r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 30c30d01178fc74ac5266ee64c3ee85b
c0c2af8a864c00aa85a8775d55f85ab107150a3b
c15644f69fbfeb99074c7e9711dfc9452ee164fa78eb981b6bae4fb7e3585f2a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2415
Expires: Thu, 17 Nov 2022 20:16:31 GMT
Date: Thu, 17 Nov 2022 19:36:16 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash be1be806b5dca7facbb45a6c3db44652
7ae9380a2f3eca959fe6ff6b3832a17cffd12cf4
1f3338058f8e9cae5c9fdd733c74564312726b01c6efdcd628d851d0c99876b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6176
Cache-Control: max-age=146283
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 19:36:16 GMT
Etag: "63760d7b-1d7"
Expires: Sat, 19 Nov 2022 12:14:19 GMT
Last-Modified: Thu, 17 Nov 2022 10:31:23 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 17 Nov 2022 18:44:56 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3080
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3a38b6dd8a4cc335c026aebf2ed348b6
8a386e0ccb0ca4dc502746c45b2ebc3aa3f83cf8
8b4040a645cec1841a00a22765eb3a74978559daf15c54bd4b41b6b48aab7f95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B4040A645CEC1841A00A22765EB3A74978559DAF15C54BD4B41B6B48AAB7F95"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17704
Expires: Fri, 18 Nov 2022 00:31:20 GMT
Date: Thu, 17 Nov 2022 19:36:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: KffK+NzxOBVND53Ckyfvx/vfcG1AZ7w2bBdzWkXpdRSb3GsNYIEVajY8bsQi+05Fdx3YfaG64O4=
x-amz-request-id: ZJ7EVMARJ3WQ7GYN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 17 Nov 2022 18:52:35 GMT
age: 2621
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 17 Nov 2022 19:36:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 17 Nov 2022 19:25:01 GMT
cache-control: public,max-age=3600
age: 675
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c10055ce87434f700ff8b20e3be1f919
477b3c9f1da0c464282bb54572737e76b6e346da
4d78eb296876122e5ff40fcd7667adf1bf8a4b1ee4c8203c88a63ce8d7910a57
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3736
Cache-Control: max-age=138775
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 19:36:16 GMT
Etag: "6375f9af-1d7"
Expires: Sat, 19 Nov 2022 10:09:11 GMT
Last-Modified: Thu, 17 Nov 2022 09:06:55 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.161.231.36101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.231.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XE1UgNClWoKuwRLopFv5dQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lO4y/vlBZ443krT86pv4+20P8BM=
news70.net/iie/index.php?qbot.zip
103.50.163.157301 Moved Permanently 0 B URL HTTP/1.1 news70.net/iie/index.php?qbot.zip
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /iie/index.php?qbot.zip HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 17 Nov 2022 19:36:16 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Set-Cookie: aiovg_rand_seed=2722078562; expires=Fri, 18-Nov-2022 19:36:17 GMT; Max-Age=86400; path=/
PHPSESSID=2b9a82aed59a82d9afb60a7781948e92; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: http://news70.net/iie/?qbot.zip
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8938
Expires: Thu, 17 Nov 2022 22:05:16 GMT
Date: Thu, 17 Nov 2022 19:36:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8938
Expires: Thu, 17 Nov 2022 22:05:16 GMT
Date: Thu, 17 Nov 2022 19:36:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8938
Expires: Thu, 17 Nov 2022 22:05:16 GMT
Date: Thu, 17 Nov 2022 19:36:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8938
Expires: Thu, 17 Nov 2022 22:05:16 GMT
Date: Thu, 17 Nov 2022 19:36:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9d32fa3866dd741de610a61a93ad893
4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e
4492338de536cfae6fb42fd37170c60f4fbc281a2a924efe6d2b5af352cd102c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6344
x-amzn-requestid: cac35b04-be3b-4ae1-bb5e-8cedcd7a7db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOVFCXIAMFcOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-45c28fa333b748520be29b57;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: uCIDqd8Nb4t4d3VN-UZ8OufrweFvW-RQFc7ZZkkYy9KIZJOh7eQIDA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:33:58 GMT
etag: "4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e"
content-type: image/jpeg
age: 79340
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b2f2035-e536-45fc-90d6-5a76f2b7a8f9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b2f2035-e536-45fc-90d6-5a76f2b7a8f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2bd274d60bc239b0328fe30a442ef2d9
fc4b5a6f389cf683c16e6c229e72b5bfdf9f00ed
f32dab0bb88b93fe3fe49c0b0974cb14e6bdca88d2eaab2d8b9fc42d36ee0dc0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b2f2035-e536-45fc-90d6-5a76f2b7a8f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12337
x-amzn-requestid: e5851f2c-9353-4db3-be88-71858f396096
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bq3aYFwNoAMFiZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6374390f-2b174db41b890a7b37d44ace;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 01:12:47 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: TKWEtKtzjYSs-JejM2B-dc1x4nMKr0nnpsZ5c9ySCfnp5ul786zjZQ==
via: 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 12:00:45 GMT
age: 27333
etag: "fc4b5a6f389cf683c16e6c229e72b5bfdf9f00ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 032386e5c9dffff1ba1ee5e8a322d438
dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: 4778d1bd-28c3-4665-89da-046e356087f0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjyD1HE-oAMF0QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637163b1-53c7330c5fd36d3c4d9e6aed;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:37:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5zDWKjYmvVLCemXw5Swm2qkhw1mQtD5c07Fl7Krydo_XR5FFyHDu4Q==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 07:15:37 GMT
age: 44441
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c125d22-7470-46da-85af-7621027dbe03.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c125d22-7470-46da-85af-7621027dbe03.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 785c079072174860502c277b03f7743d
e63af885fa20dbd2a49ee44397d8f8c595b1cbcf
f4d748e2e7b16f41af16e3f2450a4823af56dacaacaa7f1a9537f41186c64148
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c125d22-7470-46da-85af-7621027dbe03.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8027
x-amzn-requestid: 9c8f833a-bc10-4899-aafb-b6068751f15d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bn08wGsOoAMFaSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637301eb-75b862d5320dfa553466860c;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 03:05:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uCpQ4_KnzebJIjDy2pgU-dAxiQwklQcai8HPgqdguUsOPJx1KaTUmA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 03:12:56 GMT
age: 59002
etag: "e63af885fa20dbd2a49ee44397d8f8c595b1cbcf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0be1985-4e6e-4cc3-9b6e-2fc0d94bc02b.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0be1985-4e6e-4cc3-9b6e-2fc0d94bc02b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 96b4478c098865b0d19738098db61d64
0e18a8c51596c8a4d84a142a57ffe376294833cc
9c9e433cf8f2167e4cfc3cff247eee85ebb9977e338e6e144acaea830db17c2c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0be1985-4e6e-4cc3-9b6e-2fc0d94bc02b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5749
x-amzn-requestid: c67c9352-e777-417e-afe1-003d7a072e86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bkItcGfcoAMFzkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637187ef-670b63160b7d0cdf4a5b609e;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 00:12:31 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: vFDS3_SNf5hbW8NAtNERJbS1jj29nWO0_GSIypgwlv7kymKieO8qNA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 08:44:38 GMT
