Report - mynewsj.com/news/uncategorized/

Report Overview

Submitted URL
mynewsj.com/news/uncategorized/
IP
172.67.159.13
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-26 21:50:50
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
70

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.8 kB	54.230.245.39
interstitial-07.com	36198	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.6 kB	59 kB	139.45.197.151
c.tmyzer.com	26868	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	753 B	540 B	54.38.64.100
c.palama2.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	752 B	20 kB	104.21.11.254
borrowdefeat.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	760 B	35 kB	192.243.61.225
cmp.quantcast.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	150 kB	143.204.55.17
platform-api.sharethis.com	5118	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	361 B	596 B	143.204.55.106
mynewsj.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	798 B	1.5 kB	172.67.159.13
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35
benumelan.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.2 kB	161 kB	139.45.197.239
offerimage.com	304078	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	819 B	91 kB	104.22.32.172
mc.yandex.ru	2672	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	61 kB	77.88.21.119
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	6.5 kB	93.184.220.29
l.sharethis.com	4794	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	729 B	396 B	52.29.39.53
test.cmp.quantcast.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	417 B	684 B	143.204.55.116
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	34.160.144.191
spl.zeotap.com	1638	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	792 B	22 kB	172.67.13.182
lb.eu-1-id5-sync.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	396 B	294 B	141.95.98.67
glimtors.net	168336	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	2.2 kB	139.45.197.251
inpagepush.com	78279	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	6.8 kB	139.45.197.237
unseenreport.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	846 B	192.243.61.227
buttons-config.sharethis.com	6006	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	378 B	1.1 kB	54.230.111.117
adtrack.adleadevent.com	30718	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	463 B	505 B	34.254.79.202
cdn.barscreative1.com	25648	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	454 B	386 B	45.133.44.3
dnacdn.net	3760	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	384 B	634 B	178.250.2.146
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.2 kB	142.250.74.3
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	347 B	1.4 kB	104.18.21.226
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.2 kB	20 kB	23.36.76.226
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	930 B	34 kB	142.250.74.163
csm.fr.eu.criteo.net	6845	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	716 B	178.250.0.162
platform-cdn.sharethis.com	11841	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	8.7 kB	54.230.111.128
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	656 B	1.9 kB	172.64.155.188
kvt.sddan.com	31914	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	498 B	604 B	51.158.28.83
creepingbrings.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	344 B	29 kB	172.64.128.12
fleraprt.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	468 B	479 B	139.45.195.254
unphionetor.com	54035	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	30 kB	139.45.197.236
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	24 kB	23.36.76.226
onetag-sys.com	1840	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	492 B	113 B	51.89.9.253
simplewebanalysis.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	742 B	808 B	3.66.118.16
ced.sascdn.com	6332	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	351 B	33 kB	23.36.77.24
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	51 kB	34.120.237.76
quantcast.mgr.consensu.org	2151	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	398 B	645 B	143.204.55.17
banquetunarmedgrater.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	358 B	327 B	192.243.59.20
wadmargincling.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.4 kB	7.9 kB	192.243.59.12
ads.themoneytizer.com	28463	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	33 kB	185.76.9.25
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.223.168.227
dozubatan.com	33479	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	3.6 kB	139.45.197.237
script.4dex.io	2135	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	715 B	48 kB	172.67.75.241
gum.criteo.com	381	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	47 kB	178.250.0.157
mwzeom.zeotap.com	1406	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	806 B	564 B	172.67.13.182
cdn.sb4you1.com	22321	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	74 kB	172.64.200.2
bedrapiona.com	34930	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	399 B	1.1 kB	139.45.197.234
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	919 B	1.5 kB	139.45.195.8
id5-sync.com	504	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	808 B	1.5 kB	162.19.138.117
cm.g.doubleclick.net	202	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	538 B	1.5 kB	142.250.74.34
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	365 B	1.4 kB	142.250.74.10
secure.quantserve.com	973	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	349 B	293 B	91.228.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-26	medium	glimtors.net/custom	Malware
2022-09-26	medium	glimtors.net/custom	Malware
2022-09-26	medium	glimtors.net/custom	Malware
2022-09-26	medium	wadmargincling.com/impr.gif?sid=H4sIAAAAAAAC%2F1RS0WscRRyebQM%2BCAWlKIqWE3xQMJfdu73bjX0o1hgJpk1pFX3T2ZnZy5i5nWVm5%2FaSp2BB%2Bub5H2y%2BSxpai9g%2FwCqXgkhAyPliHszfoBaLDz7IXaOHv5ff95vvG%2Fjmm9%2FnO%2B6E%2BHD0eOmK3pJK0YVW3a%2B99lEQXKytysz1a%2F24%2FXE7vFgzvTcX23X%2F9dq7gm3ohYYf%2BH7gB7VlaUSq%2BwsTEjK%2FtxjUF%2F162KgHrRB98%2F%2FZOg%2BWeuC9E%2FIsJB%2FPPfTOQ7IRsu43S8JuFDp%2F452uU7TQBj2%2B%2F0G2kekyQ3cGU%2BMhzfZP1dD2aPkBdLY3tQvd%2B0%2BYyDHxfniAJNs%2FNYmktzv1mSiIDAl%2FGmVvBKFGkHQEpm9C8iMCMI6ra8i6t69qU9LNJyydsGMy9%2FgRZDkmc7%2BeR9b9%2BrKS%2FdoNrVwhdWbRTyvI%2FgiyM0LuDlBsnYEsD8CKzyD5T2Th8Sqy7u6aVRqSH78asCgUcerPp3HcnA%2FDNp2nkfDn24kIeCNqtlgQTQOScgSZjqDEANSegbMenPTgUg8u99DlxzUWBEHkc0b9eJGxJo9E0uZ%2BQKM0oIHfjuHY5A0DFPkATA3AzDZys40NOYBx38OuV7Dcgy0IerxCKQhKS1BSglISlAVB2av2uLINW93myrokOO2N096shrro7NA9XXRERnbyE%2FLMNLhHrwhsiOOaaC6KNhdRHDZDEbVoHDQ4DWg7CtNY%2BI0GrKwg7RlQ62FLjslz5%2F9ALseEfPELEnoAqw7A5Eug7mXQchg1fND1YRj72MruZqK0ztZpnoPrCnkxh2LT21En5IWpi%2Fpf8xDskJwWmKmQmwqfyocEHXVreF2XZPe6Li25v5YXsiu36ORrbxS0EN7d98RmqQ1fWbKDO2%2BxCTGB994XtlilGZdZx5KvLkvOhVnWhgny7Yr9UCTXnF2%2F7Ezm8tVrby%2BvdHMjrJU6G4HKo3PnwOSYPPXjn9Odff7kRUgzgnEVum7mVOoDsHwbNj%2B89ElyZfz7nb9h9VkYNdMkuYfSVUPTSGaHShIoMZtpUsGKw%2B9%2B%2B%2FfSDO%2FYW%2BiYC6DFTWTdCj1ToacqUDWAdWeHRW4OL%2F3cnBYS5Q0TZbzdRBn15ZNorTyuNX0eJSIVUSLCVpgKxpNWK%2FFZypImj2OGwo5Z48L9fwAAAP%2F%2FAQAA%2F%2F8CxBBTfgQAAA%3D%3D	Phishing
2022-09-26	medium	wadmargincling.com/pixel/sbs?c=1	Phishing
2022-09-26	medium	glimtors.net/custom	Malware
2022-09-26	medium	inpagepush.com/400/3156537	Malware
2022-09-26	medium	cdn.barscreative1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/index.html	Phishing
2022-09-26	medium	glimtors.net/ntfc.php?p=3156533	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-26	medium	benumelan.com	Sinkholed
2022-09-26	medium	glimtors.net	Sinkholed
2022-09-26	medium	glimtors.net	Sinkholed
2022-09-26	medium	borrowdefeat.com	Sinkholed
2022-09-26	medium	borrowdefeat.com	Sinkholed
2022-09-26	medium	benumelan.com	Sinkholed
2022-09-26	medium	benumelan.com	Sinkholed
2022-09-26	medium	fleraprt.com	Sinkholed
2022-09-26	medium	benumelan.com	Sinkholed
2022-09-26	medium	benumelan.com	Sinkholed
2022-09-26	medium	unphionetor.com	Sinkholed
2022-09-26	medium	unphionetor.com	Sinkholed
2022-09-26	medium	benumelan.com	Sinkholed
2022-09-26	medium	banquetunarmedgrater.com	Sinkholed
2022-09-26	medium	unphionetor.com	Sinkholed
2022-09-26	medium	wadmargincling.com	Sinkholed
2022-09-26	medium	glimtors.net	Sinkholed
2022-09-26	medium	wadmargincling.com	Sinkholed
2022-09-26	medium	wadmargincling.com	Sinkholed
2022-09-26	medium	unseenreport.com	Sinkholed
2022-09-26	medium	unseenreport.com	Sinkholed
2022-09-26	medium	wadmargincling.com	Sinkholed
2022-09-26	medium	wadmargincling.com	Sinkholed
2022-09-26	medium	glimtors.net	Sinkholed
2022-09-26	medium	glimtors.net	Sinkholed
2022-09-26	medium	benumelan.com	Sinkholed

JavaScript (59)

	URL	Size	First Seen	Last Seen
	dozubatan.com/400/4495524	80 kB	2023-03-08	2023-03-08
Pretty URL dozubatan.com/400/4495524 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:05:43 Last Seen2023-03-08 02:45:35 Times Seen1 Hash 532248f44d46213d65caf59c764c0b19 e3ec99a255e64c418a386bdad61d136eb6f75160 d3a56421d693d8a4cdcd73b2da3881170094945c0b39bee4a1595b525a2e2f3b Loading...

	mynewsj.com/news/uncategorized/	103 B	2023-03-08	2023-03-08
Pretty URL mynewsj.com/news/uncategorized/ IP 172.67.159.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 02:01:14 Times Seen1 Hash 623f54255a8fc2b88bf96c2b47441ec0 2112d6b535a3394714f887f470045a94b79c5711 d1d8d2cddaa25ffbea03d251f3c5b61318da6a3873076f526c649d4062b1cf74 Loading...

	mynewsj.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2	19 kB	2023-03-07	2024-04-18
Pretty URL mynewsj.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-18 13:32:29 Times Seen37992 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	platform-api.sharethis.com/js/sharethis.js#property=61297b2724fac90012c3ba72&product=sticky-share-buttons	197 kB	2023-03-07	2023-10-17
Pretty URL platform-api.sharethis.com/js/sharethis.js#property=61297b2724fac90012c3ba72&product=sticky-share-buttons IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:31:56 Last Seen2023-10-17 08:15:44 Times Seen88 Hash 578cbb4ff616ce92efe36eeb51047647 d6d1fc33c4cd74a077f6a0039427477a206fd053 700ad5e597681fb45dfc74f05206ad9c2229a6c710c45b413842ddfe03ce4d50 Loading...

	gum.criteo.com/sync?c=147&r=2&j=criteoCallback	30 kB	2023-03-07	2023-03-26
Pretty URL gum.criteo.com/sync?c=147&r=2&j=criteoCallback IP 178.250.0.157 ASN #44788 Criteo SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:36:08 Last Seen2023-03-26 04:43:41 Times Seen35 Hash 80bfc02fde42033a0f48537690341313 268ee930484015bbbaf4f221a76d800bfba7f24d 259a03dd0fab544bf8564bacd97ad8562de81c929f00037a463f77fee3445fb0 Loading...

	mynewsj.com/wp-content/cache/autoptimize/js/autoptimize_41206c29efef87673b2fdc0a497899e3.js	21 kB	2023-03-08	2023-03-08
Pretty URL mynewsj.com/wp-content/cache/autoptimize/js/autoptimize_41206c29efef87673b2fdc0a497899e3.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 02:01:14 Times Seen1 Hash d5b12194c33540204cde8767c62ca8ed 0250fbf47c8cf78745d020e8b14e16abc3f2873f 3846cb27d0f9789cd3cd3bd714c4e1edfff55fbf24cf5d214ac44b58829620d0 Loading...

	c.palama2.com/j/m/i.js?v33333334344445345343353452	59 kB	2023-03-08	2023-05-26
Pretty URL c.palama2.com/j/m/i.js?v33333334344445345343353452 IP 104.21.11.254 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-05-26 18:32:23 Times Seen4 Hash 327866428e2ddf1609abbd3e1e5b0472 d279f974e4edbdc8ac3849b7638f7b273bc070cc ca6cb4c3cc1bedda7ddf786c0dac8b0c49c2f9abc594e690ea8b014d7b5bbddc Loading...

	tzegilo.com/stattag.js	33 kB	2023-03-07	2023-03-17
Pretty URL tzegilo.com/stattag.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:13:21 Last Seen2023-03-17 12:47:57 Times Seen1 Hash df875929410d71d763e9fa10b830bb2a b0711a8d2bf6ad4ffa4640534588b423f2ef7fec 0be796b658c6cee0d55aa164994d0d83f9ec7aa7ecf1eb41c1ddf208bba9e3b1 Loading...

	ced.sascdn.com/tag/1097/smart.js	97 kB	2023-03-07	2023-03-08
Pretty URL ced.sascdn.com/tag/1097/smart.js IP 23.36.77.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:54:39 Last Seen2023-03-08 02:55:36 Times Seen1 Hash 0b7478dc9ca7735cc62ac1626f4c36c2 db5632cd4b9d5f8ebe633ba3ff6a48a6a7681aed 06fb066aeda68a841e191f33b01f37871894ab6872fa2c1cd7911909aa9e63c7 Loading...

	mynewsj.com/x.js.php	6.8 kB	2023-03-08	2023-03-08
Pretty URL mynewsj.com/x.js.php IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 02:01:14 Times Seen1 Hash ea8210b5dd9a362b129fa28790c54c77 2a57236e9b68aac2072986d9e5b19eeced480346 3bf1cca3cc5fb26e48ebcfab9c751ae0dc360bdbb1c550e33017f0f54f4aa12d Loading...

	ads.themoneytizer.com/s/gen.js?type=6	5.3 kB	2023-03-07	2023-03-08
Pretty URL ads.themoneytizer.com/s/gen.js?type=6 IP 185.76.9.25 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:28:25 Last Seen2023-03-08 02:55:36 Times Seen1 Hash 2eb5a546b1193006efcc08c9b9b09871 12aebaa1b34bdba2c462040f6d5c6696416956ca 7b46aba1ee74cff144116f904ca4ff92280dac5d1999513994e86d2025d46429 Loading...

	ads.themoneytizer.com/s/requestform.js?siteId=72287&formatId=6	46 kB	2023-03-08	2023-03-08
Pretty URL ads.themoneytizer.com/s/requestform.js?siteId=72287&formatId=6 IP 185.76.9.25 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 02:01:14 Times Seen1 Hash e1c2c603ba4f88bf37dddf43353e3c4c 181384ebb4750677cf276facff7231fabb5000af f38189fc6a6be683c14cbe22ef4c739e373fef534efc24b8adc6f63e6ec1d2dc Loading...

	benumelan.com/1?z=3846473	8.6 kB	2023-03-08	2023-03-08
Pretty URL benumelan.com/1?z=3846473 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 02:01:14 Times Seen1 Hash 7ce7158eab3bf1b15ef1e5a61697dbbe 10187c6bf5b44a25230e25f1893168a20a314651 31103195136661a8491169bd3573aaae8a6ac12eda439308408f7c945bd9459f Loading...

	c.palama2.com/j/m/u.js?v3333333233322222313123423434443234324311	56 kB	2023-03-08	2023-05-26
Pretty URL c.palama2.com/j/m/u.js?v3333333233322222313123423434443234324311 IP 104.21.11.254 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-05-26 18:32:23 Times Seen4 Hash dcdb2096e1b1329595d5f10495915b78 469d615e5e3b1c1ad8102fec9c8091a5826b6b47 8fe9a8e98897d721e299d3670b1de85eb1a50066e8c2604f97e7680742c081a8 Loading...

	mynewsj.com/news/uncategorized/	84 B	2023-03-07	2024-04-18
Pretty URL mynewsj.com/news/uncategorized/ IP 172.67.159.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-18 14:34:44 Times Seen2439 Hash 31370ae3f78a60279d29cd25e1eb8657 34f454d9855d2dc1d71ab7101bd7a04d1b0199bf 6682cf99413df38b7572d2f2eb9c549f33d2a52ceaa9c6a8ff723c02339380dc Loading...

	mynewsj.com/wp-content/plugins/autoptimize/classes/external/js/lazysizes.min.js?ao_version=3.1.2	9.8 kB	2023-03-07	2024-04-18
Pretty URL mynewsj.com/wp-content/plugins/autoptimize/classes/external/js/lazysizes.min.js?ao_version=3.1.2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-18 14:34:45 Times Seen3414 Hash d1edbffbde50cd32ab770746b4140906 6e120f03a5ac9fddc25e7830d204b202721d8879 c4fada4accfa24704b54248bc5ce84acac50b6a059828b7714fe3006786c80c1 Loading...

