaL5CW7Lw9WgwTBSd6bNgvWsvpq1j1XGHfM%2B45d8uJxYdtsPysIYTIfxCAzCeqUnV0oFtRiFk65bWRUXVp9L5Dme2l7d7c%2FFxngdy7gNC54MS9JQaQy4WFK6cj8c8D16SPd0t%2BNyXDAAlQanzDOC3gFCLxTwUmXVCap6jbxQYtr5HI6lWhjE81zSaS1g4bg9ao%2FietxicE%2BWpxk9dkpmpgOKIjaSiswkzHF7zXTHShIu4ETN4krZNtV83vdHtYkYSsjnlKGfLg1rsRKOtIrguqtWuGjpreM05IRqUp95YFG2cpVygR4ZY04e6HPfBcFyWirjZqhVpKipihK77AgS6E%2BmjwPv6S8%2Fk%2B%2BLvarSnLQ6VVF69nEAP%2FJO7Hc6UlMcPfvYT4%2BOqo18Wdrvt6Oju4OHDoMTqDunLMilOeY0wzNpTT%2FNZZkMn83SWZ7NcQaktbSZMxkWpBktnaVz4FSntQybzWRM3gQM4LmTuWdMbx4d9aq9ujQp15VCfv%2Bhb2y%2Fn9pev7o2qe0vtzdTl9%2B9fGF7K3X5%2FPbt7a3tW9tfbW%2Bltm9t39n%2BfPvrPfzN9p3L57c3t7%2FY3rp84fI7BHt3qPtBsEuRwHqQa94hSaLNeZDWHhzHFqKIZTyYBLQNwR%2FJtQf4On6JTINDAsIXr%2FqlONiQ2NoQYJ0RHH3yPPSCO9fe%2FeE%2BXiGadXiuWcHhq5oVWD%2FYUczvX9lRX792c49e%2FrArwOhuyuBN2jTotKGZgmZmAa0LJidoQGCMrMYDhoR4B%2F9099%2F%2FAQAA%2F%2F8BAAD%2F%2Fyi%2FGBUgCwAA
192.243.59.12200 OK 7 B URL HTTP/1.1 permissioncornshrine.com/ren.gif?sid=H4sIAAAAAAAC%2F%2BxWy6%2FjVhn3bS8g8ViAQIhd1Isqirj32rGdxC3VkDjOy0mcd5wsiI6P7eQkfh8%2FkpRKfUioC5AuiEXpKnNu2xFQ0FQgMYK2oDssqGZBbjbVVGIQO3YgIZUFQqDcDprOjj%2BAz7LP7%2FPvSP5%2BPr%2Bj8337enSPokkE7rYa7hpZFjjlT%2BjUV4bI0d0Ep5q9FEOf0E%2BlhsjJcE%2BllvtHED%2FJ0PwJ%2FUSqbMCFe5qmGZpmaCZVQoFhusvTK5Yg7w2BORHoEy59wvAcWQYP5zg6IBgcED2%2BR32OIH33sdm7bxIEL4hj3ywaeBG63tckO7JA6AYk1m%2F0nYXjJg6xH0AzOCCmc%2BP%2BbOLiHUW9%2FAhxnRv3FRA3fnWvgGhoRx28xxDNuXG%2FTKLFr31YqWYRwyGa%2FimSxBfEsC4IAhcEui8SpF9ShECdNBXi2K833SABqw9ZsGd31OEHfyco2VGHf%2Fw8ceyfFSy0THVdKwqR62CyNDcELS8Iml4QL7pNwvUBQcltAsMXCNIp4tgbgvTNlWqELggyL4hlnBGAD0i0v9EBicwDEnkHxNbvpgAvmDSdNTWTZXMchJBlIeRzGZ3XWS5n0iSC%2B7LOSOidEWidERg8R7zgObJAZySIfkvwbEOwfkBwuKMO2s%2BRWN%2BQxKBIgimSAIokiCJJSJEk3rymWziNN6%2FrFo405v6Yvj%2Bym3M3nF4Hr7nh1HCo69496rP7%2F3Hwha8SsjDuptKskc0CSNNZTQCQzUAGZIEBBDrDGQDqGsFoQxB%2B5ErqGu2o1L8S4qEd9fEnPk00cJtg6zaB6FECIoaA5DybpgmYnXM5mqydNxwjwRzveyfQtYnubogXHpJwdXDdukd96WpdTk8OiQHvXHvme%2F%2F4zF8%2B%2BAOBwYZ4wYbM0e8oMrVeOu%2B4CfVqx00w9abihchGa7Bfs24IQoP6sWysEjfQq0V89qM83BN7%2BEbPwGEdODpyppj6SQHpuhGU3AAa1NtVPDS0VoRnhShwIq%2FeEktV2wsMjJHrXBCAdhT1578SiHbUJ94DV3784j9VgoLbJIjef%2BRbszD08JOnp1MDelq4F3Yac6dsluPpU2ghuLg2fXoxlGVuVff9NLJHYq2eh5jrTVddfr2SVr1yfmrApNRR1B6qzCJRyGs2WmU1LyzFVsdoZUaeXRmphUGrXJvkSo066zTkKgrScj3rRIZj8HQjnZstsw6wFd63YMMYDel2YW7l4pkxs7honBt2ZTVRgmrR5RBqO6xm4llQZLmJnm7KmUF%2FTS%2BYYCVNfL%2FQiXtD1Fut4cjRXE5d9Npa2VOKZnYMZCa7FnOTKNsrqFG6EVRlvu9ZZVzvHidxmC8HghwpEmuPii1%2BKIVC0Q%2F7PUMf0MOMEreqPVZfNENjXElkvsnUqk1d6vaw6C0VBYpVEWc4kyuNhOaIG2FQlisBfYxbfh%2BySjOYj2s5KHHTwOqok6A2iscIVZz1ZCwWYzZkp77q2CEuwjTtd0cLHcmt9RpiO3ab5U4g1kStXPPD0GhlJzFTVNSc1TvmhsdSNg%2F19kzqirXhVFqquV4%2FN4qLjhT2JoVBtTieg3VDKfETCzcVpjEQ%2FOpqxjtrxDqjYDpbj48NA4y7BVzj7QLWGk3RqWBTa%2Br%2B0mtIOb4cpRdR3nUTOZfDsoklU%2FTpSFoUtFqQUZeo3VEqwnzcx14dQtrSspJwXPBLelV3kGV6PZPTl5VImaeLAIS9OmtBB1tWJEVo0M3NRWJHd679jboKgtwLAr0X3zw6aindXiEvypN%2Bp949Onr%2F0W8%2B9l%2BX6otAi%2FDDLnWiwJpA1zFRYP%2FfrP%2BjWRfzqC0OJnlt1uXWYbhelbEay7wnxFEeHlcHpmI7DXVUn3LVtr8y66rBxmJ9usrZ0%2FW8Do5RGuebXU%2Bdutp62AmSslRN5tOWoHYKNTjLDDqDvB3XF1pLrchCF6rA0ods%2F7jMd9vY8YtNcZKAeUEfoYZoRqNMwvLlRFNa6WFhsOJiNaL5CW7Lw9WgwTBSd6bNgvWsvpq1j1XGHfM%2B45d8uJxYdtsPysIYTIfxCAzCeqUnV0oFtRiFk65bWRUXVp9L5Dme2l7d7c%2FFxngdy7gNC54MS9JQaQy4WFK6cj8c8D16SPd0t%2BNyXDAAlQanzDOC3gFCLxTwUmXVCap6jbxQYtr5HI6lWhjE81zSaS1g4bg9ao%2FietxicE%2BWpxk9dkpmpgOKIjaSiswkzHF7zXTHShIu4ETN4krZNtV83vdHtYkYSsjnlKGfLg1rsRKOtIrguqtWuGjpreM05IRqUp95YFG2cpVygR4ZY04e6HPfBcFyWirjZqhVpKipihK77AgS6E%2BmjwPv6S8%2Fk%2B%2BLvarSnLQ6VVF69nEAP%2FJO7Hc6UlMcPfvYT4%2BOqo18Wdrvt6Oju4OHDoMTqDunLMilOeY0wzNpTT%2FNZZkMn83SWZ7NcQaktbSZMxkWpBktnaVz4FSntQybzWRM3gQM4LmTuWdMbx4d9aq9ujQp15VCfv%2Bhb2y%2Fn9pev7o2qe0vtzdTl9%2B9fGF7K3X5%2FPbt7a3tW9tfbW%2Bltm9t39n%2BfPvrPfzN9p3L57c3t7%2FY3rp84fI7BHt3qPtBsEuRwHqQa94hSaLNeZDWHhzHFqKIZTyYBLQNwR%2FJtQf4On6JTINDAsIXr%2FqlONiQ2NoQYJ0RHH3yPPSCO9fe%2FeE%2BXiGadXiuWcHhq5oVWD%2FYUczvX9lRX792c49e%2FrArwOhuyuBN2jTotKGZgmZmAa0LJidoQGCMrMYDhoR4B%2F9099%2F%2FAQAA%2F%2F8BAAD%2F%2Fyi%2FGBUgCwAA
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F%2BxWy6%2FjVhn3bS8g8ViAQIhd1Isqirj32rGdxC3VkDjOy0mcd5wsiI6P7eQkfh8%2FkpRKfUioC5AuiEXpKnNu2xFQ0FQgMYK2oDssqGZBbjbVVGIQO3YgIZUFQqDcDprOjj%2BAz7LP7%2FPvSP5%2BPr%2Bj8337enSPokkE7rYa7hpZFjjlT%2BjUV4bI0d0Ep5q9FEOf0E%2BlhsjJcE%2BllvtHED%2FJ0PwJ%2FUSqbMCFe5qmGZpmaCZVQoFhusvTK5Yg7w2BORHoEy59wvAcWQYP5zg6IBgcED2%2BR32OIH33sdm7bxIEL4hj3ywaeBG63tckO7JA6AYk1m%2F0nYXjJg6xH0AzOCCmc%2BP%2BbOLiHUW9%2FAhxnRv3FRA3fnWvgGhoRx28xxDNuXG%2FTKLFr31YqWYRwyGa%2FimSxBfEsC4IAhcEui8SpF9ShECdNBXi2K833SABqw9ZsGd31OEHfyco2VGHf%2Fw8ceyfFSy0THVdKwqR62CyNDcELS8Iml4QL7pNwvUBQcltAsMXCNIp4tgbgvTNlWqELggyL4hlnBGAD0i0v9EBicwDEnkHxNbvpgAvmDSdNTWTZXMchJBlIeRzGZ3XWS5n0iSC%2B7LOSOidEWidERg8R7zgObJAZySIfkvwbEOwfkBwuKMO2s%2BRWN%2BQxKBIgimSAIokiCJJSJEk3rymWziNN6%2FrFo405v6Yvj%2Bym3M3nF4Hr7nh1HCo69496rP7%2F3Hwha8SsjDuptKskc0CSNNZTQCQzUAGZIEBBDrDGQDqGsFoQxB%2B