age: 39100
etag: "0e18a8c51596c8a4d84a142a57ffe376294833cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5e6ba2a-6046-47f6-8da2-f2c9ea6dd2b8.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5e6ba2a-6046-47f6-8da2-f2c9ea6dd2b8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e2a2d21ac149d7cf783628b5e815702
ae4692dccf90fa1a30119c95a1539ed8163e574f
5e1ebb536daa764e1c906c60a7a36c0f67aa476e12bf9fe1fda07bf87bc1f299
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5e6ba2a-6046-47f6-8da2-f2c9ea6dd2b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9362
x-amzn-requestid: 859ecb2a-831d-48df-a769-4bd9e21941fa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brWuSF8hoAMFtVA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63746b28-737fcd2d0c4d85eb71bfc452;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 04:46:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: Vo_6vm8fGw7IFpQIB-rScZ4XQQah_5NtDelbOQFpXqLT2yevul9MnA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 03:10:45 GMT
age: 59133
etag: "ae4692dccf90fa1a30119c95a1539ed8163e574f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
news70.net/iie/?qbot.zip
103.50.163.157404 Not Found 21 kB IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash 646ef5f8115719aed0f9f6c2ed638d6b
d222d9a1dd86e17272e714e0d17d5eda6f04fc74
2f8ce665d09a4dc3ab9c06a42f83beaf262728f5850b209132d6f2c4af0aa9f2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /iie/?qbot.zip HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
Upgrade-Insecure-Requests: 1
HTTP/1.1 404 Not Found
Date: Thu, 17 Nov 2022 19:36:17 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://news70.net/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C700%2C700i&ver=6.1.1
142.250.74.10200 OK 976 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto%3A100%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C700%2C700i&ver=6.1.1
IP 142.250.74.10:0
Hash cd0d7ee719c71856ef0826cb4239aa09
aca040f1a99aa9ae892874586b6e560cd7e24952
f461022b70025b86bf36a8d8b27fba51dd7de89ee43dcdc93c0a74c100ed8d05
GET /css?family=Roboto%3A100%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C700%2C700i&ver=6.1.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Thu, 17 Nov 2022 19:36:18 GMT
Date: Thu, 17 Nov 2022 19:36:18 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
news70.net/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=6.1.1
103.50.163.157200 OK 299 B URL HTTP/1.1 news70.net/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 1e34ceaa9a4c96c3499483f5fe818671
55a92f1196d0155e2bf0632f0905b5b8000f5ad7
9738e8e5222b5802082be7a77e56ad9fdee06718da410f356504184fd08b56bf
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/gtranslate/gtranslate-style24.css?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:18 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:51:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 299
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
142.250.74.46301 Moved Permanently 0 B URL HTTP/1.1 translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
IP 142.250.74.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /translate_a/element.js?cb=googleTranslateElementInit2 HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/
HTTP/1.1 301 Moved Permanently
Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 17 Nov 2022 19:36:19 GMT
Location: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
Cross-Origin-Opener-Policy: same-origin-allow-popups
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
news70.net/wp-content/plugins/podamibe-advertisement-management/css/slick-theme.css?ver=1.6.0
103.50.163.157200 OK 1.0 kB URL HTTP/1.1 news70.net/wp-content/plugins/podamibe-advertisement-management/css/slick-theme.css?ver=1.6.0
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 953438bfdb3f3c6aa7761618e2b262a8
b33522e1fe96ed2e2395e7bd015f756ba06b5534
783cab59b7959dcf64a11dfcd81bf46624c406eadca6ed47e4717b3acff305ef
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/podamibe-advertisement-management/css/slick-theme.css?ver=1.6.0 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:18 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1035
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 9e20a99f56d244cd43bd10781eb8e1d8
000f6ecfc6a9412d2e062028ee553801f573fd92
17cae43cd454fc69beff944925994d2810f859261cd40bfa58d573163a40b23c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 19:36:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
news70.net/wp-content/plugins/simple-image-popup//css/simple-image-popup.css?ver=6.1.1
103.50.163.157200 OK 181 B URL HTTP/1.1 news70.net/wp-content/plugins/simple-image-popup//css/simple-image-popup.css?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash af9b9127be2d7fcb8b8c5280c6aa886d
2eaac42877669e704b790fcfaae1f85a78e0487a
383359f52bee080417fb4b78c7a6c9dd603e1dfe6a3dc205ff1ef364b163cc9d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/simple-image-popup//css/simple-image-popup.css?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:10 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 181
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css
news70.net/wp-content/plugins/simple-image-popup//css/magnific-popup.css?ver=6.1.1
103.50.163.157200 OK 2.2 kB URL HTTP/1.1 news70.net/wp-content/plugins/simple-image-popup//css/magnific-popup.css?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 5691b07253c4a30382130c2da4be8343
4c12d34016c7061965c996599c4086683958e0f1
095326e797678e4aa4be8217bf991180f7b79cdcce552897123ffa68981a0747
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/simple-image-popup//css/magnific-popup.css?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 29 Oct 2022 23:51:10 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2190
Keep-Alive: timeout=5, max=75
Content-Type: text/css
news70.net/wp-content/plugins/ultimate-social-media-icons/css/disable_sfsi.css?ver=6.1.1
103.50.163.157200 OK 67 B URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/css/disable_sfsi.css?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 1baf4c181ae358bceb19ab48886bb491
7861b4039a64d9fcf4bb8323757c194a98cc90ed
09646c074510c23eb0fe306bb3810c348d201a31d5aaf094d9e96410cd740175
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/css/disable_sfsi.css?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Content-Length: 67
Keep-Alive: timeout=5, max=75
Content-Type: text/css
news70.net/wp-content/plugins/location-weather/assets/css/splw-style.min.css?ver=1.3.2
103.50.163.157200 OK 666 B URL HTTP/1.1 news70.net/wp-content/plugins/location-weather/assets/css/splw-style.min.css?ver=1.3.2
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (1932), with no line terminators
Hash a8bccbf4243fd62badfb3cb50ee15db4
7b8b16d53e25f619a6595036fe41fef98cb0134b
8c5e441961ff9095ae4528ed33c7a2cb4c3f553a66de2ee12d719214f3dc37b3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/location-weather/assets/css/splw-style.min.css?ver=1.3.2 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 05 Nov 2022 11:52:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 666
Keep-Alive: timeout=5, max=75
Content-Type: text/css
news70.net/wp-content/plugins/location-weather/assets/css/old-style.min.css?ver=1.3.2
103.50.163.157200 OK 263 B URL HTTP/1.1 news70.net/wp-content/plugins/location-weather/assets/css/old-style.min.css?ver=1.3.2
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (684), with no line terminators
Hash 2bca32e8e5c4a6c01018467b5c55f58b
514bffeee47835c711d56e324b777697f5e581c7
e1abfb3d80ce3cf9e4e87b2acc37a3e0998240866b7f475acc898aa041becf4c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/location-weather/assets/css/old-style.min.css?ver=1.3.2 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 263