	unphionetor.com/fv.js?t=72747&cb=792263956	5.2 kB	2023-03-07	2024-04-18
Pretty URL unphionetor.com/fv.js?t=72747&cb=792263956 IP 139.45.197.236 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-18 08:55:45 Times Seen2352 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js	3.1 kB	2023-03-07	2023-08-07
Pretty URL quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js IP 143.204.55.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2023-08-07 10:36:38 Times Seen473 Hash c53bd785b1ee57b613221019d7d72626 2988b481a8bdaabbe162c5202c152bb10a402804 ad07c6b24e5575bc7fea432515d21d7ada9aeee0bdd5518b1d5fe24b98a091e3 Loading...

	ndc.mynewsj.com/xa.js?v21122222212222122222	63 kB	2023-03-08	2023-05-26
Pretty URL ndc.mynewsj.com/xa.js?v21122222212222122222 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-05-26 18:32:23 Times Seen4 Hash fe45492a786d41285fab5a194d21b5d0 eab49393d7fb50416b3d15fe275d1b4d02f46a5f ece3c1b17bf860d436e45c10287399c1b7d05a7aa206124687c4fd5fc3ccd5b2 Loading...

	interstitial-07.com/?l=p8NYtlbFpV62T4w&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3878966887%26z%3D3846473%26b%3D14566424%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DK82JpRUqo7ufk7r9wTzC3WmZlB-UnMKAGh1YJUsESBd1naqby1V7Xm2h_0l4sbUy6JnWyR0QKEO7Jd0q-sligcZ5F8QEyMdCVDR2iCvSHIPJvB9i8RawbPOXzSLTZ8Hb53eDIQXjHdrbSfgseV_a2sZLSMOcha0q5WveXzPuv39G01FU1dp-s71OtzkpqtFt9dlbiyRInWevUQ-rh68gsd6s_LaXi58OVFvHDz_4wR6gB8nVBenw7pqZhiKFJqzyinjpFogPtj_6nwtavc9d22tp-dBv3M2JwQnZjllExX2QpkVmrLfDFziHsqR3OnOO2xttZSIwWEqcIQJvwy9SCBxJPYlefb1QNvhevW2tKm9DzsseshPHRF4Nan-UAhwRRH69VdLABWOS-uW-NYgAzyniSW7oM0U_4T90eLAs4a1Ela17wtd_lMSzLood3qDL7ZPzq2F-Q3eD3kSs-5ATG86Rt15oPXzH1Th-e3WorBItRAglm7_RPl1EIxVnVtiEx2sUhhMbF8w0cl6gUqK4jOKFcbPSpfBkVbBKoHYxiA4Cfhz2CSuF4_KcPzhCpxibJdKQkDNYeWGzLl3ngHD7QlGrmCreZcHgN8Xa3cbqrykzqFXK1z66V2qKQl3inNDXjpVdmfRW8UAyGbCqg0lm6Q%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D5733d763-4657-4181-add8-86e88a28cc3c%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fmynewsj.com%252Fnews%252Funcategorized%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0	1.4 kB	2023-03-08	2023-03-08
Pretty URL interstitial-07.com/?l=p8NYtlbFpV62T4w&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3878966887%26z%3D3846473%26b%3D14566424%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DK82JpRUqo7ufk7r9wTzC3WmZlB-UnMKAGh1YJUsESBd1naqby1V7Xm2h_0l4sbUy6JnWyR0QKEO7Jd0q-sligcZ5F8QEyMdCVDR2iCvSHIPJvB9i8RawbPOXzSLTZ8Hb53eDIQXjHdrbSfgseV_a2sZLSMOcha0q5WveXzPuv39G01FU1dp-s71OtzkpqtFt9dlbiyRInWevUQ-rh68gsd6s_LaXi58OVFvHDz_4wR6gB8nVBenw7pqZhiKFJqzyinjpFogPtj_6nwtavc9d22tp-dBv3M2JwQnZjllExX2QpkVmrLfDFziHsqR3OnOO2xttZSIwWEqcIQJvwy9SCBxJPYlefb1QNvhevW2tKm9DzsseshPHRF4Nan-UAhwRRH69VdLABWOS-uW-NYgAzyniSW7oM0U_4T90eLAs4a1Ela17wtd_lMSzLood3qDL7ZPzq2F-Q3eD3kSs-5ATG86Rt15oPXzH1Th-e3WorBItRAglm7_RPl1EIxVnVtiEx2sUhhMbF8w0cl6gUqK4jOKFcbPSpfBkVbBKoHYxiA4Cfhz2CSuF4_KcPzhCpxibJdKQkDNYeWGzLl3ngHD7QlGrmCreZcHgN8Xa3cbqrykzqFXK1z66V2qKQl3inNDXjpVdmfRW8UAyGbCqg0lm6Q%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D5733d763-4657-4181-add8-86e88a28cc3c%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fmynewsj.com%252Fnews%252Funcategorized%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 02:01:14 Times Seen1 Hash 803b601fde99e2ac9899526d929eb4a9 c6a8f6188011f9f08873ed21a6f4225e5b756fe1 a089d78b56d06096cea2da1d68e140d361723b9f6d3b36e73938cc61ebf80923 Loading...

	mynewsj.com/news/uncategorized/	102 kB	2023-03-07	2023-03-08
Pretty URL mynewsj.com/news/uncategorized/ IP 172.67.159.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:39:59 Last Seen2023-03-08 02:29:44 Times Seen1 Hash 46fea135d8779c679c2d0706a22f08a3 5cd54121aef1c771b1bad8e8340e69cd52c81f6e ed9cf62d154e465aca23b89b91a888b5646d703d91072a8db940b6bf5026d285 Loading...

	borrowdefeat.com/16/63/45/16634562c53f547c47deb1db0259b76a.js	59 kB	2023-03-08	2023-03-08
Pretty URL borrowdefeat.com/16/63/45/16634562c53f547c47deb1db0259b76a.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 02:01:14 Times Seen1 Hash fd1d74a52d8d8b6d1352e7ded815aeec 0b3da7655ca905d46aaec7b78cefb1c11342d761 7e01070621752422fb0fd9df3eec633fcd54f3d89f84d29a1aa4e11403923e46 Loading...

	cmp.quantcast.com/tcfv2/42/cmp2.js?referer=www.themoneytizer.com	181 kB	2023-03-07	2023-08-02
Pretty URL cmp.quantcast.com/tcfv2/42/cmp2.js?referer=www.themoneytizer.com IP 143.204.55.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-08-02 05:23:43 Times Seen353 Hash 9494b70738cd74c9137e65c29c0b1f3e e1b2253422988778d20f3a798ba44b568729b32a b628942e8ff712de0d166d8704f779bd3860800817549c8a375868977e117863 Loading...

	ads.themoneytizer.com/moneybile.js	39 kB	2023-03-07	2023-11-06
Pretty URL ads.themoneytizer.com/moneybile.js IP 185.76.9.25 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2023-11-06 07:20:59 Times Seen1830 Hash efe528f52c3d05d68794f3f0f8146a8e 577c01fdfae7dcc7e7d23009d74422f61b414783 4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3 Loading...

	ads.themoneytizer.com/lib_fs_close.js	663 B	2023-03-07	2023-03-17
Pretty URL ads.themoneytizer.com/lib_fs_close.js IP 185.76.9.25 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:40 Last Seen2023-03-17 10:36:25 Times Seen1 Hash fa1c776343593addba6400fc327cf2b8 94e79768ce18214925ee560f14db407c145b0815 5906e88fb1c8b087fca2c1b1f751e831c19165952ea0e2b2ee066505ff1f41f3 Loading...

	mc.yandex.ru/metrika/watch.js	162 kB	2023-03-07	2023-03-08
Pretty URL mc.yandex.ru/metrika/watch.js IP 77.88.21.119 ASN #13238 YANDEX LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:52:29 Last Seen2023-03-08 08:12:42 Times Seen1 Hash 590c382ea5bf868da7e7572f6bc7ec0f 62cb414297783e51d6a7d3cd444613865e8e62f2 3d2c19c70416e84216783738fae9623c624eb7049c401bd90b218f3f5646d7f3 Loading...

	http:blank	601 B	2023-03-08	2023-03-08
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 02:01:14 Times Seen1 Hash 147b40161253620705676762a0520920 88f74cec99bdb223527758f4abdda82fc5161bfd 43e2ec7d810ac2fd61492c4c79659f15781303afde86e0e0e2bcb76dc43b4393 Loading...

	tag.leadplace.fr/libJsLP.js	5.5 kB	2023-03-07	2023-12-06
Pretty URL tag.leadplace.fr/libJsLP.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-12-06 11:11:01 Times Seen14646 Hash a0c24f993bc0901cfe62d1e801cb2b45 7eb2bdce06161ae486bc8e7ecd0b5c9c4f7b2984 80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333 Loading...

	mynewsj.com/news/uncategorized/	241 B	2023-03-07	2024-04-17
Pretty URL mynewsj.com/news/uncategorized/ IP 172.67.159.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:03 Last Seen2024-04-17 02:46:21 Times Seen3078 Hash 6c92e8a437d52a3e2388f00fd52a69f9 1b25b6abf6e5a38db62f9a993c86fe26729c0f09 2af478968cfdba350d71cea6da37a73a0105a5b34eefb670d31b68e76233e051 Loading...

	borrowdefeat.com/e3/9e/6d/e39e6de78434e75a812da1a674f8e022.js	37 kB	2023-03-08	2023-03-08
Pretty URL borrowdefeat.com/e3/9e/6d/e39e6de78434e75a812da1a674f8e022.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 02:01:14 Times Seen1 Hash a34c853ca4378a1f71ce5321006bff77 e5a2527d4ee6885a6f80be8276f21616f2e1969b 08b7bf24a6cbabfe466c12f24f666c1e71bc014b2bdf552d070f6b12d80d4390 Loading...

	inpagepush.com/400/3156537	82 kB	2023-03-08	2023-03-08
Pretty URL inpagepush.com/400/3156537 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 02:01:14 Times Seen1 Hash 3076ba10c4d62b4b599e2c2e1cb3220a 3a12cfdb5e4fc4c13c84200d4e6a9461b49780bc 5e8db0890b1ad2c052d61799b339b462aaacafe07251e555f107901a20731019 Loading...

	mynewsj.com/news/uncategorized/	193 B	2023-03-08	2023-03-08
Pretty URL mynewsj.com/news/uncategorized/ IP 172.67.159.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 07:06:30 Times Seen1 Hash 710efe248dfbb4b66b1c6147040315a8 efc963a01e38fec77560f7bafd0f791de21855ef 4303b5a1d7bd7fce04e1a53194af7477fae9a1c2746feaab9c1aadcc02883156 Loading...

	benumelan.com/42/38?z=3846473	0 B	2023-03-07	2024-04-19
Pretty URL benumelan.com/42/38?z=3846473 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 07:14:42 Times Seen36954061 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	benumelan.com/tag.min.js	72 kB	2023-03-07	2023-03-08
Pretty URL benumelan.com/tag.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:57:49 Last Seen2023-03-08 03:00:48 Times Seen1 Hash 358577206ea5e0fe901c1d1a575ee1e2 f7c4551ad5da3008c4a7455610c9491c44800683 b8b180ddafc5463d3a58ae6643b320e0247aca1934c6073a8e54de784f32880a Loading...

	mynewsj.com/news/uncategorized/	344 B	2023-03-07	2024-04-18
Pretty URL mynewsj.com/news/uncategorized/ IP 172.67.159.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:03 Last Seen2024-04-18 09:29:30 Times Seen2940 Hash 8d7432543e755e52d556c531ec9886f4 d5a3e53a8fdbcd624fdf53ef89dc759ad9734dd0 3f0e896a7089d518e75c207fb23eb3af295005b900d2ad7ee86e898afa6b3739 Loading...

	glimtors.net/ntfc.php?p=3156533	14 kB	2023-03-07	2023-03-08
Pretty URL glimtors.net/ntfc.php?p=3156533 IP 139.45.197.251 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:43:32 Last Seen2023-03-08 02:22:15 Times Seen1 Hash 19f712bf0b902da15ff0ba2becd91573 27b91bc9edb9bf4c98326f9a6795f7ff44026bd3 87129a53a0bde18ca64110dd4634b035890a6529632daf55249fc877f87c9174 Loading...

	cmp.quantcast.com/tcfv2/42/cmp2ui-en.js	235 kB	2023-03-07	2023-05-05
Pretty URL cmp.quantcast.com/tcfv2/42/cmp2ui-en.js IP 143.204.55.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:28 Last Seen2023-05-05 05:44:01 Times Seen242 Hash 24932b3e61742029985961c24d35dbb7 43800361eb6ae7551d030808468a77a4f90be930 62a9ab66cac0afdced4732a27d4e2139d6975a0e92816f638c16d60a544faa2c Loading...

	buttons-config.sharethis.com/js/61297b2724fac90012c3ba72.js	457 B	2023-03-07	2023-03-08
Pretty URL buttons-config.sharethis.com/js/61297b2724fac90012c3ba72.js IP 54.230.111.117 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:07:19 Last Seen2023-03-08 07:06:30 Times Seen1 Hash 19378e5d0f5c381e523c93eae74ad890 5d6f7ea3d0b894a0f30ce0f1919b1d349f27e756 f67a2772e8a292d7d92eefccec94b7a029c43d08b21febb01b3ce1c32bd4d45a Loading...

	rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js	1.2 kB	2023-03-07	2023-03-17
Pretty URL rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-03-17 11:40:23 Times Seen1 Hash 552289573698eb75389ce036af4dd98e e4f68f8347d6941f2ebd9a8385edf58d875c2d64 c1a51f921893ae45dfba49e5799f1d8c21b5a1449592bfe3c04cae8d69d093a8 Loading...

	benumelan.com/27/b7bd02994a2771796f8a835cfb750d4b	408 kB	2023-03-07	2023-03-08
Pretty URL benumelan.com/27/b7bd02994a2771796f8a835cfb750d4b IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:17:47 Last Seen2023-03-08 05:35:44 Times Seen1 Hash 7ab89f78b6aefbb5652eabbe8b71c1c6 f558db93cba76989a8daa5498bcb9f5357e892e4 296c8334bfec54e3a1a0772e1efe387735181b85d04557ac3befd33e69ce6640 Loading...

	d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js	26 kB	2023-03-07	2023-11-30
Pretty URL d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-11-30 03:07:33 Times Seen15813 Hash 8703fc9eead243fe2f47380e962d7fa2 3d9f707259112fa9ccdd1e676f00eadcff71906c b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js	86 kB	2023-03-07	2024-04-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2024-04-19 05:59:48 Times Seen22286 Hash d0212568ce69457081dacf84e327fa5c d6702a1af0378b2342f6a0692e77c169f580aed7 266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d Loading...

	ads.themoneytizer.com/moneybid7_15/build_noconsent/dist/prebid.js	646 kB	2023-03-07	2023-03-08
Pretty URL ads.themoneytizer.com/moneybid7_15/build_noconsent/dist/prebid.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:40:02 Last Seen2023-03-08 07:06:30 Times Seen1 Hash 232950ccfff4a187bb70ecd6721399f2 818988580afce70f78924d696a6553709591187a 4c2eb37e685a04dd311996e95408d07b9a2367911a8b4ba84d865cb9866ceb99 Loading...

	script.4dex.io/localstore.js	483 B	2023-03-07	2024-03-04
Pretty URL script.4dex.io/localstore.js IP 172.67.75.241 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:09 Last Seen2024-03-04 13:07:26 Times Seen5600 Hash 922cffdd75f7192f75231d92684885aa 48ae21017844de388e0a32206a2691fa4c109669 e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389 Loading...

	secure.quantserve.com/quant.js	27 kB	2023-03-07	2023-03-17
Pretty URL secure.quantserve.com/quant.js IP 91.228.74.168 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:49:11 Last Seen2023-03-17 12:55:49 Times Seen1 Hash 78ddecc5281a6afd31e701cbc4607581 91f15c2f3080ddccb4aaddcbaceeb6cfc462771b 34686cba28b7d374710a0b8204ae2cbce77ced594bcac71bef4f5260a8d99745 Loading...

	benumelan.com/5/2632704	62 kB	2023-03-08	2023-03-08
Pretty URL benumelan.com/5/2632704 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 02:01:14 Times Seen1 Hash 452bf2e6fb60fad1858c75a078eed828 ef1cac9a269283dbb7ceb33502b6aaf850f7f685 b57b72007fc7d0ceff6e551ddba4bbfd865ae36439035b86bd4732553ce2574a Loading...

	spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258	62 kB	2023-03-07	2023-03-26
Pretty URL spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258 IP 172.67.13.182 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-03-26 09:14:01 Times Seen2 Hash 2274941132e3cabeb06ba10635e091e1 eae64e2336d41f210e684d766bbc90752b67f25a 52d507688e76dfbe48fce79beb89be7f30101e95e9e06c121c461e30517ab36f Loading...