5ErqGu2o1L8S4qEd9fEnPk00cJtg6zaB6FECIoaA5DybpgmYnXM5mqydNxwjwRzveyfQtYnubogXHpJwdXDdukd96WpdTk8OiQHvXHvme%2F%2F4zF8%2B%2BAOBwYZ4wYbM0e8oMrVeOu%2B4CfVqx00w9abihchGa7Bfs24IQoP6sWysEjfQq0V89qM83BN7%2BEbPwGEdODpyppj6SQHpuhGU3AAa1NtVPDS0VoRnhShwIq%2FeEktV2wsMjJHrXBCAdhT1578SiHbUJ94DV3784j9VgoLbJIjef%2BRbszD08JOnp1MDelq4F3Yac6dsluPpU2ghuLg2fXoxlGVuVff9NLJHYq2eh5jrTVddfr2SVr1yfmrApNRR1B6qzCJRyGs2WmU1LyzFVsdoZUaeXRmphUGrXJvkSo066zTkKgrScj3rRIZj8HQjnZstsw6wFd63YMMYDel2YW7l4pkxs7honBt2ZTVRgmrR5RBqO6xm4llQZLmJnm7KmUF%2FTS%2BYYCVNfL%2FQiXtD1Fut4cjRXE5d9Npa2VOKZnYMZCa7FnOTKNsrqFG6EVRlvu9ZZVzvHidxmC8HghwpEmuPii1%2BKIVC0Q%2F7PUMf0MOMEreqPVZfNENjXElkvsnUqk1d6vaw6C0VBYpVEWc4kyuNhOaIG2FQlisBfYxbfh%2BySjOYj2s5KHHTwOqok6A2iscIVZz1ZCwWYzZkp77q2CEuwjTtd0cLHcmt9RpiO3ab5U4g1kStXPPD0GhlJzFTVNSc1TvmhsdSNg%2F19kzqirXhVFqquV4%2FN4qLjhT2JoVBtTieg3VDKfETCzcVpjEQ%2FOpqxjtrxDqjYDpbj48NA4y7BVzj7QLWGk3RqWBTa%2Br%2B0mtIOb4cpRdR3nUTOZfDsoklU%2FTpSFoUtFqQUZeo3VEqwnzcx14dQtrSspJwXPBLelV3kGV6PZPTl5VImaeLAIS9OmtBB1tWJEVo0M3NRWJHd679jboKgtwLAr0X3zw6aindXiEvypN%2Bp949Onr%2F0W8%2B9l%2BX6otAi%2FDDLnWiwJpA1zFRYP%2FfrP%2BjWRfzqC0OJnlt1uXWYbhelbEay7wnxFEeHlcHpmI7DXVUn3LVtr8y66rBxmJ9usrZ0%2FW8Do5RGuebXU%2Bdutp62AmSslRN5tOWoHYKNTjLDDqDvB3XF1pLrchCF6rA0ods%2F7jMd9vY8YtNcZKAeUEfoYZoRqNMwvLlRFNa6WFhsOJiNaL5CW7Lw9WgwTBSd6bNgvWsvpq1j1XGHfM%2B45d8uJxYdtsPysIYTIfxCAzCeqUnV0oFtRiFk65bWRUXVp9L5Dme2l7d7c%2FFxngdy7gNC54MS9JQaQy4WFK6cj8c8D16SPd0t%2BNyXDAAlQanzDOC3gFCLxTwUmXVCap6jbxQYtr5HI6lWhjE81zSaS1g4bg9ao%2FietxicE%2BWpxk9dkpmpgOKIjaSiswkzHF7zXTHShIu4ETN4krZNtV83vdHtYkYSsjnlKGfLg1rsRKOtIrguqtWuGjpreM05IRqUp95YFG2cpVygR4ZY04e6HPfBcFyWirjZqhVpKipihK77AgS6E%2BmjwPv6S8%2Fk%2B%2BLvarSnLQ6VVF69nEAP%2FJO7Hc6UlMcPfvYT4%2BOqo18Wdrvt6Oju4OHDoMTqDunLMilOeY0wzNpTT%2FNZZkMn83SWZ7NcQaktbSZMxkWpBktnaVz4FSntQybzWRM3gQM4LmTuWdMbx4d9aq9ujQp15VCfv%2Bhb2y%2Fn9pev7o2qe0vtzdTl9%2B9fGF7K3X5%2FPbt7a3tW9tfbW%2Bltm9t39n%2BfPvrPfzN9p3L57c3t7%2FY3rp84fI7BHt3qPtBsEuRwHqQa94hSaLNeZDWHhzHFqKIZTyYBLQNwR%2FJtQf4On6JTINDAsIXr%2FqlONiQ2NoQYJ0RHH3yPPSCO9fe%2FeE%2BXiGadXiuWcHhq5oVWD%2FYUczvX9lRX792c49e%2FrArwOhuyuBN2jTotKGZgmZmAa0LJidoQGCMrMYDhoR4B%2F9099%2F%2FAQAA%2F%2F8BAAD%2F%2Fyi%2FGBUgCwAA HTTP/1.1
Host: permissioncornshrine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Cookie: u_pl=18164386; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 16:32:00 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a4f0fdf6f55b0caff49aed7a3c8f3886