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css
news70.net/wp-content/themes/newscard/assets/library/font-awesome/css/font-awesome.css?ver=6.1.1
103.50.163.157200 OK 7.5 kB URL HTTP/1.1 news70.net/wp-content/themes/newscard/assets/library/font-awesome/css/font-awesome.css?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type troff or preprocessor input, ASCII text, with very long lines (372)
Hash 425b9c5bb524774d7f30160c36771785
af60c1059fb990e6e86ff744f9c286e78f9966e8
a1dfafaf50ffe1e3996576f74f6e0e9dccee46d19aaf562fbe6e5575171b8062
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/newscard/assets/library/font-awesome/css/font-awesome.css?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7524
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash eeab7cac05db82df44ba5530370a7b0c
ba9f2b0bbfd4f12b923106c29369a94d9fc617f1
097d22b35eebb9dff6ca54f1f8550c5ee5e6b99c726d6ac388acf7c5a1356d31
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 19:36:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
news70.net/wp-content/plugins/ultimate-social-media-icons/css/sfsi-style.css?ver=2.7.8
103.50.163.157200 OK 19 kB URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/css/sfsi-style.css?ver=2.7.8
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 0926520d5a98b258ac3ac57af7d7cf0f
06ce21c486748661d99eda83fd2708130d9ae31e
f2473c7e20948d3372e5433874b813c448ef625effe090b8be2a42acf19bc4dd
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/css/sfsi-style.css?ver=2.7.8 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 9e20a99f56d244cd43bd10781eb8e1d8
000f6ecfc6a9412d2e062028ee553801f573fd92
17cae43cd454fc69beff944925994d2810f859261cd40bfa58d573163a40b23c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 19:36:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
news70.net/wp-content/plugins/all-in-one-video-gallery/public/assets/css/public.css?ver=2.6.1
103.50.163.157200 OK 5.7 kB URL HTTP/1.1 news70.net/wp-content/plugins/all-in-one-video-gallery/public/assets/css/public.css?ver=2.6.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash b885a856ec47b24d57973ed269096301
1ba3a6c279a88b97e7b7bf786ac6ef954477c3e7
ca80f4117b299b974725790d55c544f9aa4b4d73d64837419790c09736a8f562
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/all-in-one-video-gallery/public/assets/css/public.css?ver=2.6.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:51:20 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5692
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash eeab7cac05db82df44ba5530370a7b0c
ba9f2b0bbfd4f12b923106c29369a94d9fc617f1
097d22b35eebb9dff6ca54f1f8550c5ee5e6b99c726d6ac388acf7c5a1356d31
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 19:36:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
news70.net/wp-content/plugins/video-embed-thumbnail-generator/video-js/v5/video-js.min.css?ver=5.20.5
103.50.163.157200 OK 16 kB URL HTTP/1.1 news70.net/wp-content/plugins/video-embed-thumbnail-generator/video-js/v5/video-js.min.css?ver=5.20.5
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (39368), with no line terminators
Hash 82df2bf227f98a0cd29d76d90106eef1
f53cd5ec6e80eb5db22b76be7946ac625c1b0e43
120c7dc5c648bad8d9e5cd644afb92489355d76a11a884da9a6f82e498e29d6c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/video-embed-thumbnail-generator/video-js/v5/video-js.min.css?ver=5.20.5 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:53:02 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 15828
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/css
news70.net/wp-content/themes/newscard/assets/library/bootstrap/css/bootstrap.min.css?ver=4.0.0
103.50.163.157200 OK 32 kB URL HTTP/1.1 news70.net/wp-content/themes/newscard/assets/library/bootstrap/css/bootstrap.min.css?ver=4.0.0
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (65325)
Hash 3cac3383012d3b9c1b28ce53a9016651
3323de86376c6ea8dd265acdc39bcb82fdf1e8ac
29e021f86b877880a2e3e7c9f069d6ef5eab4930bc01d4633a05531df7ffd670
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/newscard/assets/library/bootstrap/css/bootstrap.min.css?ver=4.0.0 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
news70.net/wp-content/plugins/video-embed-thumbnail-generator/video-js/v5/kg-video-js-skin.css?ver=4.7.5
103.50.163.157200 OK 1.6 kB URL HTTP/1.1 news70.net/wp-content/plugins/video-embed-thumbnail-generator/video-js/v5/kg-video-js-skin.css?ver=4.7.5
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 7f8180c648c421528ee16de8685a776a
c5e2c1a8f552339fb821792c1996e0d5b58a300e
f9f47abe8f3afe4874965dab03a41beab7ef74e975689fb3f12638486a41e115
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/video-embed-thumbnail-generator/video-js/v5/kg-video-js-skin.css?ver=4.7.5 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:53:02 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1622
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css
news70.net/wp-content/themes/newscard/style.css?ver=6.1.1
103.50.163.157200 OK 28 kB URL HTTP/1.1 news70.net/wp-content/themes/newscard/style.css?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (630)
Hash 49c277b74aa969c4ac64c65e44f2ed99
fc66b37f1d95dd65dbe504f47ba7f8e4f2ac31e3
8a7eada705ad4f980da1804a584e433c188c5e8f8f346ee9445146bbe020c7d2
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/newscard/style.css?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
142.250.74.10200 OK 1.2 kB URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
IP 142.250.74.10:0
Hash ff5c7ca98089a81311373f8326b8fde7
88e470f370312328ca5a0ba40ce486277a0d7159
cab4f2467815729ddd81eb7eff44a8066e4e95f66d35b11f399d9ea9c37ed477
GET /css2?family=Roboto:wght@300;400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 17 Nov 2022 19:36:19 GMT
date: Thu, 17 Nov 2022 19:36:19 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
news70.net/wp-content/plugins/video-embed-thumbnail-generator/css/kgvid_styles.css?ver=4.7.5
103.50.163.157200 OK 5.8 kB URL HTTP/1.1 news70.net/wp-content/plugins/video-embed-thumbnail-generator/css/kgvid_styles.css?ver=4.7.5
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (1062), with CRLF line terminators
Hash 43de2cdd843d35502847c7030b9ca610
ba1cc13d5b917c72f57e04049e171490a7d04bb7
e28abedd36a6d314b0508a1aa3944b3fd84b6041ea175def89dc17d69275a918
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/video-embed-thumbnail-generator/css/kgvid_styles.css?ver=4.7.5 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:53:02 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5759
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
news70.net/wp-content/plugins/mailin/css/mailin-front.css?ver=6.1.1
103.50.163.157200 OK 817 B URL HTTP/1.1 news70.net/wp-content/plugins/mailin/css/mailin-front.css?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash f5c7ece1468c567e7cdf2482009088c0
38e7ba1aca24c2b1e8812b2a6f85ea5ec902fda3
84d738d9b52668c9ecf75e9a69a62329f9ab2c921ace26fc64d1d27366db3d22
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/mailin/css/mailin-front.css?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 817
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css
news70.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
103.50.163.157200 OK 4.6 kB URL HTTP/1.1 news70.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (11126)
Hash acdb97105af28a7066790c6748ae2e1e
65794d2c5a9d04f747faf370bc8bacd330e69e5a
dc4efbc4b704b142b5313588c32e56ea56648068a01d2bc596a4eee06b379b5e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4618
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/plugins/podamibe-advertisement-management/js/frontend.js?ver=1.0.3
103.50.163.157200 OK 191 B URL HTTP/1.1 news70.net/wp-content/plugins/podamibe-advertisement-management/js/frontend.js?ver=1.0.3
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash cc7a6100ccb6ca822f20c707dd1ebd64