		Size	First Seen	Last Seen
	#1 Eval - 39c5f28e1e210350b2c21f701b27a657	80 B	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 02:01:14 Times Seen1 Hash 39c5f28e1e210350b2c21f701b27a657 f8fd53a04a91a3ec211a375b21ef11afc36eab54 eaf04f8c6c34b509f2dc20c36fbdf3b3a938bd6c06e41bb5517c7b9a6528fcc7 Loading...

		Size	First Seen	Last Seen
	#1 Write - b9a798aed08df79a5142affa318c3497	9 B	2023-03-07	2024-04-18
Pretty Observations First Seen2023-03-07 01:02:04 Last Seen2024-04-18 13:33:32 Times Seen2774 Hash b9a798aed08df79a5142affa318c3497 0c3b60ab45672b031ce7ef792359922ae4d7f640 6c9656210a0202719c1cc3f33bba512135c26bb8d970d2350552e75d257631ca Loading...

	#2 Write - 140b555a34690803ae74fb2316efbea4	175 B	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 02:01:14 Last Seen2023-03-08 02:01:14 Times Seen1 Hash 140b555a34690803ae74fb2316efbea4 d8cd269a12aa42cc2513488c227e925ffa9799b9 88fd16cf3e532ce9fca5f5f1e768ce6e2f5e0b3769586d56958cbe4b1da4d8fc Loading...

	#3 Write - 32562d7f606b089038a04c282a081273	220 B	2023-03-07	2023-05-26
Pretty Observations First Seen2023-03-07 22:07:19 Last Seen2023-05-26 18:32:22 Times Seen4 Hash 32562d7f606b089038a04c282a081273 a92904c58d5fa7ee71afd9ef0ef6ea87c733dd5c 7a3fca88bcd96184f5c96ff521d09e81552d637f0a2a24a5366a6f4a632858bd Loading...

	#4 Write - 8c9b3652d692a153bd2bb52e13ce6444	86 B	2023-03-08	2023-05-26
Pretty Observations First Seen2023-03-08 02:01:14 Last Seen2023-05-26 18:32:22 Times Seen4 Hash 8c9b3652d692a153bd2bb52e13ce6444 d992bcd09d6d51048988e0b152f28e793f5ed864 6740695f941c8f6be27b7e93052024c3bf72d4182873429131c36aa802e55ca3 Loading...

	#5 Write - 8f55c8ad1de2faaf9eb23aec42d47cf2	174 B	2023-03-07	2024-01-29
Pretty Observations First Seen2023-03-07 22:07:19 Last Seen2024-01-29 01:17:21 Times Seen7 Hash 8f55c8ad1de2faaf9eb23aec42d47cf2 8b793a8767200d9aba1ebe3f9f92d3f50d44961f 73bd868bd44351c5e98bc88ea6c04491496b8394fcb7ee1b1243f4bbb7869efa Loading...

	#6 Write - 5684865ba11112e3e74316042c3cbcce	119 B	2023-03-08	2023-05-26
Pretty Observations First Seen2023-03-08 02:01:14 Last Seen2023-05-26 18:32:22 Times Seen4 Hash 5684865ba11112e3e74316042c3cbcce 60bd997c34441d60ce42f78861e7e8a43276fb40 1feaaaa6b2381648be6ea43e76de3461823766b9ef28eae0b9e000ba597006bb Loading...

	#7 Write - 93b0a802d3254597757e6a22a0aa6d2b	44 B	2023-03-07	2024-01-29
Pretty Observations First Seen2023-03-07 22:07:19 Last Seen2024-01-29 01:17:21 Times Seen7 Hash 93b0a802d3254597757e6a22a0aa6d2b 8d6d519da0b63e587d4d543546858abe8f639e40 3243c9a6f72c785084369e7d1e75d55027909c738f429edb3a032fd149b9dd78 Loading...

	#8 Write - c5d803f3a434daae4e89c36d8215ae90	84 B	2023-03-07	2023-05-26
Pretty Observations First Seen2023-03-07 22:07:19 Last Seen2023-05-26 18:32:22 Times Seen4 Hash c5d803f3a434daae4e89c36d8215ae90 9415fdbce865a8cd3a6d9519c9625b4dc3256a32 5fb01a152290a0fec7ac789e644fe62cf6da6bcd28157f26d5c7047c1fca4552 Loading...

	#9 Write - 55300cf925f7b91cb0b7bc94d6998c59	110 B	2023-03-07	2023-05-26
Pretty Observations First Seen2023-03-07 22:07:19 Last Seen2023-05-26 18:32:22 Times Seen4 Hash 55300cf925f7b91cb0b7bc94d6998c59 abd8e6f38d9ec9475605c664f01dfd7ae89e7b2b ee30275b897afc6781469e9f6d81f3d756ab253fa87ce19562637d60d4cb4d6e Loading...

	#10 Write - 2958426ead222cea3a3a46f9c33fbcc2	126 B	2023-03-08	2023-05-26
Pretty Observations First Seen2023-03-08 02:01:14 Last Seen2023-05-26 18:32:22 Times Seen4 Hash 2958426ead222cea3a3a46f9c33fbcc2 66dfc5448ce4ec6387936973cbe40f51d1191d29 973fc06f34db84bd668e056ce3455a652e5c13a5ae82b6e6186641698f8b5c9e Loading...

	#11 Write - c51ce25f3d4effaaeed0d33d1cf0a15d	335 B	2023-03-08	2023-05-26
Pretty Observations First Seen2023-03-08 02:01:14 Last Seen2023-05-26 18:32:22 Times Seen4 Hash c51ce25f3d4effaaeed0d33d1cf0a15d e702d827b292d6115c3c9c65d8de616f920a72e3 ce77ffef33d0478dad58d886070e5ecf42d52fe14c06c512c99ed7ad87b9d64b Loading...

HTTP Transactions (166)

URL IP Response Size

mynewsj.com/news/uncategorized/

172.67.159.13

301 Moved Permanently

185 B

URL HTTP/1.1
mynewsj.com/news/uncategorized/
IP
172.67.159.13:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
185 B (185 bytes)
Hash
4c555068310076e85908835c721911f5
9ec990aabb4391e139034f68e5e657e0f1d0b74d
568b4de0ad30e85670e724dc30ccb675924353b77807356c5ad7f29c8c38f510

HTTP Headers

GET /news/uncategorized/ HTTP/1.1
Host: mynewsj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Mon, 26 Sep 2022 21:50:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://mynewsj.com/news/uncategorized/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8KBjuErwbHZB3yberbM4%2B8D%2FnKUzrPxcAP0JbNoNkClT09BKOn3K1o3rwLzVrzBANmxJ54nrEQ%2FKRT7Zdm7maz8w9EGsfd3iRy9pBuHI%2BxKv8CFTjCqZbTqBgrwoMg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 750f376199f8b4f3-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 21:15:22 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QL9ken6tf29S88ls6gdKINBGrPdL4Zs-Z7UC5ZdaCMveYIDmb0MkjA==
Age: 2116

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2887
Expires: Mon, 26 Sep 2022 22:38:45 GMT
Date: Mon, 26 Sep 2022 21:50:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1017811d25642601e984edc1676d118d
c177c4f7a897584bf91347fa4990c83d6bfd0321
f35bb3a8c877dd8d3c5920f3c917722f12b157aff398e2ec30fab51fa6caa2ef

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F35BB3A8C877DD8D3C5920F3C917722F12B157AFF398E2EC30FAB51FA6CAA2EF"
Last-Modified: Mon, 26 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9776
Expires: Tue, 27 Sep 2022 00:33:34 GMT
Date: Mon, 26 Sep 2022 21:50:38 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
e7a83245a1adefd871d5816e43276f77
1f6e432c5cdf26913bc4fc553fe274b1e97ba427
22155bd93b8fef3c0309167acd886d4c3f1b6f978473ca43f62bdfbc4c20877b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5616
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:38 GMT
Last-Modified: Mon, 26 Sep 2022 20:17:02 GMT
Server: ECS (amb/6B90)
X-Cache: HIT
Content-Length: 280

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: /cN9C9Q+tYKqCLS/ofjVvxuw3x8nY/1G2GiQp+cD9GpIs/U/3jxGvfAepUhDS900zz4B1bbF4G4=
x-amz-request-id: W612S8Q3F3WF95KJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 26 Sep 2022 21:48:55 GMT
age: 103
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:38 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
e7a83245a1adefd871d5816e43276f77
1f6e432c5cdf26913bc4fc553fe274b1e97ba427
22155bd93b8fef3c0309167acd886d4c3f1b6f978473ca43f62bdfbc4c20877b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5616
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:38 GMT
Last-Modified: Mon, 26 Sep 2022 20:17:02 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Mon, 26 Sep 2022 21:10:46 GMT
Expires: Mon, 26 Sep 2022 21:35:35 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hB02XFOVDEzPKngrqZnkVbqAp9g0OwixyFI09VMHGU9ExCG5laahrQ==
Age: 2393

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5adb7eb1d103eadeeafac36e663ffdd3
23b784388dd634fa736cd60aed71570661e73d02
5c95ba48bc342887b4f7ef697bd4def50f6f2f472f654169179e5ac44df883d9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6326
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:39 GMT
Last-Modified: Mon, 26 Sep 2022 20:05:13 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

e1.o.lencr.org/

23.36.76.226

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
3819e2d6124b3c4b6b1ace2c29087a12
4ba047656ff7a91c710a978461dc4c02acc2ddf1
bf588d1c6e86cda2c15f5515d2470be0c986bf66648a87c694338c98bf267386

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BF588D1C6E86CDA2C15F5515D2470BE0C986BF66648A87C694338C98BF267386"
Last-Modified: Mon, 26 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14627
Expires: Tue, 27 Sep 2022 01:54:26 GMT
Date: Mon, 26 Sep 2022 21:50:39 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

20 kB

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
20 kB (19852 bytes)
Hash
b65c39649a2e3383eaf5246380a193cb
8988645c6064ea5298867a37b9783642eabafbe4
0d1c024b49c1ce1caa490be8c9a9311e164c08890f1cd95229b1695341c95431

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BF588D1C6E86CDA2C15F5515D2470BE0C986BF66648A87C694338C98BF267386"
Last-Modified: Mon, 26 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14627
Expires: Tue, 27 Sep 2022 01:54:26 GMT
Date: Mon, 26 Sep 2022 21:50:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b562fab68292dda418c0849e1227251b
617de0e863ca6344fc0e49c893d1358231e539e1
3f9a58c4e37b0d2fcf6db079b7db70831b59230165e87bad75d959bf3883645d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3F9A58C4E37B0D2FCF6DB079B7DB70831B59230165E87BAD75D959BF3883645D"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7212
Expires: Mon, 26 Sep 2022 23:50:51 GMT
Date: Mon, 26 Sep 2022 21:50:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
07de9293b936f7f1b41c9c681cd99fe0
441cf97b18a4cbba0f4f2f03378c9468f5310243
63911f626a355a71b707dcfcf2796ced79a70736576ac2c0ef2b3ed3e686b004

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63911F626A355A71B707DCFCF2796CED79A70736576AC2C0EF2B3ED3E686B004"
Last-Modified: Sat, 24 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3545
Expires: Mon, 26 Sep 2022 22:49:44 GMT
Date: Mon, 26 Sep 2022 21:50:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4072bc63cf602e81786577bda0ab313f
93bd3450dabd4f12252e69a998774f334c86b00d
ba0193466768ad226262657258e95af14c1144b6b7694bcab2f4c9501fa67d82

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BA0193466768AD226262657258E95AF14C1144B6B7694BCAB2F4C9501FA67D82"
Last-Modified: Mon, 26 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11453
Expires: Tue, 27 Sep 2022 01:01:32 GMT
Date: Mon, 26 Sep 2022 21:50:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4072bc63cf602e81786577bda0ab313f
93bd3450dabd4f12252e69a998774f334c86b00d
ba0193466768ad226262657258e95af14c1144b6b7694bcab2f4c9501fa67d82

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BA0193466768AD226262657258E95AF14C1144B6B7694BCAB2F4C9501FA67D82"
Last-Modified: Mon, 26 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11453
Expires: Tue, 27 Sep 2022 01:01:32 GMT
Date: Mon, 26 Sep 2022 21:50:39 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
3819e2d6124b3c4b6b1ace2c29087a12
4ba047656ff7a91c710a978461dc4c02acc2ddf1
bf588d1c6e86cda2c15f5515d2470be0c986bf66648a87c694338c98bf267386

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BF588D1C6E86CDA2C15F5515D2470BE0C986BF66648A87C694338C98BF267386"
Last-Modified: Mon, 26 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14627
Expires: Tue, 27 Sep 2022 01:54:26 GMT
Date: Mon, 26 Sep 2022 21:50:39 GMT
Connection: keep-alive

ads.themoneytizer.com/lib_fs_close.js

185.76.9.25

200 OK

1.0 kB

URL HTTP/2
ads.themoneytizer.com/lib_fs_close.js
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type
ASCII text, with CRLF line terminators
Size
1.0 kB (1025 bytes)
Hash
ea82537a136501c368cd05e48b1629be
8d966bbbb200639e9aa96521ea1179862ecb6acf
da53ad300168ab9e8a0a363d4ed3a4831d3ef60a1e39d1f76655dc25c9cfcfcf

HTTP Headers

GET /lib_fs_close.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/javascript
last-modified: Tue, 14 Jun 2022 12:21:22 GMT
etag: W/"62a87d42-297"
pragma: public
x-accel-expires: @1665201705
server: CDN77-Turbo
x-77-nzt: AblMCRTLrgj/hvoAAA
x-77-nzt-ray: CsPMJelCN6g
x-cache: HIT
x-age: 64134
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.223.168.227

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.223.168.227:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7BZSfV9LI2Rk8l0mdKdPIg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: th6faEWuB+ZUKvFA+aBDFQ47Zog=

benumelan.com/5/2632704

139.45.197.239

200 OK

24 kB

URL HTTP/2
benumelan.com/5/2632704
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
data
Size
24 kB (23703 bytes)
Hash
8fed6c92f2e8f6c1f1c16f8a4c513ed3
6741b54f796eb39281f42602c10c09eaa2a98bcf
db4376fd3de833bc533d7c55e8c9c2d11494217c3280384c75c47c7876cc95d1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /5/2632704 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/javascript
x-trace-id: 407a85cb92a730b7bbdc23bbbc0f1ea8
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=b88a4e81819d491b8c8d2cb7f6079214; expires=Tue, 26 Sep 2023 21:50:39 GMT; path=/; secure; SameSite=None
oaidts=1664229039; expires=Tue, 26 Sep 2023 21:50:39 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258

172.67.13.182

200 OK

21 kB

URL HTTP/2
spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
IP
172.67.13.182:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (50946), with LF, NEL line terminators
Size
21 kB (20937 bytes)
Hash
480a07c1e9c9c029fd008e943245910b
85cd5a7b48e4128d8a6be72683ae766e3f3819ae
07b8e93e06ea6ba4f732554e35ec445ad53e19f40fecb8827f5687f3904b9f92

HTTP Headers

GET /mapper.js?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://mynewsj.com
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 750f376958f30b4d-OSL
content-encoding: br
X-Firefox-Spdy: h2

onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1664229037600

51.89.9.253

204 No Content

0 B

URL HTTP/2
onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1664229037600
IP
51.89.9.253:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /usync/?pubId=2a897e3f18e6769&cb=1664229037600 HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
cache-control: no-store
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
463f306a176332c92d2d6a4fa36b64b9
a53467b23d85eef8fed082f6345c438c75e48573
8dd4d13e046e7d73224dbd668d963d2860f62ce7005f29b577afed55cdcf3bad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8DD4D13E046E7D73224DBD668D963D2860F62CE7005F29B577AFED55CDCF3BAD"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=887
Expires: Mon, 26 Sep 2022 22:05:26 GMT
Date: Mon, 26 Sep 2022 21:50:39 GMT
Connection: keep-alive

c.tmyzer.com/c/?s=72287&f=6&fi=99

54.38.64.100

200 OK

0 B

URL HTTP/1.1
c.tmyzer.com/c/?s=72287&f=6&fi=99
IP
54.38.64.100:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/?s=72287&f=6&fi=99 HTTP/1.1
Host: c.tmyzer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Sep 2022 21:50:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
geo: rbx
X-IPLB-Request-ID: 5B5A2A9A:B125_36264064:01BB_63321EAF_2072A1B9:1CAD4
X-IPLB-Instance: 38439

ads.themoneytizer.com/moneybile.js

185.76.9.25

200 OK

21 kB

URL HTTP/2
ads.themoneytizer.com/moneybile.js
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type
ASCII text, with very long lines (33237)
Size
21 kB (21420 bytes)
Hash
039f44f64776ab105e811c5a043d460a
7ca184452d406cc6a40829bbf130bf2b28414289
0ddcc437d883e716cae47013b618f3712443ae5498347dbfcbdb43f07d6a2d21