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6775371ad58895526c9af87544fe77b2
7228a426342d14d53bc3a9d247c88115201f3f74
a014aaebcdbb4beabf4ec663c1c2837735c1d78da37a2af01eec068d597938aa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A014AAEBCDBB4BEABF4EC663C1C2837735C1D78DA37A2AF01EEC068D597938AA"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15885
Expires: Sun, 05 Feb 2023 20:56:45 GMT
Date: Sun, 05 Feb 2023 16:32:00 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6775371ad58895526c9af87544fe77b2
7228a426342d14d53bc3a9d247c88115201f3f74
a014aaebcdbb4beabf4ec663c1c2837735c1d78da37a2af01eec068d597938aa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A014AAEBCDBB4BEABF4EC663C1C2837735C1D78DA37A2AF01EEC068D597938AA"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15885
Expires: Sun, 05 Feb 2023 20:56:45 GMT
Date: Sun, 05 Feb 2023 16:32:00 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6775371ad58895526c9af87544fe77b2
7228a426342d14d53bc3a9d247c88115201f3f74
a014aaebcdbb4beabf4ec663c1c2837735c1d78da37a2af01eec068d597938aa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A014AAEBCDBB4BEABF4EC663C1C2837735C1D78DA37A2AF01EEC068D597938AA"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12462
Expires: Sun, 05 Feb 2023 19:59:42 GMT
Date: Sun, 05 Feb 2023 16:32:00 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/img/sale3.jpg
172.64.167.9200 OK 65 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/img/sale3.jpg
IP 172.64.167.9:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=242, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=364], progressive, precision 8, 364x242, components 3\012- data
Hash 61f7b1fa1698507638df7882e2bdfcaf
89134af9a734f4c30d0db01ea36c86895e46b7e3
bc0a583f7e3c834e53d5263ecc90d279b27460ea2e9bce56b7ac6b129eb5849c
GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/img/sale3.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 16:32:00 GMT
content-type: image/jpeg
content-length: 64642
last-modified: Thu, 12 Aug 2021 09:52:54 GMT
etag: "6114ef76-fc82"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7094456
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2fbcy5krDQlPnpG7OSJqwEUnS0Vbi%2B3qXtJUbrB2edJIdHblQNX2cIPh6rPpDNhCgCGjzy6kqULLr7H8XCC7cZXwz2Z48j0F6t69WXUdKwwsLpBKPyUfKGhbkTqFFidQT%2BGbbHYiRtIj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794d0a21cda688b6-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6775371ad58895526c9af87544fe77b2