45a550eaddd160212aa24a9e0c55268d52550dbe
d237511a05f94adf69a01ae4565099ef159e6306d93c3e565a2be39707f2250d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/podamibe-advertisement-management/js/frontend.js?ver=1.0.3 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 191
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/plugins/mailin/js/mailin-front.js?ver=1667649144
103.50.163.157200 OK 3.5 kB URL HTTP/1.1 news70.net/wp-content/plugins/mailin/js/mailin-front.js?ver=1667649144
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 49f46872de0269c8bd369293b23953eb
815b449df1258da752c347ebbce713a77ea3f078
d360a7ad5bf004818b3ef3eb40b070076a4d7cf16e60299c82f74fa9b477c9e8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/mailin/js/mailin-front.js?ver=1667649144 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3517
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
103.50.163.157200 OK 39 kB URL HTTP/1.1 news70.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (65447)
Hash 32f58a61f7c5a7e10f8b2dcf8e9a8e34
865c25589283ab1debd45bdfa6c4d8c6ecf15ad3
481cb2216fbdb0797af8c61b69c0bda2c10d025f7b11f2cdfac382d35dc45d63
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:54:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
news70.net/wp-includes/css/classic-themes.min.css?ver=1
103.50.163.157200 OK 189 B URL HTTP/1.1 news70.net/wp-includes/css/classic-themes.min.css?ver=1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:54:32 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 189
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/css
news70.net/wp-content/plugins/podamibe-advertisement-management/js/slick.js?ver=1.6.0
103.50.163.157200 OK 21 kB URL HTTP/1.1 news70.net/wp-content/plugins/podamibe-advertisement-management/js/slick.js?ver=1.6.0
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 2267f2eefd72f4650548e6fc2df792a6
d6fae7c22766be5dd0e48b1ec435e7e6506d86f7
a0fe857bdb0a1bd65bcb1b0f3cb94c1657004b58033e4d22c9524bcfdac53e1f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/podamibe-advertisement-management/js/slick.js?ver=1.6.0 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
news70.net/wp-content/plugins/podamibe-advertisement-management/css/frontend.css?ver=1.0.3
103.50.163.157200 OK 473 B URL HTTP/1.1 news70.net/wp-content/plugins/podamibe-advertisement-management/css/frontend.css?ver=1.0.3
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 39464437367b8542343910306ce1bc50
b2b4967f2abc947467050144c3a1ea33c86dc6f0
755b2dfaf802c622c5f70456b04aed3c4125d178fbe34b99eb6da42830c767f0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/podamibe-advertisement-management/css/frontend.css?ver=1.0.3 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 473
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/css
news70.net/wp-content/plugins/podamibe-advertisement-management/css/slick.css?ver=1.6.0
103.50.163.157200 OK 564 B URL HTTP/1.1 news70.net/wp-content/plugins/podamibe-advertisement-management/css/slick.css?ver=1.6.0
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 52dc6a8e85abdf73203fdae4e4b6f9fd
d19e874bdab0b560891082c591b33b7a481149f7
a6ed9df694f9885f6959a20b8aa2090235427dd579b89eed311fbad2d70cfce7
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/podamibe-advertisement-management/css/slick.css?ver=1.6.0 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 564
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/css
news70.net/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
103.50.163.157200 OK 18 kB URL HTTP/1.1 news70.net/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (47826)
Hash 9415c9562591af7a582c29139621505f
0b12eecf36a48b871a3198550f4f65bb4a6d9b1b
06c70d3232c2ae3ed2aa259eb7a1beb329b654926813935fffa8902cd5ebaa4a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Wed, 16 Nov 2022 03:16:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
news70.net/wp-content/plugins/shortcodes-ultimate/includes/css/shortcodes.css?ver=5.12.5
103.50.163.157200 OK 12 kB URL HTTP/1.1 news70.net/wp-content/plugins/shortcodes-ultimate/includes/css/shortcodes.css?ver=5.12.5
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (45539), with no line terminators
Hash a9e0eb8c89f20e1667d61772d317a8fb
51b0e4aa5d42ac6905cce8bd2336a568a74b89cb
d69e04f7c46dea45043455e8978a4df5badce42c0127e0c591bf95664873dcc1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/shortcodes-ultimate/includes/css/shortcodes.css?ver=5.12.5 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11711
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/css
news70.net/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
103.50.163.157200 OK 5.3 kB URL HTTP/1.1 news70.net/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (15660)
Hash 710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5321
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/plugins/simple-image-popup/js/jquery.magnific-popup.min.js?ver=6.1.1
103.50.163.157200 OK 9.2 kB URL HTTP/1.1 news70.net/wp-content/plugins/simple-image-popup/js/jquery.magnific-popup.min.js?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (20087)
Hash 7a10ae63b238729dc4da7f7bd8986219
654c47168dca0ec7080f6c57e8c4482b57f879d4
b782185399b361358f7c409d6f23f22d45f695dcbb63876c35752c7b1de72db3
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/simple-image-popup/js/jquery.magnific-popup.min.js?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:10 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9204
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 759d55a9f00851e8653847413a8a3db5
2424e3d7aae0972c57bee3a60a50b3b8a82bba23
5d07bc72f8be0bc42f91b8cb202f4cdc83fb4e5f5f360998066dad08a7fef6ab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 19:36:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://news70.net
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 16 Nov 2022 20:16:47 GMT
Expires: Thu, 16 Nov 2023 20:16:47 GMT
Cache-Control: public, max-age=31536000
Age: 83972
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://news70.net
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 16 Nov 2022 20:16:46 GMT
Expires: Thu, 16 Nov 2023 20:16:46 GMT
Cache-Control: public, max-age=31536000
Age: 83973
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://news70.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 19:34:08 GMT
expires: Thu, 16 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 86531
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
news70.net/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
103.50.163.157200 OK 8.3 kB URL HTTP/1.1 news70.net/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash 838560e989767f2ef5951b9eeee20352
6bf8419cb4d68d9beced9e4b79b22b347ae16a46
72e6d275c5229613a59aef94523fc6a96330553976aee003d8544d5806fa0c3d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.2 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:54:34 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8344
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/plugins/ultimate-social-media-icons/js/shuffle/modernizr.custom.min.js?ver=6.1.1
103.50.163.157200 OK 1.6 kB URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/js/shuffle/modernizr.custom.min.js?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with very long lines (2861), with CRLF, CR line terminators
Hash db111558e1a36ddb44ee116a32a1f046
0be7812f2f99932c1ebb96b7b4c5d6b403e20da5
dd692eb76a66ce5fa3ee4a9ea97bd46cabc6c9a8ccbe08def28f48ffa10c5fbb
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/js/shuffle/modernizr.custom.min.js?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1566
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/uploads/2021/11/WhatsApp-Image-2021-11-12-at-16.07.15.jpg
103.50.163.157200 OK 22 kB URL HTTP/2 news70.net/wp-content/uploads/2021/11/WhatsApp-Image-2021-11-12-at-16.07.15.jpg