HTTP Headers

GET /moneybile.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/javascript
last-modified: Fri, 12 Mar 2021 17:07:19 GMT
expires: Tue, 27 Sep 2022 04:01:39 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1664251299
server: CDN77-Turbo
x-77-nzt: AblMCRQ2amz/jPoAAA
x-77-nzt-ray: VErBgRUmzDg
x-cache: HIT
x-age: 64140
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2

c.tmyzer.com/c/?s=72287&f=6&fi=0

54.38.64.100

200 OK

0 B

URL HTTP/1.1
c.tmyzer.com/c/?s=72287&f=6&fi=0
IP
54.38.64.100:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/?s=72287&f=6&fi=0 HTTP/1.1
Host: c.tmyzer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Sep 2022 21:50:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
X-IPLB-Request-ID: 5B5A2A9A:B125_36264064:01BB_63321EAF_2072A1C0:1CAD4
X-IPLB-Instance: 38439

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfdc1b35b402b4b9d57417f5fb7a4f93
2ca3e24c775984ff6c1e98a51c7e17fa7fa51602
7b0119c5ae9f3e5d1baa10bbfae336a3654742bbb23051f2bb27911c12b9ce8b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7B0119C5AE9F3E5D1BAA10BBFAE336A3654742BBB23051F2BB27911C12B9CE8B"
Last-Modified: Sat, 24 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14481
Expires: Tue, 27 Sep 2022 01:52:00 GMT
Date: Mon, 26 Sep 2022 21:50:39 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
c06ba34d3e6ff99e38e2ca69da6fff6e
e3c50f87bb6cb268fec80010d1cffb5475998519
27a7b653c0547e234631c712eda8e64d860b2ca8ca162d9374fabcc8ed263d9a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6038
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:39 GMT
Last-Modified: Mon, 26 Sep 2022 20:10:02 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
0869109d63ef5270595fb34384023a90
f2ec69fdaca2a0327cd3599ac05d0051df3dee41
c4a67afda7094519228049f837e2e0c1674148bd2e564ae2dccc3458bbdb9ed4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 21:50:39 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=548678,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 750f3769dbefb4f3-OSL

my.rtmark.net/gid.js?userId=b88a4e81819d491b8c8d2cb7f6079214

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?userId=b88a4e81819d491b8c8d2cb7f6079214
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
258389529839cfa751e803473102b174
bd81436a157f725b87eb00d82c214248b18d8972
6d2f306cb601fc19344109aed133641586448dc01bd3bda603f094ca625844bd

HTTP Headers

GET /gid.js?userId=b88a4e81819d491b8c8d2cb7f6079214 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mynewsj.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=b88a4e81819d491b8c8d2cb7f6079214; expires=Tue, 26 Sep 2023 21:50:39 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

c.palama2.com/j/m/u.js?v3333333233322222313123423434443234324311

104.21.11.254

200 OK

18 kB

URL HTTP/2
c.palama2.com/j/m/u.js?v3333333233322222313123423434443234324311
IP
104.21.11.254:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (55511), with no line terminators
Size
18 kB (17971 bytes)
Hash
4e69f8d1f7887d38ab2797457d1444b6
e5547ddb15c01d1e0567e91c8dbb01a59aec820b
78a666f52e92d5e0c2059e4464dd78ac0a2fd7cad1241e775e171cb960444735

HTTP Headers

GET /j/m/u.js?v3333333233322222313123423434443234324311 HTTP/1.1
Host: c.palama2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 21 Sep 2022 11:05:19 GMT
etag: W/"632aefef-d8d7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 465177
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GPMkG7TOnLG7XdvkvZEMomQ9vJa2TiuqcJbYcgviHA4v6CbjzVlNyvWB%2B76omdExzVD1zJwmT5x%2BTPcdrNIiiNYPjP%2FLX99SvYesKXWfPoGLjoEeQpSHlr3Wb%2FiXKe4L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f37684dc9b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
17906157d222f6aed3a9ffb07789e4ef
5a4fa70bcb8138fd4b542462c4e272cb25699b0f
8d6f39f2007d3e0b5dd1e31ecedc2dbcf6e7fcda749f857d3ce52e02da3c660a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4567
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:39 GMT
Last-Modified: Mon, 26 Sep 2022 20:34:32 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313

glimtors.net/custom

139.45.197.251

200 OK

0 B

URL HTTP/2
glimtors.net/custom
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mynewsj.com/
Origin: https://mynewsj.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://mynewsj.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
39714a884a2080d869920060b9e340b3
103e46ae596096d05232eb882095b87b2e3e8f39
69fb243f7220f17d4b34bb26cc6632d2bc107ee755fa90e123f26a2ef89c69dd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "69FB243F7220F17D4B34BB26CC6632D2BC107EE755FA90E123F26A2EF89C69DD"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9421
Expires: Tue, 27 Sep 2022 00:27:40 GMT
Date: Mon, 26 Sep 2022 21:50:39 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
17906157d222f6aed3a9ffb07789e4ef
5a4fa70bcb8138fd4b542462c4e272cb25699b0f
8d6f39f2007d3e0b5dd1e31ecedc2dbcf6e7fcda749f857d3ce52e02da3c660a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4567
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:39 GMT
Last-Modified: Mon, 26 Sep 2022 20:34:32 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d07e41da019262c812cb8202da87ee45
e528da89590e34167b5704d47eab613e45f5140f
2d0434e760ca32bb9567df9fcbc964f157983c86e85a63895db9436847ca16f7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D0434E760CA32BB9567DF9FCBC964F157983C86E85A63895DB9436847CA16F7"
Last-Modified: Sun, 25 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9263
Expires: Tue, 27 Sep 2022 00:25:02 GMT
Date: Mon, 26 Sep 2022 21:50:39 GMT
Connection: keep-alive

ads.themoneytizer.com/s/requestform.js?siteId=72287&formatId=6

185.76.9.25

200 OK

9.0 kB

URL HTTP/2
ads.themoneytizer.com/s/requestform.js?siteId=72287&formatId=6
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type
ASCII text, with very long lines (459)
Size
9.0 kB (8993 bytes)
Hash
0aa7e770ec97fc4cd83a4d960d94761f
dd125e772150ed02e2094b19202564242236254d
6d316848600caf18b3a12d17be1b1d99166cd174d01fdf26ef734e3cf2426b38

HTTP Headers

GET /s/requestform.js?siteId=72287&formatId=6 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=86400
x-accel-expires: @1664315439
server: CDN77-Turbo
x-77-nzt: AblMCRQcRKCh
x-77-nzt-ray: 3eEpxMyzCNw
x-cache: MISS
x-77-pop: stockholmSE
x-77-cache: MISS
content-encoding: br
X-Firefox-Spdy: h2

glimtors.net/custom

139.45.197.251

200 OK

39 B

URL HTTP/2
glimtors.net/custom
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mynewsj.com/
Content-Type: application/json
Origin: https://mynewsj.com
Content-Length: 378
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: e428245fedbc4bf3af4afdbeaf7dd1ca
access-control-allow-origin: https://mynewsj.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

id5-sync.com/api/config/prebid

162.19.138.117

200

134 B

URL HTTP/1.1
id5-sync.com/api/config/prebid
IP
162.19.138.117:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with no line terminators
Size
134 B (134 bytes)
Hash
99be75395b3c89cdd6781761e5a85ad2
225a8b587c3545be2581aa9ac2b630b51679d7be
559ffc5fa5eadd77f8bfaaeb793648763e312a17391d8e6bbb7d8d3dec2147e1

HTTP Headers

POST /api/config/prebid HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 95
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://mynewsj.com
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Mon, 26 Sep 2022 21:50:39 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

kvt.sddan.com/api/v1/public/p/29567/d/50/s?callback=&gdpr=&gdpr_consent=&url=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F

51.158.28.83

200 OK

118 B

URL HTTP/1.1
kvt.sddan.com/api/v1/public/p/29567/d/50/s?callback=&gdpr=&gdpr_consent=&url=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F
IP
51.158.28.83:0
ASN
#12876 Online S.a.s.

File type
JSON data\012- , ASCII text, with very long lines (317), with no line terminators
Size
118 B (118 bytes)
Hash
350908fb75d72054dbfb7a637c6f567a
5014c5a3885141633ce05e86424d4f21a1f3ef44
c368901d92f3ab884788033b4863b060053affe897a504901430c7e9c5970d20

HTTP Headers

GET /api/v1/public/p/29567/d/50/s?callback=&gdpr=&gdpr_consent=&url=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F HTTP/1.1
Host: kvt.sddan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Mon, 26 Sep 2022 21:50:39 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: https://mynewsj.com
Cache-Control: private, max-age=60
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
Content-Encoding: gzip

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
913c61d083eb3043c5860e5de0ff263e
650b8fb90c1ae31ba7343d157461a2d8f77ee41a
59287ca88d16f6883014c0424e1b9f5fa90b33a606115b2a622c234e121b4157

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59287CA88D16F6883014C0424E1B9F5FA90B33A606115B2A622C234E121B4157"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9097
Expires: Tue, 27 Sep 2022 00:22:17 GMT
Date: Mon, 26 Sep 2022 21:50:40 GMT
Connection: keep-alive

lb.eu-1-id5-sync.com/lb/v1

141.95.98.67

200

33 B

URL HTTP/1.1
lb.eu-1-id5-sync.com/lb/v1
IP
141.95.98.67:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with no line terminators
Size
33 B (33 bytes)
Hash
22a78a33628a209bbec05f4c87c2a5c2
cc439fc604814f474cf692a65cfdc8bee6d3e828
2974a7e03c9cb17f049c3d839bf7c5868334f86892bb383f83693b564ba7f1d9

HTTP Headers

GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://mynewsj.com
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Mon, 26 Sep 2022 21:50:39 GMT

borrowdefeat.com/16/63/45/16634562c53f547c47deb1db0259b76a.js

192.243.61.225

200 OK

20 kB

URL HTTP/1.1
borrowdefeat.com/16/63/45/16634562c53f547c47deb1db0259b76a.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (59381), with no line terminators
Size
20 kB (20323 bytes)
Hash
a63ed3884191b248cb33e0d1e61bb09c
8569e62fb350984d2fabe62cc11efaf789201d45
de3778541f23cfc0de0ffaed5c86904bd484f3053d510eeaca945f46ae3b032b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /16/63/45/16634562c53f547c47deb1db0259b76a.js HTTP/1.1
Host: borrowdefeat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 26 Sep 2022 21:50:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 716123f88fdd72c0aa370f8443ba1997
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

borrowdefeat.com/e3/9e/6d/e39e6de78434e75a812da1a674f8e022.js

192.243.61.225

200 OK

13 kB

URL HTTP/1.1
borrowdefeat.com/e3/9e/6d/e39e6de78434e75a812da1a674f8e022.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (37118), with no line terminators
Size
13 kB (13396 bytes)
Hash
3b64901856d1f796bbe13d6d8eaba85f
2e662c60616e5830a626c888b692ec20db00b753
6e4637d7a45dd6a8afc185bf9a8d899ed6e1305ef36828c905202fc85f528728

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /e3/9e/6d/e39e6de78434e75a812da1a674f8e022.js HTTP/1.1
Host: borrowdefeat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 26 Sep 2022 21:50:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b0eb59f8634f790a81c01bbe45330b02
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

e1.o.lencr.org/

23.36.76.226

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
470c3c3d2ebfbe6d7773c0191b7b978c
9d0f430c8d9b85d91e326317eba71c14e1b6d53d
672008d20d4594fef781c0f8dc413a0c5c33db1470b3c84774fde2c85e1b6058

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "672008D20D4594FEF781C0F8DC413A0C5C33DB1470B3C84774FDE2C85E1B6058"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5413
Expires: Mon, 26 Sep 2022 23:20:53 GMT
Date: Mon, 26 Sep 2022 21:50:40 GMT
Connection: keep-alive

dozubatan.com/400/4495524?oo=1&oaid=b88a4e81819d491b8c8d2cb7f6079214

139.45.197.237

200 OK

999 B

URL HTTP/2
dozubatan.com/400/4495524?oo=1&oaid=b88a4e81819d491b8c8d2cb7f6079214
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
999 B (999 bytes)
Hash
a4b333ae03466ba22afe2cc153464647
074f9b09d4a70bf2d8b8fe1c86e640ac8de8a2b0
fed7dce2ce5113fa833e0bf311b64aa5975f8d1ff216454cb2bae746e064df3a

HTTP Headers

GET /400/4495524?oo=1&oaid=b88a4e81819d491b8c8d2cb7f6079214 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Cookie: OAID=a413563f5a654b1bbdd83282cd3fc823
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/json
x-trace-id: f0f2d0c5420173759bc2d4495810c9ad
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://mynewsj.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=b88a4e81819d491b8c8d2cb7f6079214; expires=Tue, 26 Sep 2023 21:50:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

script.4dex.io/localstore.js

172.67.75.241

200 OK

23 kB

URL HTTP/2
script.4dex.io/localstore.js
IP
172.67.75.241:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (482)
Size
23 kB (23256 bytes)
Hash
528a797dd3a1c6b76c5ca35755d888cb
82729178006fb8f67bc31178ba6b05f61134bb05
8b5b88754faec08cae0cc999a830e0a6f6a3d6f875c3fb0636e2a3d15cfc483f

HTTP Headers

GET /localstore.js HTTP/1.1
Host: script.4dex.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/javascript
x-amz-id-2: txac4c56ce13c94b3e8f3f6-0063316a9c
last-modified: Mon, 26 Sep 2022 09:01:16 GMT
etag: W/"922cffdd75f7192f75231d92684885aa"
cache-control: public, max-age=1800
x-amz-version-id: 1664182876788516
x-amz-request-id: txac4c56ce13c94b3e8f3f6-0063316a9c
cf-cache-status: HIT
age: 46098
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3uEbSIu7r7V92U9eYGAUvrZ%2Bpx3F8fsyhTw1zXAhdIgw%2BpgJJLw3vz177wG7YEP6IVrtXmqlNr7S07KDzRU2zMcxaH3nGf03NVVt%2B%2BcaF8MJNRVf2lUM7lqzIoIOt6dA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f376b3cc50b02-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
18e63e03996c64ae5798541fbfd9fd15
9cf14a22e5eff72ca9f8f8f2d159622f47c592e3
488d4f9856a4a2315d9d63feaff435a480a35f1e3707f7c8f1e88941d9ebc938

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2230
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:40 GMT
Last-Modified: Mon, 26 Sep 2022 21:13:30 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278

benumelan.com/42/38?z=3846473

139.45.197.239

200 OK

0 B

URL HTTP/2
benumelan.com/42/38?z=3846473
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /42/38?z=3846473 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Cookie: OAID=9019c06fa7bf492e9a09448e8a2fbd77; oaidts=1664229039; scm=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: c7b55bb5f48ed8045f7865212128ccbf
access-control-expose-headers: X-Sc
set-cookie: OAID=9019c06fa7bf492e9a09448e8a2fbd77; expires=Tue, 26 Sep 2023 21:50:40 GMT; secure; SameSite=None
oaidts=1664229039; expires=Tue, 26 Sep 2023 21:50:40 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.39:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ee09b6ab7cfd6fb00b3abacbba58e7bc
4903c09b843081d2e873e272515d2ac8751a0461
92828a32c13bba32c5986661a9570f69f67020c43f452302d7501f159905b731

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 21:50:40 GMT
Last-Modified: Mon, 26 Sep 2022 21:46:50 GMT
Server: ECS (nyb/1D12)
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: d1-16lD93ZVTik36ZIQ2QHBu4VK4wZdRbpzpRRrg8xn38uYs_vmU4w==
Age: 231

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.39:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ee09b6ab7cfd6fb00b3abacbba58e7bc
4903c09b843081d2e873e272515d2ac8751a0461
92828a32c13bba32c5986661a9570f69f67020c43f452302d7501f159905b731

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 21:50:40 GMT
Last-Modified: Mon, 26 Sep 2022 21:33:35 GMT
Server: ECS (nyb/1DD2)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kME8LUidu4roEeVfdcCjNjno_oGYECb_0wyybEz_n-l2L7c2_QRLMg==
Age: 1025

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
0316f0c689d8e865ad6b83ef26277056
ac1999271f93ac45dfd3c89cf2b7e66bc36321b4
1ee1f684dfdaddbd0b07a6a6f9ad38d3430065daeaf835352722c5a088296c25

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6200
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:40 GMT
Last-Modified: Mon, 26 Sep 2022 20:07:20 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 312

simplewebanalysis.com/stats

3.66.118.16

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
3.66.118.16:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
9a5570918fb5e1b141ad4d46a692e5e3
23cffb895fb32e2423d5b77a323173fb22e1959a
aa05a2720afdf2e843575bde4de41b489e0da91e0fd2549b061b4f09ce82ce77