7228a426342d14d53bc3a9d247c88115201f3f74
a014aaebcdbb4beabf4ec663c1c2837735c1d78da37a2af01eec068d597938aa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A014AAEBCDBB4BEABF4EC663C1C2837735C1D78DA37A2AF01EEC068D597938AA"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15885
Expires: Sun, 05 Feb 2023 20:56:45 GMT
Date: Sun, 05 Feb 2023 16:32:00 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=6269f639-1d29-4485-8978-3fde32f1cdef&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=8104dca4b35566a00c940655df365051&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=6269f639-1d29-4485-8978-3fde32f1cdef&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=8104dca4b35566a00c940655df365051&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=6269f639-1d29-4485-8978-3fde32f1cdef&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=8104dca4b35566a00c940655df365051&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 05 Feb 2023 16:32:00 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 44a47abb25be99af143bf614b4e632f0
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:32:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:32:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://breakingnwz8.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 22:02:00 GMT
expires: Mon, 29 Jan 2024 22:02:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 585000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://breakingnwz8.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 13:09:06 GMT
expires: Wed, 31 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 444174
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
solitudearbitrary.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTvL7eVACiiIKSh88GHAn1dPd82EOYoyRYEyWJLLn%2BuieLbemq63qnp7d02JAchxvHnuf2c2iLmL%2BAFFmvYQ9ZTzIHFz%2FBUEUL6LM7MjgC1Xvx1MFz%2Fu876d75SmhKNls%2FQOzo7Rml%2BMG9V%2FfUJk0lfNv3fMD2qBX%2FA2VtaIr%2FnB%2B2cGbAY0b9JL%2FXiK2zOUmDSgNaOBfVzZJzfDyAoXKj7pBo0sbUbMRxBGG9r%2B5Kz045kEOTslzUHL6v83Hj6DEBFn%2Fm2uJ2ypM%2Fsa7%2FVKzwlgM5OGH2VZmqgz9VZhaD2l2uHwN46aEfH4OJjtcdgAz2J93AK6mxPspAM8OlzTBBwdnTLlGkoHLp1ENJkj0BIpNIMx9KPmEAELi1m1k%2FYe3jK3Y9hnK5uiUXPjjN6hqSi78%2FDyy%2FtdXtRr6d40uC2Uyh2FaQw0nUL0J8vIYxY4HVR1DFJ9ASYKsX0PJ2WtcRKwrg3gtiilfi0LaXeOcs7Ww3QzDlIcp43IhjVITqHQCnYzAnIdyfpSHMvVQ5h76cuazuJtS2k55GoadSAgRhkLEnZaMZRh1UopSzLmPUOQjCD2CsLvI7S621Ai2%2FB5us4aTHlxBMJA1qoSgcgQVI6gUQVUQVIP6QGrXdPVDqV3Jg6VvLn1Yj03R22MHpuglGdnLT8mzc8G8F17dxFYy8zsBjaRgEQ%2FjuNVilIpuRFtxLNOwFdM4gFM1lDu3aHNHTYn%2FV4VcTcn%2FLz0Dzo7h9DGEOg9WvgJWjdtNCrY5jjoUO9lRllQuij%2FOG8L0IU2NvLiAYtvb06fkpcXgGn%2BGSMQJWRqErZHbGh%2BpHwh6%2BsH4jqnI%2Fh1TOfLodl6ovtph86HeLViReF%2B%2Bn2xXxsob19zoi7fFHJiHR%2FcSV9xkmVRZz5GvriopE3vdWJGQb2%2B4jYSvl27zammzMr%2B5%2Fs71G%2F3cJs4pk03A1JOLFyHUlDz1%2BPfFur54%2BjKUncCWNfrliqkyxxD5Lly%2BqjlDYPUq57mHqqzHtslXRa0IdLLKGa%2FhkpPvfv330yrecw%2FQsx5YcX%2BxpANbY6BrMD2CK8%2BPi9yevPVjuDBw7Y25tt4%2B11Z%2FdiatUzM%2FDqKkwzttISVPhAzazbATUtqUMmp3k6CLwk3FL7O%2F%2FwEAAP%2F%2FAQAA%2F%2F83c%2B5XhgQAAA%3D%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 solitudearbitrary.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTvL7eVACiiIKSh88GHAn1dPd82EOYoyRYEyWJLLn%2BuieLbemq63qnp7d02JAchxvHnuf2c2iLmL%2BAFFmvYQ9ZTzIHFz%2FBUEUL6LM7MjgC1Xvx1MFz%2Fu876d75SmhKNls%2FQOzo7Rml%2BMG9V%2FfUJk0lfNv3fMD2qBX%2FA2VtaIr%2FnB%2B2cGbAY0b9JL%2FXiK2zOUmDSgNaOBfVzZJzfDyAoXKj7pBo0sbUbMRxBGG9r%2B5Kz045kEOTslzUHL6v83Hj6DEBFn%2Fm2uJ2ypM%2Fsa7%2FVKzwlgM5OGH2VZmqgz9VZhaD2l2uHwN46aEfH4OJjtcdgAz2J93AK6mxPspAM8OlzTBBwdnTLlGkoHLp1ENJkj0BIpNIMx9KPmEAELi1m1k%2FYe3jK3Y9hnK5uiUXPjjN6hqSi78%2FDyy%2FtdXtRr6d40uC2Uyh2FaQw0nUL0J8vIYxY4HVR1DFJ9ASYKsX0PJ2WtcRKwrg3gtiilfi0LaXeOcs7Ww3QzDlIcp43IhjVITqHQCnYzAnIdyfpSHMvVQ5h76cuazuJtS2k55GoadSAgRhkLEnZaMZRh1UopSzLmPUOQjCD2CsLvI7S621Ai2%2FB5us4aTHlxBMJA1qoSgcgQVI6gUQVUQVIP6QGrXdPVDqV3Jg6VvLn1Yj03R22MHpuglGdnLT8mzc8G8F17dxFYy8zsBjaRgEQ%2FjuNVilIpuRFtxLNOwFdM4gFM1lDu3aHNHTYn%2FV4VcTcn%2FLz0Dzo7h9DGEOg9WvgJWjdtNCrY5jjoUO9lRllQuij%2FOG8L0IU2NvLiAYtvb06fkpcXgGn%2BGSMQJWRqErZHbGh%2BpHwh6%2BsH4jqnI%2Fh1TOfLodl6ovtph86HeLViReF%2B%2Bn2xXxsob19zoi7fFHJiHR%2FcSV9xkmVRZz5GvriopE3vdWJGQb2%2B4jYSvl27zammzMr%2B5%2Fs71G%2F3cJs4pk03A1JOLFyHUlDz1%2BPfFur54%2BjKUncCWNfrliqkyxxD5Lly%2BqjlDYPUq57mHqqzHtslXRa0IdLLKGa%2FhkpPvfv330yrecw%2FQsx5YcX%2BxpANbY6BrMD2CK8%2BPi9yevPVjuDBw7Y25tt4%2B11Z%2FdiatUzM%2FDqKkwzttISVPhAzazbATUtqUMmp3k6CLwk3FL7O%2F%2FwEAAP%2F%2FAQAA%2F%2F83c%2B5XhgQAAA%3D%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTvL7eVACiiIKSh88GHAn1dPd82EOYoyRYEyWJLLn%2BuieLbemq63qnp7d02JAchxvHnuf2c2iLmL%2BAFFmvYQ9ZTzIHFz%2FBUEUL6LM7MjgC1Xvx1MFz%2Fu876d75SmhKNls%2FQOzo7Rml%2BMG9V%2FfUJk0lfNv3fMD2qBX%2FA2VtaIr%2FnB%2B2cGbAY0b9JL%2FXiK2zOUmDSgNaOBfVzZJzfDyAoXKj7pBo0sbUbMRxBGG9r%2B5Kz045kEOTslzUHL6v83Hj6DEBFn%2Fm2uJ2ypM%2Fsa7%2FVKzwlgM5OGH2VZmqgz9VZhaD2l2uHwN46aEfH4OJjtcdgAz2J93AK6mxPspAM8OlzTBBwdnTLlGkoHLp1ENJkj0BIpNIMx9KPmEAELi1m1k%2FYe3jK3Y9hnK5uiUXPjjN6hqSi78%2FDyy%2FtdXtRr6d40uC2Uyh2FaQw0nUL0J8vIYxY4HVR1DFJ9ASYKsX0PJ2WtcRKwrg3gtiilfi0LaXeOcs7Ww3QzDlIcp43IhjVITqHQCnYzAnIdyfpSHMvVQ5h76cuazuJtS2k55GoadSAgRhkLEnZaMZRh1UopSzLmPUOQjCD2CsLvI7S621Ai2%2FB5us4aTHlxBMJA1qoSgcgQVI6gUQVUQVIP6QGrXdPVDqV3Jg6VvLn1Yj03R22MHpuglGdnLT8mzc8G8F17dxFYy8zsBjaRgEQ%2FjuNVilIpuRFtxLNOwFdM4gFM1lDu3aHNHTYn%2FV4VcTcn%2FLz0Dzo7h9DGEOg9WvgJWjdtNCrY5jjoUO9lRllQuij%2FOG8L0IU2NvLiAYtvb06fkpcXgGn%2BGSMQJWRqErZHbGh%2BpHwh6%2BsH4jqnI%2Fh1TOfLodl6ovtph86HeLViReF%2B%2Bn2xXxsob19zoi7fFHJiHR%2FcSV9xkmVRZz5GvriopE3vdWJGQb2%2B4jYSvl27zammzMr%2B5%2Fs71G%2F3cJs4pk03A1JOLFyHUlDz1%2BPfFur54%2BjKUncCWNfrliqkyxxD5Lly%2BqjlDYPUq57mHqqzHtslXRa0IdLLKGa%2FhkpPvfv330yrecw%2FQsx5YcX%2BxpANbY6BrMD2CK8%2BPi9yevPVjuDBw7Y25tt4%2B11Z%2FdiatUzM%2FDqKkwzttISVPhAzazbATUtqUMmp3k6CLwk3FL7O%2F%2FwEAAP%2F%2FAQAA%2F%2F83c%2B5XhgQAAA%3D%3D HTTP/1.1
Host: solitudearbitrary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Cookie: u_pl=18161256; uid_id2=bc4a9d15-450b-4309-bbba-37233fb3fabd:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Feb 2023 16:32:00 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9e815b4214964d40b074f7df4374f116
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 16:32:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
solitudearbitrary.com/pixel/sbs?c=1
173.233.137.60200 OK 0 B URL HTTP/1.1 solitudearbitrary.com/pixel/sbs?c=1
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: solitudearbitrary.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Cookie: u_pl=18161256; uid_id2=bc4a9d15-450b-4309-bbba-37233fb3fabd:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Feb 2023 16:32:00 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
friendshipmale.com/sfp.js
172.64.203.23200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.203.23:0
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 16:31:58 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: fa408b74d9c87f8c949429055620caab
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 05 Feb 2023 16:31:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6%2Bpmo7GBx5nQijEiFpTHv0NmzJpOH2G%2BkIYW0TgyUJs253d2GkTJzmEefkFTuFfSpD5SPk5444mJ4QobxE4XX2bZLKZ0HHWrTReVR00oIRPBr56cvoWMEUyuMUkGQDMAV0s86c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794d0a18da61779b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