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 516x180, components 3\012- data
Hash 8cd36c9eedfb92a5a0cb45cf6c60ad12
a6f9d5788a48a9424876e78ce8ab9428d3fb70ba
a7663e7720baebac5469993114cc3574cf0325d8e6deefcb99315b47ee14d861
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2021/11/WhatsApp-Image-2021-11-12-at-16.07.15.jpg HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 29 Oct 2022 23:51:20 GMT
accept-ranges: bytes
content-length: 21733
content-type: image/jpeg
date: Thu, 17 Nov 2022 19:36:19 GMT
server: Apache
X-Firefox-Spdy: h2
news70.net/wp-content/plugins/ultimate-social-media-icons/js/shuffle/jquery.shuffle.min.js?ver=6.1.1
103.50.163.157200 OK 4.9 kB URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/js/shuffle/jquery.shuffle.min.js?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (11484), with no line terminators
Hash 1b60910f11a0d775fcfa572adb62ee64
f1bd74f734e6938c95d01de8e868a7c785ddbc4b
2d1669803c454716bfc0cbf4a477db499c13d6070b3b06dad649e3903b107a91
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/js/shuffle/jquery.shuffle.min.js?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4850
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 759d55a9f00851e8653847413a8a3db5
2424e3d7aae0972c57bee3a60a50b3b8a82bba23
5d07bc72f8be0bc42f91b8cb202f4cdc83fb4e5f5f360998066dad08a7fef6ab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 19:36:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e0988257645d0359bc09fcf8f36ee806
21ea6f07f4eaa0f49a91b1ea4cb50b89997b8d95
d3c26792aa54f799696df0c32e5f3fec39da752ac732bfdac2a7b36623197bec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 19:36:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
translate.googleapis.com/translate_static/css/translateelement.css
216.58.207.234200 OK 3.6 kB URL HTTP/2 translate.googleapis.com/translate_static/css/translateelement.css
IP 216.58.207.234:0
File type ASCII text, with very long lines (18670)
Hash 897ba9a21d9625286674da769dacc2e2
84b4923ab7dee562395160824d53496314499b77
696cbf5c2f3f1efae555562b72abbbb22bed02eff03d62074555cab241190ae0
GET /translate_static/css/translateelement.css HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3619
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 18:59:29 GMT
expires: Thu, 17 Nov 2022 19:59:29 GMT
cache-control: public, max-age=3600
age: 2210
last-modified: Wed, 17 Aug 2022 23:38:00 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e0988257645d0359bc09fcf8f36ee806
21ea6f07f4eaa0f49a91b1ea4cb50b89997b8d95
d3c26792aa54f799696df0c32e5f3fec39da752ac732bfdac2a7b36623197bec
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 19:36:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2708c10274cf736ab8b669bcf0928193
2ee9e34d0cf07425a7c85dd3303d2f94c942fb75
8e3b42e759bb57090ab6121d455e6b1b28abf5dbc46e5e4b33aa4c11129fd19f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E3B42E759BB57090AB6121D455E6B1B28ABF5DBC46E5E4B33AA4C11129FD19F"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1961
Expires: Thu, 17 Nov 2022 20:09:01 GMT
Date: Thu, 17 Nov 2022 19:36:20 GMT
Connection: keep-alive
news70.net/wp-content/plugins/ultimate-social-media-icons/js/shuffle/random-shuffle-min.js?ver=6.1.1
103.50.163.157200 OK 696 B URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/js/shuffle/random-shuffle-min.js?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (1472), with no line terminators
Hash 149199e590e83a45c6cfb84e505ee166
d2a506c87a1ce49b6927eb70b36a2e05054734b8
91cb2836b2266eeee962eb258c85c327a5f0e3c8812fefdc74cf685b72537d57
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/js/shuffle/random-shuffle-min.js?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 696
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/plugins/location-weather/assets/js/Old-locationWeather.min.js?ver=1.3.2
103.50.163.157200 OK 1.7 kB URL HTTP/1.1 news70.net/wp-content/plugins/location-weather/assets/js/Old-locationWeather.min.js?ver=1.3.2
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Unicode text, UTF-8 text, with very long lines (4284), with no line terminators
Hash ab57d0fc3abed1d6fe66d1b61fc4dcca
358992fd5a5ff3bcc72d68249b67d9d7fc069633
928c314bb6046779ca0d8da54a0223d33fc4b905cb94ab54ee8fa1b356cf260b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/location-weather/assets/js/Old-locationWeather.min.js?ver=1.3.2 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1690
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/plugins/ultimate-social-media-icons/js/custom.js?ver=2.7.8
103.50.163.157200 OK 8.3 kB URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/js/custom.js?ver=2.7.8
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Unicode text, UTF-8 text, with very long lines (827), with CRLF line terminators
Hash e9a326654473c6d82f57552252404ac4
c86023e7e61f4c4ab6a59719bffce4d964715f96
58f04f091235fe0cbd0efd89d14ae870b723f9b36babc5f6b626a85a0a92f05f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/js/custom.js?ver=2.7.8 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8280
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/themes/newscard/assets/library/bootstrap/js/popper.min.js?ver=1.12.9
103.50.163.157200 OK 8.1 kB URL HTTP/1.1 news70.net/wp-content/themes/newscard/assets/library/bootstrap/js/popper.min.js?ver=1.12.9
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (19015)
Hash f6925cc7e38a3ba395092eed41a330ad
bf5a10c1b636884222efefa2e864f8d8348c66a1
fa8a3e60a540432215317cbd453808de2f493e6643321374f776efc5cfcf181b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/newscard/assets/library/bootstrap/js/popper.min.js?ver=1.12.9 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8148
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/themes/newscard/assets/library/bootstrap/js/bootstrap.min.js?ver=4.0.0
103.50.163.157200 OK 20 kB URL HTTP/1.1 news70.net/wp-content/themes/newscard/assets/library/bootstrap/js/bootstrap.min.js?ver=4.0.0
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (48664)
Hash 8cb6c19de46b8d4103fd9c4e7274b880
c96eee753acad37467eae08af97b258fbc91d738
2419d1307915ca2bec616321db284292e0087c742077751962d3db841867f1c1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/newscard/assets/library/bootstrap/js/bootstrap.min.js?ver=4.0.0 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:19 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
news70.net/wp-content/themes/newscard/assets/library/match-height/jquery.matchHeight-min.js?ver=0.7.2
103.50.163.157200 OK 1.5 kB URL HTTP/1.1 news70.net/wp-content/themes/newscard/assets/library/match-height/jquery.matchHeight-min.js?ver=0.7.2
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (521)
Hash a7e596dd85011b4d41c1db9a87d79f3a
a7b716d860459ddec30bd14de57f98926d8a59e9
5afa336dd99a71d0f289ce7cbc29a1fe95c1d30e695b1f4ba6fe181515542916
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/newscard/assets/library/match-height/jquery.matchHeight-min.js?ver=0.7.2 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1469
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/themes/newscard/assets/library/match-height/jquery.matchHeight-settings.js?ver=6.1.1
103.50.163.157200 OK 100 B URL HTTP/1.1 news70.net/wp-content/themes/newscard/assets/library/match-height/jquery.matchHeight-settings.js?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 5be52cde597334450bb65fcd61cca240
17f9cbc516e52d8834c18f4c4b671d4acbc7e4c9
38490d6dcda00b1a43902bdf6439a6f5222dab204e363a7e4266c13cb8637384
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/newscard/assets/library/match-height/jquery.matchHeight-settings.js?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 100
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/themes/newscard/assets/js/skip-link-focus-fix.js?ver=20151215