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mynewsj.com
access-control-allow-credentials: true
set-cookie: uid_id2=fade8ed4-91e5-40da-b9d4-bf00703688ff:3:1; expires=Thu, 23 Sep 2032 21:50:40 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

dnacdn.net/dna

178.250.2.146

200 OK

0 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:39 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=qJeejF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQkFFU2h4RVA2Y3NRYlF1OEtlTVRFN1dCakpFJTJGU0VleWdnVCUyRlVDa3Qzb2Q; expires=Sat, 21 Oct 2023 21:50:40 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://mynewsj.com
server-processing-duration-in-ticks: 254488
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

simplewebanalysis.com/stats

3.66.118.16

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
3.66.118.16:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
cb7b6d80952f63d361847029b012c1cf
e19dd917c289f0a2126a9246c55c89e6f1273618
1c7b4cc09454cec47c3b07e9322ee2d34afdc4aaa1888cc56d15242565df9bb6

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mynewsj.com
access-control-allow-credentials: true
set-cookie: uid_id2=1c74e8f0-f883-446a-a7e0-6be1d2735c17:2:1; expires=Thu, 23 Sep 2032 21:50:40 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

benumelan.com/27/b7bd02994a2771796f8a835cfb750d4b

139.45.197.239

200 OK

132 kB

URL HTTP/2
benumelan.com/27/b7bd02994a2771796f8a835cfb750d4b
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type
data
Size
132 kB (131591 bytes)
Hash
e56e7669b3414831e1649e388e945562
72309fa6f1cd6ef3a21b7f9c2e564a03ac4db523
95dbbf38f7dda8d4979245fd0ab1e30eeea56be78bb6f124ea18fa8ea9154f12

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /27/b7bd02994a2771796f8a835cfb750d4b HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Cookie: OAID=9019c06fa7bf492e9a09448e8a2fbd77; oaidts=1664229039; scm=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 22 Sep 2022 08:42:06 GMT
expires: Thu, 22 Oct 2082 08:42:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
008bb0f15929580c49beb48408615d01
a28e34ab71eea646efaf0a505a3bd07671bd6012
f612ef9519f2b8baad9918a77a873fb28c691518df1504fb32a47af79b8f7e18

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 21:50:40 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 00:52:20 GMT
Expires: Mon, 03 Oct 2022 00:52:19 GMT
Etag: "a28e34ab71eea646efaf0a505a3bd07671bd6012"
Cache-Control: max-age=528698,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 750f376dba22b511-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
18e63e03996c64ae5798541fbfd9fd15
9cf14a22e5eff72ca9f8f8f2d159622f47c592e3
488d4f9856a4a2315d9d63feaff435a480a35f1e3707f7c8f1e88941d9ebc938

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2230
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:40 GMT
Last-Modified: Mon, 26 Sep 2022 21:13:30 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mynewsj.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://mynewsj.com
Content-Length: 1527
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 26 Sep 2022 21:50:58 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://mynewsj.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
348b8e9ff9789e9d04b35565f1f4a16e
a389fe1e390d2177191f58967c5291e9fcf8fea9
42393bbebc5bda5422c410adb413ddebf976d70fea8ca3ae50bd8dfddee645df

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "42393BBEBC5BDA5422C410ADB413DDEBF976D70FEA8CA3AE50BD8DFDDEE645DF"
Last-Modified: Sun, 25 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20413
Expires: Tue, 27 Sep 2022 03:30:53 GMT
Date: Mon, 26 Sep 2022 21:50:40 GMT
Connection: keep-alive

benumelan.com/9?z=3846473&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=b88a4e81819d491b8c8d2cb7f6079214

139.45.197.239

204 No Content

0 B

URL HTTP/2
benumelan.com/9?z=3846473&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=b88a4e81819d491b8c8d2cb7f6079214
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /9?z=3846473&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=b88a4e81819d491b8c8d2cb7f6079214 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mynewsj.com/
Origin: https://mynewsj.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Mon, 26 Sep 2022 21:50:40 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://mynewsj.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

dozubatan.com/500/4495524?excludes=&oaid=b88a4e81819d491b8c8d2cb7f6079214&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
dozubatan.com/500/4495524?excludes=&oaid=b88a4e81819d491b8c8d2cb7f6079214&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/4495524?excludes=&oaid=b88a4e81819d491b8c8d2cb7f6079214&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://mynewsj.com/
Origin: https://mynewsj.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:40 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://mynewsj.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e5972f9f6fc0be929a64913dea312cee
33349fdbac15f6ff221faec8544fcd12f89d2b72
e2e6e877fb44749adab6bf278a92c25f32d7212d12825246cd0110a2fce820bb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2E6E877FB44749ADAB6BF278A92C25F32D7212D12825246CD0110A2FCE820BB"
Last-Modified: Mon, 26 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13925
Expires: Tue, 27 Sep 2022 01:42:45 GMT
Date: Mon, 26 Sep 2022 21:50:40 GMT
Connection: keep-alive

inpagepush.com/500/3156537?excludes=&oaid=b88a4e81819d491b8c8d2cb7f6079214&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

4.9 kB

URL HTTP/2
inpagepush.com/500/3156537?excludes=&oaid=b88a4e81819d491b8c8d2cb7f6079214&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
4.9 kB (4875 bytes)
Hash
5d2ce4876369c17cff650568cb180c91
383c99b795059d6f23d4c458c492742d5923ac60
3d94bff5d1a808f832e094d95f5b72b423263e84989395e9dcc894ac72adf92c

HTTP Headers

OPTIONS /500/3156537?excludes=&oaid=b88a4e81819d491b8c8d2cb7f6079214&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://mynewsj.com/
Origin: https://mynewsj.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:40 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://mynewsj.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

benumelan.com/11?rnd=1008857176&z=3846473&b=14566424&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=K82JpRUqo7ufk7r9wTzC3WmZlB-UnMKAGh1YJUsESBd1naqby1V7Xm2h_0l4sbUy6JnWyR0QKEO7Jd0q-sligcZ5F8QEyMdCVDR2iCvSHIPJvB9i8RawbPOXzSLTZ8Hb53eDIQXjHdrbSfgseV_a2sZLSMOcha0q5WveXzPuv39G01FU1dp-s71OtzkpqtFt9dlbiyRInWevUQ-rh68gsd6s_LaXi58OVFvHDz_4wR6gB8nVBenw7pqZhiKFJqzyinjpFogPtj_6nwtavc9d22tp-dBv3M2JwQnZjllExX2QpkVmrLfDFziHsqR3OnOO2xttZSIwWEqcIQJvwy9SCBxJPYlefb1QNvhevW2tKm9DzsseshPHRF4Nan-UAhwRRH69VdLABWOS-uW-NYgAzyniSW7oM0U_4T90eLAs4a1Ela17wtd_lMSzLood3qDL7ZPzq2F-Q3eD3kSs-5ATG86Rt15oPXzH1Th-e3WorBItRAglm7_RPl1EIxVnVtiEx2sUhhMbF8w0cl6gUqK4jOKFcbPSpfBkVbBKoHYxiA4Cfhz2CSuF4_KcPzhCpxibJdKQkDNYeWGzLl3ngHD7QlGrmCreZcHgN8Xa3cbqrykzqFXK1z66V2qKQl3inNDXjpVdmfRW8UAyGbCqg0lm6Q==&ruid=5733d763-4657-4181-add8-86e88a28cc3c&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=164

139.45.197.239

200 OK

0 B

URL HTTP/2
benumelan.com/11?rnd=1008857176&z=3846473&b=14566424&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=K82JpRUqo7ufk7r9wTzC3WmZlB-UnMKAGh1YJUsESBd1naqby1V7Xm2h_0l4sbUy6JnWyR0QKEO7Jd0q-sligcZ5F8QEyMdCVDR2iCvSHIPJvB9i8RawbPOXzSLTZ8Hb53eDIQXjHdrbSfgseV_a2sZLSMOcha0q5WveXzPuv39G01FU1dp-s71OtzkpqtFt9dlbiyRInWevUQ-rh68gsd6s_LaXi58OVFvHDz_4wR6gB8nVBenw7pqZhiKFJqzyinjpFogPtj_6nwtavc9d22tp-dBv3M2JwQnZjllExX2QpkVmrLfDFziHsqR3OnOO2xttZSIwWEqcIQJvwy9SCBxJPYlefb1QNvhevW2tKm9DzsseshPHRF4Nan-UAhwRRH69VdLABWOS-uW-NYgAzyniSW7oM0U_4T90eLAs4a1Ela17wtd_lMSzLood3qDL7ZPzq2F-Q3eD3kSs-5ATG86Rt15oPXzH1Th-e3WorBItRAglm7_RPl1EIxVnVtiEx2sUhhMbF8w0cl6gUqK4jOKFcbPSpfBkVbBKoHYxiA4Cfhz2CSuF4_KcPzhCpxibJdKQkDNYeWGzLl3ngHD7QlGrmCreZcHgN8Xa3cbqrykzqFXK1z66V2qKQl3inNDXjpVdmfRW8UAyGbCqg0lm6Q==&ruid=5733d763-4657-4181-add8-86e88a28cc3c&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=164
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /11?rnd=1008857176&z=3846473&b=14566424&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=K82JpRUqo7ufk7r9wTzC3WmZlB-UnMKAGh1YJUsESBd1naqby1V7Xm2h_0l4sbUy6JnWyR0QKEO7Jd0q-sligcZ5F8QEyMdCVDR2iCvSHIPJvB9i8RawbPOXzSLTZ8Hb53eDIQXjHdrbSfgseV_a2sZLSMOcha0q5WveXzPuv39G01FU1dp-s71OtzkpqtFt9dlbiyRInWevUQ-rh68gsd6s_LaXi58OVFvHDz_4wR6gB8nVBenw7pqZhiKFJqzyinjpFogPtj_6nwtavc9d22tp-dBv3M2JwQnZjllExX2QpkVmrLfDFziHsqR3OnOO2xttZSIwWEqcIQJvwy9SCBxJPYlefb1QNvhevW2tKm9DzsseshPHRF4Nan-UAhwRRH69VdLABWOS-uW-NYgAzyniSW7oM0U_4T90eLAs4a1Ela17wtd_lMSzLood3qDL7ZPzq2F-Q3eD3kSs-5ATG86Rt15oPXzH1Th-e3WorBItRAglm7_RPl1EIxVnVtiEx2sUhhMbF8w0cl6gUqK4jOKFcbPSpfBkVbBKoHYxiA4Cfhz2CSuF4_KcPzhCpxibJdKQkDNYeWGzLl3ngHD7QlGrmCreZcHgN8Xa3cbqrykzqFXK1z66V2qKQl3inNDXjpVdmfRW8UAyGbCqg0lm6Q==&ruid=5733d763-4657-4181-add8-86e88a28cc3c&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=164 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Cookie: OAID=b88a4e81819d491b8c8d2cb7f6079214; oaidts=1664229039; scm=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://mynewsj.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: ea95fb84b6ad9555c6998ad55977d14e
access-control-expose-headers: X-Sc
set-cookie: OAID=b88a4e81819d491b8c8d2cb7f6079214; expires=Tue, 26 Sep 2023 21:50:40 GMT; secure; SameSite=None
oaidts=1664229039; expires=Tue, 26 Sep 2023 21:50:40 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dabad6b7764060bb8686bc897cf22c19
bf654d2b96cfdce51abadf5772fdb427f3daaba7
ed0c5939d632a76390de65605121bc06c85d635cfd2f6b937368625030c2ff07

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED0C5939D632A76390DE65605121BC06C85D635CFD2F6B937368625030C2FF07"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13881
Expires: Tue, 27 Sep 2022 01:42:01 GMT
Date: Mon, 26 Sep 2022 21:50:40 GMT
Connection: keep-alive

script.4dex.io/adagio.js

172.67.75.241

200 OK

23 kB

URL HTTP/2
script.4dex.io/adagio.js
IP
172.67.75.241:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65354)
Size
23 kB (22599 bytes)
Hash
deab6b9a15d1b31da7a9e3d1fff757b3
878b39f11e54be3fecf3d05822c9979986b889b9
293dac1bf1d6c1abfa53f1517f33cf65c9bb810ec4cf81d350b59ec4e068c30c

HTTP Headers

GET /adagio.js HTTP/1.1
Host: script.4dex.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mynewsj.com/
Origin: https://mynewsj.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/javascript
access-control-allow-headers: Authorization
access-control-max-age: 3000
x-amz-id-2: txc23635d5c38c4a339b9ad-0063317fb4
access-control-allow-credentials: true
x-amz-request-id: txc23635d5c38c4a339b9ad-0063317fb4
last-modified: Mon, 26 Sep 2022 09:01:16 GMT
etag: W/"def38d7482d5ca96063df889ba7bcc30"
cache-control: public, max-age=1800
x-amz-version-id: 1664182876082916
access-control-allow-methods: GET
access-control-allow-origin: *
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KR4%2FSpM4TSuP%2BV17phE%2BmUySeLFbXpjpWZHA1QWfK6S4OcGpzlk%2BYdbqu9MpDP7UZ2fQzv6kEFIzvsxYjgk9VDhrSDGf02vQLxkPEJAjmnXFsexR5vHWNvVGVuwWeGgt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f376b9a301c06-OSL
content-encoding: br
X-Firefox-Spdy: h2

offerimage.com/www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg

104.22.32.172

200 OK

13 kB

URL HTTP/2
offerimage.com/www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg
IP
104.22.32.172:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
13 kB (13449 bytes)
Hash
375d4eace3e9692bfe2fc21648f4c59a
57ef9b8278b63d567eab92b8607b68cee29071b8
46005b3961515220591e6df79d2713774deb57a082dda8162c3d182bcad3aa1b

HTTP Headers

GET /www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: image/jpeg
content-length: 13449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6231b480-3489"
expires: Tue, 27 Sep 2022 13:38:20 GMT
last-modified: Wed, 16 Mar 2022 09:57:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 29540
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f37718f9f95eb-ARN
X-Firefox-Spdy: h2

offerimage.com/www/images/a563edd673308b2cd8cc1ec9c0543417.png

104.22.32.172

200 OK

76 kB

URL HTTP/2
offerimage.com/www/images/a563edd673308b2cd8cc1ec9c0543417.png
IP
104.22.32.172:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
76 kB (76281 bytes)
Hash
a563edd673308b2cd8cc1ec9c0543417
bff09cb9d8c3dadb244db8d24b6f58b8dfab6469
bbd22caad95af25c9ccf019fe7499c74743b7ef4eaceeffe0781c3f64f054b0c

HTTP Headers

GET /www/images/a563edd673308b2cd8cc1ec9c0543417.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: image/png
content-length: 76281
last-modified: Tue, 07 Jun 2022 21:58:32 GMT
etag: "629fca08-129f9"
expires: Mon, 26 Sep 2022 22:10:19 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 86400
timing-allow-origin: *
cf-cache-status: HIT
age: 85221
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f3771afb595eb-ARN
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6042
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:50:40 GMT
Connection: keep-alive

interstitial-07.com/?l=p8NYtlbFpV62T4w&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3878966887%26z%3D3846473%26b%3D14566424%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DK82JpRUqo7ufk7r9wTzC3WmZlB-UnMKAGh1YJUsESBd1naqby1V7Xm2h_0l4sbUy6JnWyR0QKEO7Jd0q-sligcZ5F8QEyMdCVDR2iCvSHIPJvB9i8RawbPOXzSLTZ8Hb53eDIQXjHdrbSfgseV_a2sZLSMOcha0q5WveXzPuv39G01FU1dp-s71OtzkpqtFt9dlbiyRInWevUQ-rh68gsd6s_LaXi58OVFvHDz_4wR6gB8nVBenw7pqZhiKFJqzyinjpFogPtj_6nwtavc9d22tp-dBv3M2JwQnZjllExX2QpkVmrLfDFziHsqR3OnOO2xttZSIwWEqcIQJvwy9SCBxJPYlefb1QNvhevW2tKm9DzsseshPHRF4Nan-UAhwRRH69VdLABWOS-uW-NYgAzyniSW7oM0U_4T90eLAs4a1Ela17wtd_lMSzLood3qDL7ZPzq2F-Q3eD3kSs-5ATG86Rt15oPXzH1Th-e3WorBItRAglm7_RPl1EIxVnVtiEx2sUhhMbF8w0cl6gUqK4jOKFcbPSpfBkVbBKoHYxiA4Cfhz2CSuF4_KcPzhCpxibJdKQkDNYeWGzLl3ngHD7QlGrmCreZcHgN8Xa3cbqrykzqFXK1z66V2qKQl3inNDXjpVdmfRW8UAyGbCqg0lm6Q%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D5733d763-4657-4181-add8-86e88a28cc3c%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fmynewsj.com%252Fnews%252Funcategorized%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0