104.18.10.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP 104.18.10.207:0
GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 16:31:58 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 2021-04-23 06:29:02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 6a91d2c867066733b6d92a7a528c5c2e
cdn-cache: HIT
cf-cache-status: HIT
age: 23725055
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 794d0a16faa51c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/index.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/index.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://breakingnwz8.com
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 16:32:00 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 12 Aug 2021 09:54:31 GMT
etag: W/"6114efd7-609"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 05 Feb 2023 17:32:00 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/animate.css
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/animate.css
IP 172.64.167.9:0
GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://breakingnwz8.com
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 16:32:00 GMT
content-type: text/css
last-modified: Thu, 12 Aug 2021 09:52:53 GMT
etag: W/"6114ef75-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pbEDwqcxeVWIxGzRfA3X6EY7Ww0MiJbSSL8l%2FbsNCEwQvhyojib4NE%2BPcOBzJtJNXhoX%2BT51WA4FkPXzHJc%2F2knC4BURcdE0MF640O120EEHuCKDuJirjp2%2FX9rEPnZJgO9Dgbyr%2BDwq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794d0a218b2b8891-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/js/script.js
172.64.167.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/js/script.js
IP 172.64.167.9:0
GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://breakingnwz8.com
Connection: keep-alive
Referer: https://breakingnwz8.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 16:32:00 GMT
content-type: application/javascript
last-modified: Thu, 12 Aug 2021 09:52:54 GMT
etag: W/"6114ef76-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S32rh9nab1GaHrszlfWPM5rbi6DIKQDEznYbggVI3J2h2%2Fy7hoRE%2B7hui6cu%2FU7211jucsIFQ3BEl03rwtHkd0MBJmEndeGZBjHkC%2Fd%2BWJKADrFhbxKx7J09hEjRHYuF8mih63MbuDjL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794d0a21ab748891-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2