103.50.163.157200 OK 417 B URL HTTP/1.1 news70.net/wp-content/themes/newscard/assets/js/skip-link-focus-fix.js?ver=20151215
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 73f7704398d8f6be9748d30791950984
3231f3786c364c7665cd7123d8fae0f42bbfd836
c1d9b23aff05fb52e5d6e68aff86d808097185c6dbaac6c3fc3ec6e5bea31ef4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/newscard/assets/js/skip-link-focus-fix.js?ver=20151215 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 417
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/themes/newscard/assets/library/sticky/jquery.sticky.js?ver=1.0.4
103.50.163.157200 OK 3.0 kB URL HTTP/1.1 news70.net/wp-content/themes/newscard/assets/library/sticky/jquery.sticky.js?ver=1.0.4
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash e3cea22516ec60740080799633b48ccd
488758da0421233b083853e054caaf9152c5709a
da21c4768cf429ddad3b97f762bc18a5726aedafedb0054c0585c71dd31c6b6f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/newscard/assets/library/sticky/jquery.sticky.js?ver=1.0.4 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3009
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/themes/newscard/assets/library/sticky/jquery.sticky-settings.js?ver=6.1.1
103.50.163.157200 OK 361 B URL HTTP/1.1 news70.net/wp-content/themes/newscard/assets/library/sticky/jquery.sticky-settings.js?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 3fab3d6bd8d195b9ed02538b4d489cd2
25e33ad07ef018fb7d37b7971d31c9fa2104517f
36d7c82983ecf00df6c97641df61786f0b5d80e17d5b1860e56cc7d564ea4e6d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/newscard/assets/library/sticky/jquery.sticky-settings.js?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 361
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/uploads/2022/01/WhatsApp-Image-2022-01-08-at-5.53.03-PM.jpeg
103.50.163.157200 OK 173 kB URL HTTP/2 news70.net/wp-content/uploads/2022/01/WhatsApp-Image-2022-01-08-at-5.53.03-PM.jpeg
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x1280, components 3\012- data
Size 173 kB (172986 bytes)
Hash d8b85e8438e9ddb306cc03ee80be11cf
33e7c5dd1f3a6151a6792b52c64ad28a38e9ae30
7a30eb94fcfb72d4567788ae765d6fd537f8073b8a31d4f66233f3d9243c599b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/WhatsApp-Image-2022-01-08-at-5.53.03-PM.jpeg HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 29 Oct 2022 23:51:18 GMT
accept-ranges: bytes
content-length: 172986
content-type: image/jpeg
date: Thu, 17 Nov 2022 19:36:19 GMT
server: Apache
X-Firefox-Spdy: h2
news70.net/wp-content/themes/newscard/assets/js/scripts.js?ver=6.1.1
103.50.163.157200 OK 888 B URL HTTP/1.1 news70.net/wp-content/themes/newscard/assets/js/scripts.js?ver=6.1.1
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 6c27a3148aa590c99a12c790beb1ab3a
33371c9a38222c4fdd4a055e4aa4d889ad7b874a
590dbd297252c491f819332d690314769b541d0f9092b1326b1550140ad1f458
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/newscard/assets/js/scripts.js?ver=6.1.1 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 888
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
news70.net/wp-content/plugins/gtranslate/flags/16/hi.png
103.50.163.157200 OK 431 B URL HTTP/1.1 news70.net/wp-content/plugins/gtranslate/flags/16/hi.png
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 0bce589c49b6ca00911ef9bdf06bc97f
4e0bd007f1e79ad5695702f15de9d88994731742
2391b58386bbcf27a8c830aaf9a384b6cf39d9a518bf1d27f1425e398a243c62
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/gtranslate/flags/16/hi.png HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:51:58 GMT
Accept-Ranges: bytes
Content-Length: 431
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: image/png
news70.net/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_rss.png
103.50.163.157200 OK 1.6 kB URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_rss.png
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 9b2c259303c3176e7354bd7d5c28b5b0
d43ea265a992d03c4f774a81c875495ea480e0ee
3019cd22da7290ab40dfeee16e1a7390cede915e175b28af4d5fb75a5157f864
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_rss.png HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Content-Length: 1644
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: image/png
news70.net/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_email.png
103.50.163.157200 OK 1.6 kB URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_email.png
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash dd7a77031e42a43d2d85c60c40c7ee11
cc3db2995b97aa97dabf06703dfbb1352367fb9b
d2bbd9c27168416289a2b9b8ee4e21b3473338cc5e29f99b734a9c510a5e9a19
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_email.png HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Content-Length: 1566
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: image/png
news70.net/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_facebook.png
103.50.163.157200 OK 1.4 kB URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_facebook.png
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash fd252856427200b657dbc55dddbd1217
af4029bf1ab66c8211b37fe27f7e0e3bfa588f41
0dce5940cfbb1995ffa0933df7bdd96af2b9bfff5f4ae12dc1641ad0ce920019
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_facebook.png HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Content-Length: 1357
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: image/png
news70.net/wp-content/uploads/2019/04/background.jpg
103.50.163.157200 OK 6.1 kB URL HTTP/2 news70.net/wp-content/uploads/2019/04/background.jpg
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x260, components 3\012- data
Hash c059dc98ec9959c5304ae119f9cf5ce8
1a250487331c3aaf2100dbe93529fba008a3d02a
579d1ea1a65d5f832256956d1359725dad70bf324961e758283fdcd016176c61
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/04/background.jpg HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 29 Oct 2022 23:51:20 GMT
accept-ranges: bytes
content-length: 6067
content-type: image/jpeg
date: Thu, 17 Nov 2022 19:36:19 GMT
server: Apache
X-Firefox-Spdy: h2
news70.net/wp-content/uploads/2022/11/IMG-20221111-WA0003.jpg
103.50.163.157200 OK 25 kB URL HTTP/2 news70.net/wp-content/uploads/2022/11/IMG-20221111-WA0003.jpg
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 476x524, components 3\012- data
Hash 4c5efff67a79fcd24e1f3beff4f8168f
f16b0eb6877302381207143a8915ce6572e8136d
f9fe68036705fc24cfd3ec36675c5b6c5b29cabb81e0e6551e4d72f886fad4e4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/11/IMG-20221111-WA0003.jpg HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 11 Nov 2022 12:16:42 GMT
accept-ranges: bytes
content-length: 25059
content-type: image/jpeg
date: Thu, 17 Nov 2022 19:36:19 GMT
server: Apache
X-Firefox-Spdy: h2
news70.net/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_twitter.png
103.50.163.157200 OK 1.5 kB URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_twitter.png
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash b4699c9022529206d2a3f5674a8c6f7d
9949e3326520912ca0d7bd6582b1d655d98bb1fd
6b598958eccff91e50b3f1d35a8193f70e72c2b327abb8fc46b17c46c483cce9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_twitter.png HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Content-Length: 1529
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: image/png
news70.net/wp-content/themes/newscard/assets/library/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
103.50.163.157200 OK 77 kB URL HTTP/1.1 news70.net/wp-content/themes/newscard/assets/library/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/newscard/assets/library/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://news70.net/wp-content/themes/newscard/assets/library/font-awesome/css/font-awesome.css?ver=6.1.1
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 23:51:16 GMT
Accept-Ranges: bytes
Content-Length: 77160