139.45.197.151

200 OK

3.4 kB

URL HTTP/2
interstitial-07.com/?l=p8NYtlbFpV62T4w&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3878966887%26z%3D3846473%26b%3D14566424%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DK82JpRUqo7ufk7r9wTzC3WmZlB-UnMKAGh1YJUsESBd1naqby1V7Xm2h_0l4sbUy6JnWyR0QKEO7Jd0q-sligcZ5F8QEyMdCVDR2iCvSHIPJvB9i8RawbPOXzSLTZ8Hb53eDIQXjHdrbSfgseV_a2sZLSMOcha0q5WveXzPuv39G01FU1dp-s71OtzkpqtFt9dlbiyRInWevUQ-rh68gsd6s_LaXi58OVFvHDz_4wR6gB8nVBenw7pqZhiKFJqzyinjpFogPtj_6nwtavc9d22tp-dBv3M2JwQnZjllExX2QpkVmrLfDFziHsqR3OnOO2xttZSIwWEqcIQJvwy9SCBxJPYlefb1QNvhevW2tKm9DzsseshPHRF4Nan-UAhwRRH69VdLABWOS-uW-NYgAzyniSW7oM0U_4T90eLAs4a1Ela17wtd_lMSzLood3qDL7ZPzq2F-Q3eD3kSs-5ATG86Rt15oPXzH1Th-e3WorBItRAglm7_RPl1EIxVnVtiEx2sUhhMbF8w0cl6gUqK4jOKFcbPSpfBkVbBKoHYxiA4Cfhz2CSuF4_KcPzhCpxibJdKQkDNYeWGzLl3ngHD7QlGrmCreZcHgN8Xa3cbqrykzqFXK1z66V2qKQl3inNDXjpVdmfRW8UAyGbCqg0lm6Q%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D5733d763-4657-4181-add8-86e88a28cc3c%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fmynewsj.com%252Fnews%252Funcategorized%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP
139.45.197.151:0
ASN
#9002 RETN Limited

File type
data
Size
3.4 kB (3408 bytes)
Hash
5733595ae7e1bb51d36f13f3cdd8a1b2
c33f4333d3fa99dbaf1627efbf661e421d5254b9
8766fd9442094942c362bf5e9e82e5634c3b68c66ab46ab355c405b1ade8c330

HTTP Headers

GET /?l=p8NYtlbFpV62T4w&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3878966887%26z%3D3846473%26b%3D14566424%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DK82JpRUqo7ufk7r9wTzC3WmZlB-UnMKAGh1YJUsESBd1naqby1V7Xm2h_0l4sbUy6JnWyR0QKEO7Jd0q-sligcZ5F8QEyMdCVDR2iCvSHIPJvB9i8RawbPOXzSLTZ8Hb53eDIQXjHdrbSfgseV_a2sZLSMOcha0q5WveXzPuv39G01FU1dp-s71OtzkpqtFt9dlbiyRInWevUQ-rh68gsd6s_LaXi58OVFvHDz_4wR6gB8nVBenw7pqZhiKFJqzyinjpFogPtj_6nwtavc9d22tp-dBv3M2JwQnZjllExX2QpkVmrLfDFziHsqR3OnOO2xttZSIwWEqcIQJvwy9SCBxJPYlefb1QNvhevW2tKm9DzsseshPHRF4Nan-UAhwRRH69VdLABWOS-uW-NYgAzyniSW7oM0U_4T90eLAs4a1Ela17wtd_lMSzLood3qDL7ZPzq2F-Q3eD3kSs-5ATG86Rt15oPXzH1Th-e3WorBItRAglm7_RPl1EIxVnVtiEx2sUhhMbF8w0cl6gUqK4jOKFcbPSpfBkVbBKoHYxiA4Cfhz2CSuF4_KcPzhCpxibJdKQkDNYeWGzLl3ngHD7QlGrmCreZcHgN8Xa3cbqrykzqFXK1z66V2qKQl3inNDXjpVdmfRW8UAyGbCqg0lm6Q%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D5733d763-4657-4181-add8-86e88a28cc3c%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fmynewsj.com%252Fnews%252Funcategorized%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=KOcWePTVPapqen-U6kmJ3s3UzQNf7gRK57f3TQb18IA; expires=Mon, 26-Sep-2022 22:50:40 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2

creepingbrings.com/sfp.js

172.64.128.12

200 OK

28 kB

URL HTTP/2
creepingbrings.com/sfp.js
IP
172.64.128.12:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27622 bytes)
Hash
725405ac12f6f8a2c5dea96b907cc076
8582111d92a21afba58ba2ebef2532cf0fcdd347
f16d88e44658b9c58f2fa9a91077412b2e815b1e54359c44938a2246e902dc46

HTTP Headers

GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 483acfc9f757d97903a1e75d4b318b84
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 26 Sep 2022 21:50:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2FihmRhq9Ddutf2kW1vP6ayuLLQzheKVS7ofaISPJv3J46sGVsNoX8AD%2B57YRq%2BvRUfT%2B73%2B1%2Bi%2BBPxbNzGAJKHvnot9ZJodoLcSqgJ6u0gQSnGrLSZrfamisZrhoascb6uU51I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f376e0b6ff42b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6042
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:50:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6042
Expires: Mon, 26 Sep 2022 23:31:22 GMT
Date: Mon, 26 Sep 2022 21:50:40 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10279 bytes)
Hash
8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 0f361c26-1f12-421a-9752-7d4fcdf839ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4V65GTXIAMF9-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd045-25677a637307879044de8242;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:14:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qvSIyV7uvUzXFn6Sw3izoZxQoFbmyRzQ9WKl33D7fNTcuV6WXTzD9Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 05:01:28 GMT
age: 60552
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5157 bytes)
Hash
2fe8c4f0c70fb6c1f4259eabedc7015e
85e378d0fff856832a8dd01743516b9476fed8c6
508a1c7d350fcf82d1ece0b99f8557b2f300c7c1148f28c3ae9fece20530e4b6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5157
x-amzn-requestid: b5748f49-693f-4bc3-a850-cb68e770de24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUG9GUHIAMF7pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd5f-5d2aaa212cf1be2506593746;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4h9lb_7egxb2hBbxjcS_cpZ5lDq6Lx-c_WUZyRHdUA0YTwr6kgDuiQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:10:16 GMT
age: 85224
etag: "85e378d0fff856832a8dd01743516b9476fed8c6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11728 bytes)
Hash
968b9c138702fb5994d1d9eab1a697fa
9660bb2d38079182efbd11d7a687bfc7f9d30751
5ba74820ad451747c8ed25529f06b037bebf4c0616a1f2165c9197c1171db7a6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11728
x-amzn-requestid: bf60e58f-c4f4-45c7-923b-0d1539f720f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUCGGw7oAMF3wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd40-32043c1b1411544f5d00edc0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:50:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: H4KXhBaRw3SvzBrbl30mV6R_vJ8bXBkyicb8fQiTp6YSBHjE8iFkNQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:49:56 GMT
etag: "9660bb2d38079182efbd11d7a687bfc7f9d30751"
content-type: image/jpeg
age: 82844
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8637 bytes)
Hash
d02ede0c964f3346fd53ae2950bf2a62
e49306a3713cb724be024a4ddb5e90645718a718
c0e653d89656016c55aca9b198b9191620f1ae9a3c45742a90744bd74c4f9505

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8637
x-amzn-requestid: 07dc23e0-000f-4f6c-8d2b-0e65d88be270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvvEenoAMFr0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-520803124760abc216152d7b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HCJ483GPdpPhC7oYm1GrA02BqqST9sfqfCBSA93rZqaQYl-jezgP5Q==
via: 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:20:40 GMT
age: 84600
etag: "e49306a3713cb724be024a4ddb5e90645718a718"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fmynewsj.com%2F&domain=mynewsj.com&cw=1&lsw=1

178.250.0.157

200 OK

6.0 kB

URL HTTP/2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fmynewsj.com%2F&domain=mynewsj.com&cw=1&lsw=1
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type
data
Size
6.0 kB (6002 bytes)
Hash
955587e297de6ebc64bbe8dbdc70cce9
25538589d8d3ee295d79d594f4aab6d3824ab06b
a97efbc58b35d5f0f6cf55b485ad2fdedb3eebfb0bd3616e9a72dba595f2c2e5

HTTP Headers

OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fmynewsj.com%2F&domain=mynewsj.com&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://mynewsj.com/
Origin: https://mynewsj.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://mynewsj.com
server-processing-duration-in-ticks: 452065
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10318 bytes)
Hash
a90590f26bae9ad9e95ffdfbfb7dd21d
cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3
33fe3394213e01d11c3e005cb5a678ba74511704d4132fc2bd9f7ad4e1b7dbfc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10318
x-amzn-requestid: 6a205445-8a9e-4f25-b144-ba6e6934d383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSlhFNAIAMFmBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330caef-61ecbf9154cd56131b940ac0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qP5-TglQAoTGc78-rIK27mKRTS_WthN0OpiiMqSF-y2rmWxVOyfNVw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:02:10 GMT
age: 85710
etag: "cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

interstitial-07.com/contents/s/59/18/87/696d730a6449b8b7387d630f8c/01605255030712.jpeg

139.45.197.151

200 OK

19 kB

URL HTTP/2
interstitial-07.com/contents/s/59/18/87/696d730a6449b8b7387d630f8c/01605255030712.jpeg
IP
139.45.197.151:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Size
19 kB (19158 bytes)
Hash
591887696d730a6449b8b7387d630f8c
6d3270da32d09e8456956eb63a22f4ddb8c7d1d1
bc664179d3ed921f7a6c959a125faf1cb25a03de68f0b19adf80c92560d0bae4

HTTP Headers

GET /contents/s/59/18/87/696d730a6449b8b7387d630f8c/01605255030712.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=p8NYtlbFpV62T4w&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3878966887%26z%3D3846473%26b%3D14566424%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DK82JpRUqo7ufk7r9wTzC3WmZlB-UnMKAGh1YJUsESBd1naqby1V7Xm2h_0l4sbUy6JnWyR0QKEO7Jd0q-sligcZ5F8QEyMdCVDR2iCvSHIPJvB9i8RawbPOXzSLTZ8Hb53eDIQXjHdrbSfgseV_a2sZLSMOcha0q5WveXzPuv39G01FU1dp-s71OtzkpqtFt9dlbiyRInWevUQ-rh68gsd6s_LaXi58OVFvHDz_4wR6gB8nVBenw7pqZhiKFJqzyinjpFogPtj_6nwtavc9d22tp-dBv3M2JwQnZjllExX2QpkVmrLfDFziHsqR3OnOO2xttZSIwWEqcIQJvwy9SCBxJPYlefb1QNvhevW2tKm9DzsseshPHRF4Nan-UAhwRRH69VdLABWOS-uW-NYgAzyniSW7oM0U_4T90eLAs4a1Ela17wtd_lMSzLood3qDL7ZPzq2F-Q3eD3kSs-5ATG86Rt15oPXzH1Th-e3WorBItRAglm7_RPl1EIxVnVtiEx2sUhhMbF8w0cl6gUqK4jOKFcbPSpfBkVbBKoHYxiA4Cfhz2CSuF4_KcPzhCpxibJdKQkDNYeWGzLl3ngHD7QlGrmCreZcHgN8Xa3cbqrykzqFXK1z66V2qKQl3inNDXjpVdmfRW8UAyGbCqg0lm6Q%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D5733d763-4657-4181-add8-86e88a28cc3c%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fmynewsj.com%252Fnews%252Funcategorized%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: image/jpeg
content-length: 19158
last-modified: Tue, 10 May 2022 15:13:46 GMT
etag: "627a812a-4ad6"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d3ea37777b24ad3132f8bc92164c608e
5701e444a0be8384b9e5e6e04b0c53d5753f638a
167cf989b2eb81bfcba5079d5216c0d83a019938bf47c8b67cbf633fc0070e4b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "167CF989B2EB81BFCBA5079D5216C0D83A019938BF47C8B67CBF633FC0070E4B"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1961
Expires: Mon, 26 Sep 2022 22:23:22 GMT
Date: Mon, 26 Sep 2022 21:50:41 GMT
Connection: keep-alive

interstitial-07.com/contents/s/82/c2/98/967e4b350bb719ede4040f63f0/0955806248559.jpeg

139.45.197.151

200 OK

35 kB

URL HTTP/2
interstitial-07.com/contents/s/82/c2/98/967e4b350bb719ede4040f63f0/0955806248559.jpeg
IP
139.45.197.151:0
ASN
#9002 RETN Limited

File type
data
Size
35 kB (34759 bytes)
Hash
3fe431688f37a64a24b715eb4f875d2f
2d9af4ed7706d76e9480cbab17c509f621485d3e
adc658b66ad110e4faef44c5f88eb3a36d70b62e3d41df1b81e21460bdd42707

HTTP Headers

GET /contents/s/82/c2/98/967e4b350bb719ede4040f63f0/0955806248559.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=p8NYtlbFpV62T4w&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fbenumelan.com%2F12%3Frnd%3D3878966887%26z%3D3846473%26b%3D14566424%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DK82JpRUqo7ufk7r9wTzC3WmZlB-UnMKAGh1YJUsESBd1naqby1V7Xm2h_0l4sbUy6JnWyR0QKEO7Jd0q-sligcZ5F8QEyMdCVDR2iCvSHIPJvB9i8RawbPOXzSLTZ8Hb53eDIQXjHdrbSfgseV_a2sZLSMOcha0q5WveXzPuv39G01FU1dp-s71OtzkpqtFt9dlbiyRInWevUQ-rh68gsd6s_LaXi58OVFvHDz_4wR6gB8nVBenw7pqZhiKFJqzyinjpFogPtj_6nwtavc9d22tp-dBv3M2JwQnZjllExX2QpkVmrLfDFziHsqR3OnOO2xttZSIwWEqcIQJvwy9SCBxJPYlefb1QNvhevW2tKm9DzsseshPHRF4Nan-UAhwRRH69VdLABWOS-uW-NYgAzyniSW7oM0U_4T90eLAs4a1Ela17wtd_lMSzLood3qDL7ZPzq2F-Q3eD3kSs-5ATG86Rt15oPXzH1Th-e3WorBItRAglm7_RPl1EIxVnVtiEx2sUhhMbF8w0cl6gUqK4jOKFcbPSpfBkVbBKoHYxiA4Cfhz2CSuF4_KcPzhCpxibJdKQkDNYeWGzLl3ngHD7QlGrmCreZcHgN8Xa3cbqrykzqFXK1z66V2qKQl3inNDXjpVdmfRW8UAyGbCqg0lm6Q%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D5733d763-4657-4181-add8-86e88a28cc3c%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fmynewsj.com%252Fnews%252Funcategorized%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: image/jpeg
content-length: 32256
last-modified: Tue, 10 May 2022 15:13:44 GMT
etag: "627a8128-7e00"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f0572919e89ef775d2faafdfee0b86db
1cd16614b2fb1f488f49d4cf9686d9b2591a741c
d6a578b97b79ce7801dbf11f1324b4d67fa269216713f3641dd8199c6b329cec

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D6A578B97B79CE7801DBF11F1324B4D67FA269216713F3641DD8199C6B329CEC"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6845
Expires: Mon, 26 Sep 2022 23:44:46 GMT
Date: Mon, 26 Sep 2022 21:50:41 GMT
Connection: keep-alive

unphionetor.com/vctx?t=72747

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vctx?t=72747
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Mon, 26 Sep 2022 21:50:41 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 5c440bbe41493ea1a235253c6fa96fc4
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

unphionetor.com/fv.js?t=72747&cb=792263956

139.45.197.236

200 OK

28 kB

URL HTTP/2
unphionetor.com/fv.js?t=72747&cb=792263956
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type
data
Size
28 kB (27857 bytes)
Hash
f7e3d7214584787bbf68d42f753631a2
99b0ff3796984a5001c657cb3f9b6fec1d59f95a
0c928c2688dc84a41641a8c551fd42c9435ec2584812dfd1e0fa32299e6b4a19

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fv.js?t=72747&cb=792263956 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:41 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 09995359f9ae1e4d8f12b943dc6070a3
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ced.sascdn.com/tag/1097/smart.js

23.36.77.24

200 OK

32 kB

URL HTTP/1.1
ced.sascdn.com/tag/1097/smart.js
IP
23.36.77.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
32 kB (32487 bytes)
Hash
be0bdd24329bd53a547db353696d08b2
1a41bc8c58e4ec707b74d094177a218136a26f30
618232978c60bc8d39bbef21c2b8fe00ce7feb4871d49d0bb6a4127748a3a40a