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: font/woff2
news70.net/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_linkedin.png
103.50.163.157200 OK 1.4 kB URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_linkedin.png
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash aefdab6a1fa07a80cf7d515bb4c7e649
9d40f38c201c9bceb18ccb779d03395b2d1aef7b
1652bc4a1ab4701912ff8832e7e58e3074e1fba1eaf53c43b3a3eb92243ec1cf
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/images/icons_theme/default/default_linkedin.png HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Content-Length: 1351
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: image/png
news70.net/wp-content/plugins/gtranslate/switcher.png
103.50.163.157200 OK 207 B URL HTTP/1.1 news70.net/wp-content/plugins/gtranslate/switcher.png
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 10 x 19, 8-bit/color RGBA, non-interlaced\012- data
Hash d6ae4f341752017ab0e603e3bb9260b7
c84c11d3bc69c7e14b2f75e7dea6e0ac93dee1e2
8c2ad9254589a597b65dae284a6da49dbfe1e3c8e628b03b80883d980fb6435e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/gtranslate/switcher.png HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:51:58 GMT
Accept-Ranges: bytes
Content-Length: 207
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: image/png
news70.net/wp-content/plugins/ultimate-social-media-icons/images/share_icons/fb_icons/en_US.svg
103.50.163.157200 OK 4.8 kB URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/images/share_icons/fb_icons/en_US.svg
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1245)
Hash 3c35bd3779fe5d708e0b8b75b8f172e3
f638b13f4fb82170a39322cd57a226752f5d35c6
9e8f55b456736b785bee9fcf875ba9147939a8cdbbc973298a7f1d5ecd0a62ca
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/images/share_icons/fb_icons/en_US.svg HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Content-Length: 4798
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: image/svg+xml
news70.net/wp-content/plugins/gtranslate/arrow_down.png
103.50.163.157200 OK 208 B URL HTTP/1.1 news70.net/wp-content/plugins/gtranslate/arrow_down.png
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 5 x 3, 8-bit/color RGBA, non-interlaced\012- data
Hash 20a650477130c7c2c62c5647131f545b
4615101fcc5df1fab3e7dd516d058e1052a8fcb2
068f35dd132804c7effcbca65f9398d34351339ed2fa7b20ef5e9a6221e76516
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/gtranslate/arrow_down.png HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:51:58 GMT
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: image/png
news70.net/wp-content/uploads/2019/04/ezgif.com-resize.gif
103.50.163.157200 OK 442 kB URL HTTP/2 news70.net/wp-content/uploads/2019/04/ezgif.com-resize.gif
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type GIF image data, version 89a, 260 x 100\012- data
Size 442 kB (441625 bytes)
Hash 19b5312f0ce6dae9a60c14d2cc40f7a1
ca1c07b2a68bcc3b3e6c3b8edb5988e23ec81584
4d88fafbb0678357a2c1c76ed5c3bb99415c9f4bb636c9fe709c5c9422f014a7
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/04/ezgif.com-resize.gif HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 29 Oct 2022 23:51:20 GMT
accept-ranges: bytes
content-length: 441625
content-type: image/gif
date: Thu, 17 Nov 2022 19:36:19 GMT
server: Apache
X-Firefox-Spdy: h2
news70.net/wp-content/plugins/ultimate-social-media-icons/images/share_icons/Twitter_Tweet/en_US_Tweet.svg
103.50.163.157200 OK 3.8 kB URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/images/share_icons/Twitter_Tweet/en_US_Tweet.svg
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1559)
Hash 5d7a3ef70adc23a16b459d3330a3bb30
74efba4551c69f7a83d2e4a8c484f7e1fefa9be0
a8b5f82f64cfbfc231722fe77a0dbce261998d50d452836457a22479e8e0fd6f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/images/share_icons/Twitter_Tweet/en_US_Tweet.svg HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Content-Length: 3830
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: image/svg+xml
news70.net/wp-content/plugins/ultimate-social-media-icons/images/share_icons/Linkedin_Share/en_US_share.svg
103.50.163.157200 OK 5.1 kB URL HTTP/1.1 news70.net/wp-content/plugins/ultimate-social-media-icons/images/share_icons/Linkedin_Share/en_US_share.svg
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (947)
Hash 931c0215b63107c585e19fb570360a91
5d238f83ecac08e5b9b4dcb2fafbff8f8d842c03
cd3d931d9d52d216a15d81fa3dd497f624d2d9ade4fe835c157891c92771a6e1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/ultimate-social-media-icons/images/share_icons/Linkedin_Share/en_US_share.svg HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/iie/?qbot.zip
Cookie: aiovg_rand_seed=2722078562; PHPSESSID=2b9a82aed59a82d9afb60a7781948e92
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 19:36:20 GMT
Server: Apache
Last-Modified: Sat, 05 Nov 2022 11:52:54 GMT
Accept-Ranges: bytes
Content-Length: 5067
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: image/svg+xml
news70.net/wp-content/uploads/2022/11/IMG-20221109-WA0004.jpg
103.50.163.157200 OK 130 kB URL HTTP/2 news70.net/wp-content/uploads/2022/11/IMG-20221109-WA0004.jpg
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x578, components 3\012- data
Size 130 kB (130276 bytes)
Hash 175dc747f0517c12f8adbccaeaefe73a
b6e871d2c5d3b23e7efeac5f32ab0d7ede1efa2b
521e382ef80d9b0201b92e766ad167ca4bc7ef8c9dd42aa4e280b96bc37b9492
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/11/IMG-20221109-WA0004.jpg HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 09 Nov 2022 18:38:24 GMT
accept-ranges: bytes
content-length: 130276
content-type: image/jpeg
date: Thu, 17 Nov 2022 19:36:19 GMT
server: Apache
X-Firefox-Spdy: h2
news70.net/wp-content/uploads/2022/11/IMG-20221110-WA0000.jpg
103.50.163.157200 OK 146 kB URL HTTP/2 news70.net/wp-content/uploads/2022/11/IMG-20221110-WA0000.jpg
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1156x651, components 3\012- data
Size 146 kB (145960 bytes)
Hash 4daf3a1a699d1c4a5026258a2d8f692a
35a39f2d40941ffd771b8cb4c577fb2f2823f472
48cdcf8160c84d9d908ba7929bbb2fe26eecda9fdd1924bfae78551fae524547
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/11/IMG-20221110-WA0000.jpg HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 10 Nov 2022 13:58:34 GMT
accept-ranges: bytes
content-length: 145960
content-type: image/jpeg
date: Thu, 17 Nov 2022 19:36:19 GMT
server: Apache
X-Firefox-Spdy: h2
connect.facebook.net/en_US/sdk.js
31.13.72.12200 OK 4.9 kB URL HTTP/1.1 connect.facebook.net/en_US/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (14814)
Hash 5bd8ef7272bb6f78afdd73afb51fb465
0eab920889ef50cda24545e6aa4281b775028d16
d543d36bb3c464f417ae8bd1acaffe450936c6b39b569edffebef4408bb9b426
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news70.net/
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: 56dee1684b5444a8015668eb13f78834
ETag: "85fdb6ad2bc4b7b60010f94964669a80"
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Expires: Thu, 17 Nov 2022 19:51:12 GMT
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
X-Content-Type-Options: nosniff
x-fb-rlafr: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
Content-MD5: W9jvcnK7b3iv3XOvtR+0ZQ==
X-FB-Debug: vlfn6mguualKlqvxcTp5V32OgadCPcPORw3UQVXQSyJbOK2fFaw+CbzR4ruPl2E9qJF46gbZ6eA/fwRVnSSUeQ==
Priority: u=3,i
X-FB-TRIP-ID: 1904183273
Date: Thu, 17 Nov 2022 19:36:20 GMT
Alt-Svc: h3=":443"; ma=86400
Connection: keep-alive
Content-Length: 4883
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4bf9d7f716bc1adeca873e97debe0555
3b3fed135b3a3c3d485e6ec86a12c0de80822430
c0b75f37ec5d15fd96047d4f0b5dbafb6636b4f8adfa39dd5b84465925d83dce
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6002
Cache-Control: max-age=137776
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 19:36:20 GMT
Etag: "6375ecf2-1d7"
Expires: Sat, 19 Nov 2022 09:52:36 GMT
Last-Modified: Thu, 17 Nov 2022 08:12:34 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/bundle/sdk.js/
31.13.72.12200 OK 87 kB URL HTTP/2 connect.facebook.net/en_US/bundle/sdk.js/
IP 31.13.72.12:0
File type ASCII text, with very long lines (11292)
Hash 7689763d8916ebd66ab9c3a1987f1924
e58231ffda6b115986e3a8c8dadf7b2af4253441
bff067f378a4e7551c3851b3c60b1bf63f205ee2228294fb589c1cf936b458c2
GET /en_US/bundle/sdk.js/ HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://news70.net
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 6e9ec6d1d546a82e06dc34d66971816e
etag: "5112d3e4d7b61559fedc8bcec776c18e"
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
expires: Thu, 17 Nov 2022 19:45:12 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: dol2PYkW69ZqucOhmH8ZJA==
x-fb-debug: nY3r0wATmeL2HTkM/xEPFgO+a6aO/eMSzgvD+Do598EDHS/51xQrozmaD9GUx/F6I6FDIvGYUJCv4tZrtD7Y9g==
priority: u=3,i
content-length: 87068
x-fb-trip-id: 1904183273
date: Thu, 17 Nov 2022 19:36:20 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.gstatic.com/images/branding/product/1x/translate_24dp.png
142.250.74.163200 OK 846 B URL HTTP/2 www.gstatic.com/images/branding/product/1x/translate_24dp.png
IP 142.250.74.163:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash e9cd262114358f26b7608b56905185dc
6dbde0a96deaab2b529723ce26c62043cf9180ab
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99
GET /images/branding/product/1x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 846
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 19:16:44 GMT
expires: Fri, 17 Nov 2023 19:16:44 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
age: 1176
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4bf9d7f716bc1adeca873e97debe0555
3b3fed135b3a3c3d485e6ec86a12c0de80822430
c0b75f37ec5d15fd96047d4f0b5dbafb6636b4f8adfa39dd5b84465925d83dce
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6002
Cache-Control: max-age=137776
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 19:36:20 GMT
Etag: "6375ecf2-1d7"
Expires: Sat, 19 Nov 2022 09:52:36 GMT
Last-Modified: Thu, 17 Nov 2022 08:12:34 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
www.gstatic.com/images/branding/product/2x/translate_24dp.png
142.250.74.163200 OK 1.8 kB URL HTTP/2 www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP 142.250.74.163:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://translate.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 18:30:39 GMT
expires: Fri, 17 Nov 2023 18:30:39 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
age: 3941
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
142.250.74.163200 OK 910 B URL HTTP/2 www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
IP 142.250.74.163:0
File type PNG image data, 42 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash efa6bb2bfe459bc6f4bdafa3db0383f6
52d15ce52fe50643e542c17812de43f4ed1b6ee0
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
GET /images/branding/googlelogo/1x/googlelogo_color_42x16dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 910
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 11:37:21 GMT
expires: Thu, 16 Nov 2023 11:37:21 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: image/png
age: 115139
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
news70.net/wp-content/uploads/2019/03/cropped-WhatsApp-Image-2019-03-26-at-7.30.31-PM-32x32.jpeg
103.50.163.157200 OK 988 B URL HTTP/2 news70.net/wp-content/uploads/2019/03/cropped-WhatsApp-Image-2019-03-26-at-7.30.31-PM-32x32.jpeg
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 32x32, components 3\012- data
Hash 12963cfeb6daea4743ccb30e2c4b3869
47f0ecbef665a5594696a15a048e7f1f31ac1e25
d58d8347e0c06aab1994a859b72efff638afd05fc5cbdc59995a97c1fc578463
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/03/cropped-WhatsApp-Image-2019-03-26-at-7.30.31-PM-32x32.jpeg HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 29 Oct 2022 23:51:20 GMT
accept-ranges: bytes
content-length: 988
content-type: image/jpeg
date: Thu, 17 Nov 2022 19:36:20 GMT
server: Apache
X-Firefox-Spdy: h2
news70.net/wp-content/uploads/2019/03/cropped-WhatsApp-Image-2019-03-26-at-7.30.31-PM-192x192.jpeg
103.50.163.157200 OK 6.4 kB URL HTTP/2 news70.net/wp-content/uploads/2019/03/cropped-WhatsApp-Image-2019-03-26-at-7.30.31-PM-192x192.jpeg
IP 103.50.163.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 192x192, components 3\012- data
Hash 247bc7252076950db1ad3a9abbf7f998
e110a7d57ec018d938d6617b77b245366701ae88
7af381e868049ba17c041bc6bf6da771d9208a48fbe9c3b28199bff7a941038c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/03/cropped-WhatsApp-Image-2019-03-26-at-7.30.31-PM-192x192.jpeg HTTP/1.1
Host: news70.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 29 Oct 2022 23:51:20 GMT
accept-ranges: bytes
content-length: 6351
content-type: image/jpeg
date: Thu, 17 Nov 2022 19:36:20 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9656cbd-d5f9-46cc-bec6-bcc983e12c29.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9656cbd-d5f9-46cc-bec6-bcc983e12c29.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a1be294b5a3b2e68e8d9f9e0441ca04c
d3fe8f965ee69f3ecd08dfa34e14dcd7d7eed505
e7db15087e8012e37ccf50c6c86db5c7d6d9826439268b7f17d970229a3acba5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9656cbd-d5f9-46cc-bec6-bcc983e12c29.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6134
x-amzn-requestid: 00909d7b-f5dd-4f73-932b-81f2aa689732
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: baqH0H_4IAMF6hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636dbd65-155b471f41ef040d4dd3033b;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 03:11:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Yxi3VDlH4PjKot8LJv9kzBlzS-6M0km9zUmGfbcVKACeZRFRa88rVA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 07:47:43 GMT
age: 42521
etag: "d3fe8f965ee69f3ecd08dfa34e14dcd7d7eed505"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Cambo&family=Fira+Sans:wght@400;500&family=Roboto:wght@400;500&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Cambo&family=Fira+Sans:wght@400;500&family=Roboto:wght@400;500&display=swap
IP 142.250.74.10:0
GET /css2?family=Cambo&family=Fira+Sans:wght@400;500&family=Roboto:wght@400;500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 17 Nov 2022 19:36:19 GMT
date: Thu, 17 Nov 2022 19:36:19 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
api.qrserver.com/v1/create-qr-code/?data=https%3A%2F%2Fnews70.net&size=200x200&format=png&margin=0&color=000000&bgcolor=ffffff
195.201.128.178200 OK 0 B URL HTTP/2 api.qrserver.com/v1/create-qr-code/?data=https%3A%2F%2Fnews70.net&size=200x200&format=png&margin=0&color=000000&bgcolor=ffffff
IP 195.201.128.178:0
ASN #24940 Hetzner Online GmbH
GET /v1/create-qr-code/?data=https%3A%2F%2Fnews70.net&size=200x200&format=png&margin=0&color=000000&bgcolor=ffffff HTTP/1.1
Host: api.qrserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news70.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 17 Nov 2022 19:36:20 GMT
content-type: image/png
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-max-age: 7200
access-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, Origin, Authorization, X-Requested-With, Client-Security-Token
X-Firefox-Spdy: h2
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
142.250.74.46200 OK 0 B URL HTTP/2 translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
IP 142.250.74.46:0
GET /translate_a/element.js?cb=googleTranslateElementInit2 HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://news70.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 17 Nov 2022 19:36:19 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+515; expires=Sat, 16-Nov-2024 19:36:19 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2