HTTP Headers

GET /tag/1097/smart.js HTTP/1.1
Host: ced.sascdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 32487
Cache-Control: public, max-age=7200
Expires: Mon, 26 Sep 2022 23:50:41 GMT
Date: Mon, 26 Sep 2022 21:50:41 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
002d49bafbcc428a44fe523322ad9e05
b39aad0d1e941121f28af8f9b6d76f19216800d5
59a10c7762be219b689cd518aea4d034aa725c6a632b7f866989dcf984b5e007

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
6534001bd01d291785ef0ca6d9e2c46b
45aa90f74282ee6506d789d3f173ef0723de8da7
8b363e76c075e2e03d3cbf5c884f6268ac01580eb9a4afc12767cf87aeb53505

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4692
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:41 GMT
Last-Modified: Mon, 26 Sep 2022 20:32:29 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

benumelan.com/11?rnd=1008857176&z=3846473&b=14566424&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=K82JpRUqo7ufk7r9wTzC3WmZlB-UnMKAGh1YJUsESBd1naqby1V7Xm2h_0l4sbUy6JnWyR0QKEO7Jd0q-sligcZ5F8QEyMdCVDR2iCvSHIPJvB9i8RawbPOXzSLTZ8Hb53eDIQXjHdrbSfgseV_a2sZLSMOcha0q5WveXzPuv39G01FU1dp-s71OtzkpqtFt9dlbiyRInWevUQ-rh68gsd6s_LaXi58OVFvHDz_4wR6gB8nVBenw7pqZhiKFJqzyinjpFogPtj_6nwtavc9d22tp-dBv3M2JwQnZjllExX2QpkVmrLfDFziHsqR3OnOO2xttZSIwWEqcIQJvwy9SCBxJPYlefb1QNvhevW2tKm9DzsseshPHRF4Nan-UAhwRRH69VdLABWOS-uW-NYgAzyniSW7oM0U_4T90eLAs4a1Ela17wtd_lMSzLood3qDL7ZPzq2F-Q3eD3kSs-5ATG86Rt15oPXzH1Th-e3WorBItRAglm7_RPl1EIxVnVtiEx2sUhhMbF8w0cl6gUqK4jOKFcbPSpfBkVbBKoHYxiA4Cfhz2CSuF4_KcPzhCpxibJdKQkDNYeWGzLl3ngHD7QlGrmCreZcHgN8Xa3cbqrykzqFXK1z66V2qKQl3inNDXjpVdmfRW8UAyGbCqg0lm6Q==&ruid=5733d763-4657-4181-add8-86e88a28cc3c&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1

139.45.197.239

200 OK

0 B

URL HTTP/2
benumelan.com/11?rnd=1008857176&z=3846473&b=14566424&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=K82JpRUqo7ufk7r9wTzC3WmZlB-UnMKAGh1YJUsESBd1naqby1V7Xm2h_0l4sbUy6JnWyR0QKEO7Jd0q-sligcZ5F8QEyMdCVDR2iCvSHIPJvB9i8RawbPOXzSLTZ8Hb53eDIQXjHdrbSfgseV_a2sZLSMOcha0q5WveXzPuv39G01FU1dp-s71OtzkpqtFt9dlbiyRInWevUQ-rh68gsd6s_LaXi58OVFvHDz_4wR6gB8nVBenw7pqZhiKFJqzyinjpFogPtj_6nwtavc9d22tp-dBv3M2JwQnZjllExX2QpkVmrLfDFziHsqR3OnOO2xttZSIwWEqcIQJvwy9SCBxJPYlefb1QNvhevW2tKm9DzsseshPHRF4Nan-UAhwRRH69VdLABWOS-uW-NYgAzyniSW7oM0U_4T90eLAs4a1Ela17wtd_lMSzLood3qDL7ZPzq2F-Q3eD3kSs-5ATG86Rt15oPXzH1Th-e3WorBItRAglm7_RPl1EIxVnVtiEx2sUhhMbF8w0cl6gUqK4jOKFcbPSpfBkVbBKoHYxiA4Cfhz2CSuF4_KcPzhCpxibJdKQkDNYeWGzLl3ngHD7QlGrmCreZcHgN8Xa3cbqrykzqFXK1z66V2qKQl3inNDXjpVdmfRW8UAyGbCqg0lm6Q==&ruid=5733d763-4657-4181-add8-86e88a28cc3c&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /11?rnd=1008857176&z=3846473&b=14566424&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=K82JpRUqo7ufk7r9wTzC3WmZlB-UnMKAGh1YJUsESBd1naqby1V7Xm2h_0l4sbUy6JnWyR0QKEO7Jd0q-sligcZ5F8QEyMdCVDR2iCvSHIPJvB9i8RawbPOXzSLTZ8Hb53eDIQXjHdrbSfgseV_a2sZLSMOcha0q5WveXzPuv39G01FU1dp-s71OtzkpqtFt9dlbiyRInWevUQ-rh68gsd6s_LaXi58OVFvHDz_4wR6gB8nVBenw7pqZhiKFJqzyinjpFogPtj_6nwtavc9d22tp-dBv3M2JwQnZjllExX2QpkVmrLfDFziHsqR3OnOO2xttZSIwWEqcIQJvwy9SCBxJPYlefb1QNvhevW2tKm9DzsseshPHRF4Nan-UAhwRRH69VdLABWOS-uW-NYgAzyniSW7oM0U_4T90eLAs4a1Ela17wtd_lMSzLood3qDL7ZPzq2F-Q3eD3kSs-5ATG86Rt15oPXzH1Th-e3WorBItRAglm7_RPl1EIxVnVtiEx2sUhhMbF8w0cl6gUqK4jOKFcbPSpfBkVbBKoHYxiA4Cfhz2CSuF4_KcPzhCpxibJdKQkDNYeWGzLl3ngHD7QlGrmCreZcHgN8Xa3cbqrykzqFXK1z66V2qKQl3inNDXjpVdmfRW8UAyGbCqg0lm6Q==&ruid=5733d763-4657-4181-add8-86e88a28cc3c&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Cookie: OAID=b88a4e81819d491b8c8d2cb7f6079214; oaidts=1664229039; scm=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:41 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://mynewsj.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 1b50da8210d9a67af8a2056059d4142c
access-control-expose-headers: X-Sc
set-cookie: OAID=b88a4e81819d491b8c8d2cb7f6079214; expires=Tue, 26 Sep 2023 21:50:41 GMT; secure; SameSite=None
oaidts=1664229039; expires=Tue, 26 Sep 2023 21:50:41 GMT; secure; SameSite=None
oaidvc=1; expires=Tue, 26 Sep 2023 21:50:41 GMT; secure; SameSite=None
CNT=1_v1_GETeAAEAAAA9Sy4x; expires=Mon, 26 Sep 2022 22:50:41 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

ocsp.globalsign.com/gseccovsslca2018

104.18.21.226

200 OK

939 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
939 B (939 bytes)
Hash
62cc6c904bb5c5bd5e0d59fdb167dfbf
94919369317682ec46ad9fb0cc2088ca28b502b8
851f9b7ad3ba2951aac348b757fc1c3fd7122d7063bb45599d4aa4fb983c14ed

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 26 Sep 2022 21:50:41 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Fri, 30 Sep 2022 18:56:57 GMT
ETag: "94919369317682ec46ad9fb0cc2088ca28b502b8"
Last-Modified: Mon, 26 Sep 2022 18:56:58 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2887
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750f3773ddf30b3d-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
eb166e57597c83efa41b969bd403017d
a9d20ac8dfbb3121073f78a58e5fe2e623e21bed
184a49b16d6a67abf7e9d1e7499fefdc853cfadf5cd83fe7cb6aaea3e1397eba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184A49B16D6A67ABF7E9D1E7499FEFDC853CFADF5CD83FE7CB6AAEA3E1397EBA"
Last-Modified: Mon, 26 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17128
Expires: Tue, 27 Sep 2022 02:36:09 GMT
Date: Mon, 26 Sep 2022 21:50:41 GMT
Connection: keep-alive

cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=088ffde6-5fac-4755-688e-415ca1350dfd&reqId=47668b53-e6c2-423a-585f-1a657cc9dc7c&zdid=1258

142.250.74.34

302 Found

447 B

URL HTTP/2
cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=088ffde6-5fac-4755-688e-415ca1350dfd&reqId=47668b53-e6c2-423a-585f-1a657cc9dc7c&zdid=1258
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
447 B (447 bytes)
Hash
2494c26bf4bcb8a5350ff6e6d13c3f3c
945fcec6806a1480ca5297edc2ae4dfa6c2abe16
cbb10d1ed17419835be17bdb046da03f0de5f2e1677d47317f3d18139d827400

HTTP Headers

GET /pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=088ffde6-5fac-4755-688e-415ca1350dfd&reqId=47668b53-e6c2-423a-585f-1a657cc9dc7c&zdid=1258 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=088ffde6-5fac-4755-688e-415ca1350dfd&reqId=47668b53-e6c2-423a-585f-1a657cc9dc7c&zdid=1258&google_tc=
date: Mon, 26 Sep 2022 21:50:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 447
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 26-Sep-2022 22:05:41 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

cmp.quantcast.com/tcfv2/42/cmp2.js?referer=www.themoneytizer.com

143.204.55.17

200 OK

44 kB

URL HTTP/2
cmp.quantcast.com/tcfv2/42/cmp2.js?referer=www.themoneytizer.com
IP
143.204.55.17:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
44 kB (44475 bytes)
Hash
12c79d20072de682215fc3a627a4f26c
f1754a0a412afd9b9197376837ffcd6ceb40ca2c
5efe128fddb1fcb54af275e90c40aa8e75f0aba03b9bf9433b2e79f9b0ac9c66

HTTP Headers

GET /tcfv2/42/cmp2.js?referer=www.themoneytizer.com HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
access-control-max-age: 86400
last-modified: Tue, 05 Jul 2022 18:40:23 GMT
x-amz-server-side-encryption: AES256
x-amz-meta-qc-ineu: True
server: AmazonS3
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: br
cache-control: max-age=172800
date: Mon, 26 Sep 2022 21:50:24 GMT
etag: W/"9494b70738cd74c9137e65c29c0b1f3e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rtcJ3WIb7uvv9ZF8P2WXTPEvvotamTfw2UN8QNC8ku27t-tWCEHVmA==
age: 18
X-Firefox-Spdy: h2

banquetunarmedgrater.com/advertisers.js

192.243.59.20

200 OK

0 B

URL HTTP/1.1
banquetunarmedgrater.com/advertisers.js
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Mon, 26 Sep 2022 21:50:41 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 446d963a46431eb21d5b17b4affb65b1
Strict-Transport-Security: max-age=0; includeSubdomains

mc.yandex.ru/metrika/watch.js

77.88.21.119

200 OK

57 kB

URL HTTP/2
mc.yandex.ru/metrika/watch.js
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (570)
Size
57 kB (57285 bytes)
Hash
44366cc385a5c0f49df4f22b71434b42
3f56349f8a3fff52e28a3300052bdc2bde97371c
485ba52769d75db2ed79f65318d37070d09ce3441680aa22caa10ae3cdcb45cd

HTTP Headers

GET /metrika/watch.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 57285
date: Mon, 26 Sep 2022 21:50:41 GMT
access-control-allow-origin: *
etag: "632d6d03-dfc5"
expires: Mon, 26 Sep 2022 22:50:41 GMT
last-modified: Fri, 23 Sep 2022 11:23:31 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Mon, 26 Sep 2022 21:50:41 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: dee4ecf7cdf555aa91c48815464147e0
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

buttons-config.sharethis.com/js/61297b2724fac90012c3ba72.js

54.230.111.117

200 OK

457 B

URL HTTP/2
buttons-config.sharethis.com/js/61297b2724fac90012c3ba72.js
IP
54.230.111.117:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (457), with no line terminators
Size
457 B (457 bytes)
Hash
19378e5d0f5c381e523c93eae74ad890
5d6f7ea3d0b894a0f30ce0f1919b1d349f27e756
f67a2772e8a292d7d92eefccec94b7a029c43d08b21febb01b3ce1c32bd4d45a

HTTP Headers

GET /js/61297b2724fac90012c3ba72.js HTTP/1.1
Host: buttons-config.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript
content-length: 457
last-modified: Fri, 27 Aug 2021 23:54:16 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 21:49:44 GMT
cache-control: public, max-age=60
etag: "19378e5d0f5c381e523c93eae74ad890"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: X2L6CHZPd9y4yQvGtli_pljJ_b4mOhNOjpHRgXNsLuw3xXMWTkwQnw==
age: 58
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

wadmargincling.com/sbar.json?key=e39e6de78434e75a812da1a674f8e022&uuid=1c74e8f0-f883-446a-a7e0-6be1d2735c17%3A2%3A1

192.243.59.12

200 OK

4.0 kB

URL HTTP/1.1
wadmargincling.com/sbar.json?key=e39e6de78434e75a812da1a674f8e022&uuid=1c74e8f0-f883-446a-a7e0-6be1d2735c17%3A2%3A1
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with very long lines (6126), with no line terminators
Size
4.0 kB (4016 bytes)
Hash
165037f39bfe1870772b85a62aae3818
9d78b1f6ef2c4e2b8f786192d396dec6be5b1031
bb3765a8edbff965522940f555ac0bce6eb6de38e841f81ab80b46fecc5ea178

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sbar.json?key=e39e6de78434e75a812da1a674f8e022&uuid=1c74e8f0-f883-446a-a7e0-6be1d2735c17%3A2%3A1 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 26 Sep 2022 21:50:41 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://mynewsj.com
Access-Control-Allow-Origin: https://mynewsj.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15933797; expires=Tue, 27 Sep 2022 21:50:41 GMT; secure; SameSite=None
uid_id2=1c74e8f0-f883-446a-a7e0-6be1d2735c17:2:1; expires=Mon, 03 Oct 2022 21:50:41 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 27 Sep 2022 21:50:41 GMT; secure; SameSite=None
uncs=1; expires=Tue, 27 Sep 2022 21:50:41 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 27 Sep 2022 21:50:41 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 27 Sep 2022 21:50:41 GMT; secure; SameSite=None
slece39e6de78434e75a812da1a674f8e022=[3078189]; expires=Mon, 26 Sep 2022 21:50:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dcfadef320595fc5b27c9d59e9253a1d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.0.157

200 OK

39 kB

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type
C source, ASCII text, with very long lines (32001)
Size
39 kB (38993 bytes)
Hash
e1def3c3b3da353cbbef6ecfd690995a
2049a893258d87973c899084902cb07ee93ddc26
f5c38a546b32f03001656c1a6df36843b2ff1c36d34022e983ef677ee0bfaf8c

HTTP Headers

GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 535294
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=088ffde6-5fac-4755-688e-415ca1350dfd&reqId=47668b53-e6c2-423a-585f-1a657cc9dc7c&zdid=1258&google_error=3

172.67.13.182

200 OK

95 B

URL HTTP/2
mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=088ffde6-5fac-4755-688e-415ca1350dfd&reqId=47668b53-e6c2-423a-585f-1a657cc9dc7c&zdid=1258&google_error=3
IP
172.67.13.182:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

HTTP Headers

GET /mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=088ffde6-5fac-4755-688e-415ca1350dfd&reqId=47668b53-e6c2-423a-585f-1a657cc9dc7c&zdid=1258&google_error=3 HTTP/1.1
Host: mwzeom.zeotap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mynewsj.com/
Connection: keep-alive
Cookie: zc=088ffde6-5fac-4755-688e-415ca1350dfd; zsc=a%B1BZ%98Y%D6%A8%BE%87%BC%CB%ED%15h%5C%5BxfL%3D%BB%9Bd%F2%B4%1C%CF%0D%3A%E8w%24%82%A4%BAG%F7%8D%95i%C9%9D%87%10%F7%805o%E1r%FDL%05%1BG%A7%DC%29g%23%0F%3D%AAbz0%09%974%05%D5%8F%E8%818ss%9E%DD_%9F%1F
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:41 GMT
content-type: image/png
content-length: 95
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://mynewsj.com
set-cookie: zc=088ffde6-5fac-4755-688e-415ca1350dfd; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 750f3775b9f60b4d-OSL
X-Firefox-Spdy: h2

mc.yandex.ru/watch/65727016?wmode=7&page-url=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aasbylctlprmpze3hff9a0%3Afp%3A2015%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1185451638710%3Ahid%3A21988163%3Az%3A0%3Ai%3A20220926215039%3Aet%3A1664229040%3Ac%3A1%3Arn%3A548720617%3Arqn%3A1%3Au%3A16642290401008604772%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C98%2C208%2C24%2C373%2C0%2C%2C1305%2C5%2C%2C%2C%2C2152%3Ans%3A1664229036307%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664229040%3At%3AUncategorized%20Archives%20%E2%80%94%20My%20News%20Journal&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)

77.88.21.119

302 Found

407 B

URL HTTP/2
mc.yandex.ru/watch/65727016?wmode=7&page-url=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aasbylctlprmpze3hff9a0%3Afp%3A2015%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1185451638710%3Ahid%3A21988163%3Az%3A0%3Ai%3A20220926215039%3Aet%3A1664229040%3Ac%3A1%3Arn%3A548720617%3Arqn%3A1%3Au%3A16642290401008604772%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C98%2C208%2C24%2C373%2C0%2C%2C1305%2C5%2C%2C%2C%2C2152%3Ans%3A1664229036307%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664229040%3At%3AUncategorized%20Archives%20%E2%80%94%20My%20News%20Journal&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Size
407 B (407 bytes)
Hash
0010ae9482a08e08c468621e57ecb1d7
d1f504e039732f635a2e9a3b09c540a48d17fe79
f46681b1a9c9baf382e343054451e62ce3daf98ac1f1f87fadd7d8a5176cb1e8

HTTP Headers

GET /watch/65727016?wmode=7&page-url=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aasbylctlprmpze3hff9a0%3Afp%3A2015%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1185451638710%3Ahid%3A21988163%3Az%3A0%3Ai%3A20220926215039%3Aet%3A1664229040%3Ac%3A1%3Arn%3A548720617%3Arqn%3A1%3Au%3A16642290401008604772%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C98%2C208%2C24%2C373%2C0%2C%2C1305%2C5%2C%2C%2C%2C2152%3Ans%3A1664229036307%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664229040%3At%3AUncategorized%20Archives%20%E2%80%94%20My%20News%20Journal&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
location: /watch/65727016/1?wmode=7&page-url=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aasbylctlprmpze3hff9a0%3Afp%3A2015%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A1185451638710%3Ahid%3A21988163%3Az%3A0%3Ai%3A20220926215039%3Aet%3A1664229040%3Ac%3A1%3Arn%3A548720617%3Arqn%3A1%3Au%3A16642290401008604772%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ads%3A0%2C98%2C208%2C24%2C373%2C0%2C%2C1305%2C5%2C%2C%2C%2C2152%3Ans%3A1664229036307%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664229040%3At%3AUncategorized%20Archives%20%E2%80%94%20My%20News%20Journal&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Mon, 26 Sep 2022 21:50:41 GMT
access-control-allow-origin: https://mynewsj.com
set-cookie: yandexuid=3806743191664229041; Expires=Tue, 26-Sep-2023 21:50:41 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=3806743191664229041; Expires=Tue, 26-Sep-2023 21:50:41 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=661862131664229041; Path=/; SameSite=None; Secure
i=+s8tsnjR0BkhbYx0Ai0HTdtJ8Qu6JktKxGo9HX28nBr+s7FQSA9fzhwB7HdfzLJ68I41NGf5Iub1SsIhaiSqLwLiuOU=; Expires=Thu, 23-Sep-2032 21:50:33 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1695765041.yrts.1664229041#1695765041.yrtsi.1664229041; Expires=Tue, 26-Sep-2023 21:50:41 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 26-Sep-2022 21:50:41 GMT
last-modified: Mon, 26-Sep-2022 21:50:41 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/metrika/advert.gif

77.88.21.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/metrika/advert.gif
IP
77.88.21.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Mon, 26 Sep 2022 21:50:41 GMT
access-control-allow-origin: *
etag: "632d6d03-2b"
expires: Mon, 26 Sep 2022 22:50:41 GMT
accept-ranges: bytes
last-modified: Fri, 23 Sep 2022 11:23:31 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/arrow_right.svg

54.230.111.128

200 OK

565 B

URL HTTP/2
platform-cdn.sharethis.com/img/arrow_right.svg
IP
54.230.111.128:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (409)
Size
565 B (565 bytes)
Hash
9928d025bd5792b718ee0a185f62e67c
16406d7b5b6d383b12859b853cf6cb7e3733e33d
1bae747c7fd090f56608956a97c870391e1c43f89d24d5766129b75628985c1e

HTTP Headers

GET /img/arrow_right.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 565
date: Sun, 11 Sep 2022 09:21:07 GMT
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
etag: "9928d025bd5792b718ee0a185f62e67c"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VNFBV5jZikJPmCK5PL4DwnEjZRB25M-FWAZHm2bIa11h2F0Gmw9jTg==
age: 1340975
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/arrow_left.svg

54.230.111.128

200 OK

565 B

URL HTTP/2
platform-cdn.sharethis.com/img/arrow_left.svg
IP
54.230.111.128:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (409)
Size
565 B (565 bytes)
Hash
b55d8d2b9321e381a3c38a4bddb74037
000c29635758e608bbe15d191e953adb27627c2e
5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38

HTTP Headers

GET /img/arrow_left.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 565
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Wed, 07 Sep 2022 05:01:50 GMT
cache-control: public, max-age=2592000
etag: "b55d8d2b9321e381a3c38a4bddb74037"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PXeLuJAYi1a7ozsqBeJ3w7ZWXKJbtYp_iVDr_RCK15qY5fV7Po7LCQ==
age: 1702135
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/sharethis.svg

54.230.111.128

200 OK

514 B

URL HTTP/2
platform-cdn.sharethis.com/img/sharethis.svg
IP
54.230.111.128:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (358)
Size
514 B (514 bytes)
Hash
deecdaa377907db5cc1722fc831670a1
4e39e0fd5742cc1460e24620df4a360abb71290e
9a83c65bdd0ff9488af9d25720686457ea7295c9c44f9f1d285a0c9ec89bab99

HTTP Headers

GET /img/sharethis.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 514
date: Fri, 09 Sep 2022 00:38:14 GMT
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
etag: "deecdaa377907db5cc1722fc831670a1"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NoDTtqn2PrG4phX8NDycy6tNRnk81VjrdYMB5_goGgZD4F3NNpqQ0g==
age: 1545148
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/twitter.svg

54.230.111.128

200 OK

731 B

URL HTTP/2
platform-cdn.sharethis.com/img/twitter.svg
IP
54.230.111.128:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (575)
Size
731 B (731 bytes)
Hash
0af2fb38987598376c99e21af17ade45
bfbdfd0b1a2dcef714e347928bd11b8410dc7ca2
7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f

HTTP Headers

GET /img/twitter.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 731
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sat, 17 Sep 2022 01:05:31 GMT
cache-control: public, max-age=2592000
etag: "0af2fb38987598376c99e21af17ade45"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VIRA7EXPgu_3_1sXw6pB7AOqXfqA4jNhYYF_BQ_GP_sUs9xqwgXRJw==
age: 852311
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/pinterest.svg

54.230.111.128

200 OK

771 B

URL HTTP/2
platform-cdn.sharethis.com/img/pinterest.svg
IP
54.230.111.128:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (615)
Size
771 B (771 bytes)
Hash
2b10a062e719c64b686e2e8fcdc216dc
38bd37fa3975f4d5b849763359481d8b31bb80ba
efc737b4f58cfe73a9bd0e57d7570365701381da31e628b269e7217a0ce3359d

HTTP Headers

GET /img/pinterest.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 771
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Mon, 19 Sep 2022 03:57:45 GMT
cache-control: public, max-age=2592000
etag: "2b10a062e719c64b686e2e8fcdc216dc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cAFStit9QKXXSYZCV_34i9qVplwcahjwVWQYKL_MyNHMe0J3YJtGsg==
age: 669177
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/email.svg

54.230.111.128

200 OK

343 B

URL HTTP/2
platform-cdn.sharethis.com/img/email.svg
IP
54.230.111.128:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
343 B (343 bytes)
Hash
5977437466e857c7ddcadda6f6d88c2a
19c6378daa1f946ca225fb8d9e039e1f7762fb0d
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009

HTTP Headers

GET /img/email.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 343
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Wed, 21 Sep 2022 04:56:03 GMT
cache-control: public, max-age=2592000
etag: "5977437466e857c7ddcadda6f6d88c2a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Dk8Oa5YSuFF9ntWGrO5LRMWgRzpV9wwzr11SPrDbFomhIq6pDK6HXA==
age: 492877
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/facebook.svg

54.230.111.128

200 OK

301 B

URL HTTP/2
platform-cdn.sharethis.com/img/facebook.svg
IP
54.230.111.128:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
301 B (301 bytes)
Hash
c6e9be45643e197ce1db1d7e24a99adc
d7338e398bb0f7a9082d24f121140d2cf9e88859
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

HTTP Headers

GET /img/facebook.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 301
date: Fri, 02 Sep 2022 05:08:41 GMT
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
etag: "c6e9be45643e197ce1db1d7e24a99adc"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: QYbxn1ycABF-rZm0n72Q8lG47N3mvtM8GAZwNmQ5VDkfV8kWagz5-A==
age: 2133721
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

glimtors.net/custom

139.45.197.251

200 OK

39 B

URL HTTP/2
glimtors.net/custom
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mynewsj.com/
Content-Type: application/json
Origin: https://mynewsj.com
Content-Length: 742
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:41 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: f080ea42a7cbc6891134497a6ee84b02
access-control-allow-origin: https://mynewsj.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.39:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
c8604092ecece3e344d45eb1068ed28d
0be29f9b6f51a0674cad08ec3ca8551b7f2b2ccf
8b9bafe3253bef5e6e20d634716a454413f2aa4e015be830e762d3f04a2998d6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 21:50:41 GMT
Last-Modified: Mon, 26 Sep 2022 20:29:24 GMT
Server: ECS (nyb/1D2C)
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: P1skIW4iS3pE-LtMVSCwwUFRrJP5Jshq2w8ZPAKeor2jo4GNDDWIlA==
Age: 4877

wadmargincling.com/ren.gif?sid=H4sIAAAAAAAC%2F1RS0WscRRyebQM%2BCAWlKIqWE3xQMJfdvc3unX0o1hgJpk1pFX3T2Zm5y5i5nWVm5%2FaSp2BB%2Bub5H2y%2BSxpai9g%2FwCqXgkhAyPliHszfoBaLDz7IXaOHv5ff95vvG%2Fjmm9%2FnO%2B6E%2BHD0eOmK3pJK0YXFul977aMguFhblZnr1%2FrN%2BOM4ulgzvTdbcd1%2FvfauYBt6IfQD3w%2F8oLYsjWjr%2FsKEhMzvtYJ6y69HYT1YjNA3%2F5%2Bt82CpB947Ic9C8vHcQ%2B88JBsh636zJOxGofM33uk6RQtt0OP7H2QbmS4zdGewbTy0s%2F1TNbQ9Wn4Ane1N7UL3%2FhOmcky8Hx4gzfZPTSLt7U59pgoiQ8qfRtkbQagRJB2B6ZuQ%2FIgAjOPqGrLu7avalHTzCUsn7JjMPX4EWY7J3K%2FnkXW%2Fvqxkv3ZDK1dInVn02xVkfwTZGSF3Byi2zkCWB2DFZ5D8J7LweBVZd3fNKg3Jj18NWBKJZtufbzebjfkoiuk8TYQ%2FH6ci4GHSWGRBMg1IyhFkewQlBqD2DJz14KQH1%2Fbgcg9dflxjQRAkPmfUb7YYa%2FBEpDH3A5q0Axr4cROOTd4wQJEPwNQAzGwjN9vYkAMY9z3segXLPdiCoMcrlIKgtAQlJSglQVkQlL1qjysb2uo2V9alwWkPT3ujGuqis0P3dNERGdnJT8gz0%2BAevSKwIY5rotESMRdJM2pEIlmkzSDkNKBxErWbwg9DWFlB2jOg1sOWHJPnzv%2BBXI4J%2BeIXpPQAVh2AyZdA3cug5TAJfdD1YdT0sZXdzURpna3TPAfXFfJiDsWmt6NOyAtTF%2FW%2F5iHYITktMFMhNxU%2BlQ8JOurW8Louye51XVpyfy0vZFdu0cnX3ihoIby774nNUhu%2BsmQHd95iE2IC770vbLFKMy6zjiVfXZacC7OsDRPk2xX7oUivObt%2B2ZnM5avX3l5e6eZGWCt1NgKVR%2BfOgckxeerHP6c7%2B%2FzJi5BmBOMqdN3MqdQHYPk2bH546ZP0yvj3O3%2FD6rMwaqZJcw%2Blq4YmTGeHShIoMZtpWsGKw%2B9%2B%2B%2FfSDO%2FYW%2BiYC6DFTWTdCj1ToacqUDWAdWeHRW4OL%2F3cmBZS5Q1TZbzdVBn15ZNorTyuJY2GT%2BPWYpAkVCRpFDbbccApDaM4jGPaQGHHLLxw%2Fx8AAAD%2F%2FwEAAP%2F%2FghDFu34EAAA%3D

192.243.59.12

200 OK

7 B

URL HTTP/1.1
wadmargincling.com/ren.gif?sid=H4sIAAAAAAAC%2F1RS0WscRRyebQM%2BCAWlKIqWE3xQMJfdvc3unX0o1hgJpk1pFX3T2Zm5y5i5nWVm5%2FaSp2BB%2Bub5H2y%2BSxpai9g%2FwCqXgkhAyPliHszfoBaLDz7IXaOHv5ff95vvG%2Fjmm9%2FnO%2B6E%2BHD0eOmK3pJK0YXFul977aMguFhblZnr1%2FrN%2BOM4ulgzvTdbcd1%2FvfauYBt6IfQD3w%2F8oLYsjWjr%2FsKEhMzvtYJ6y69HYT1YjNA3%2F5%2Bt82CpB947Ic9C8vHcQ%2B88JBsh636zJOxGofM33uk6RQtt0OP7H2QbmS4zdGewbTy0s%2F1TNbQ9Wn4Ane1N7UL3%2FhOmcky8Hx4gzfZPTSLt7U59pgoiQ8qfRtkbQagRJB2B6ZuQ%2FIgAjOPqGrLu7avalHTzCUsn7JjMPX4EWY7J3K%2FnkXW%2Fvqxkv3ZDK1dInVn02xVkfwTZGSF3Byi2zkCWB2DFZ5D8J7LweBVZd3fNKg3Jj18NWBKJZtufbzebjfkoiuk8TYQ%2FH6ci4GHSWGRBMg1IyhFkewQlBqD2DJz14KQH1%2Fbgcg9dflxjQRAkPmfUb7YYa%2FBEpDH3A5q0Axr4cROOTd4wQJEPwNQAzGwjN9vYkAMY9z3segXLPdiCoMcrlIKgtAQlJSglQVkQlL1qjysb2uo2V9alwWkPT3ujGuqis0P3dNERGdnJT8gz0%2BAevSKwIY5rotESMRdJM2pEIlmkzSDkNKBxErWbwg9DWFlB2jOg1sOWHJPnzv%2BBXI4J%2BeIXpPQAVh2AyZdA3cug5TAJfdD1YdT0sZXdzURpna3TPAfXFfJiDsWmt6NOyAtTF%2FW%2F5iHYITktMFMhNxU%2BlQ8JOurW8Louye51XVpyfy0vZFdu0cnX3ihoIby774nNUhu%2BsmQHd95iE2IC770vbLFKMy6zjiVfXZacC7OsDRPk2xX7oUivObt%2B2ZnM5avX3l5e6eZGWCt1NgKVR%2BfOgckxeerHP6c7%2B%2FzJi5BmBOMqdN3MqdQHYPk2bH546ZP0yvj3O3%2FD6rMwaqZJcw%2Blq4YmTGeHShIoMZtpWsGKw%2B9%2B%2B%2FfSDO%2FYW%2BiYC6DFTWTdCj1ToacqUDWAdWeHRW4OL%2F3cmBZS5Q1TZbzdVBn15ZNorTyuJY2GT%2BPWYpAkVCRpFDbbccApDaM4jGPaQGHHLLxw%2Fx8AAAD%2F%2FwEAAP%2F%2FghDFu34EAAA%3D
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RS0WscRRyebQM%2BCAWlKIqWE3xQMJfdvc3unX0o1hgJpk1pFX3T2Zm5y5i5nWVm5%2FaSp2BB%2Bub5H2y%2BSxpai9g%2FwCqXgkhAyPliHszfoBaLDz7IXaOHv5ff95vvG%2Fjmm9%2FnO%2B6E%2BHD0eOmK3pJK0YXFul977aMguFhblZnr1%2FrN%2BOM4ulgzvTdbcd1%2FvfauYBt6IfQD3w%2F8oLYsjWjr%2FsKEhMzvtYJ6y69HYT1YjNA3%2F5%2Bt82CpB947Ic9C8vHcQ%2B88JBsh636zJOxGofM33uk6RQtt0OP7H2QbmS4zdGewbTy0s%2F1TNbQ9Wn4Ane1N7UL3%2FhOmcky8Hx4gzfZPTSLt7U59pgoiQ8qfRtkbQagRJB2B6ZuQ%2FIgAjOPqGrLu7avalHTzCUsn7JjMPX4EWY7J3K%2FnkXW%2Fvqxkv3ZDK1dInVn02xVkfwTZGSF3Byi2zkCWB2DFZ5D8J7LweBVZd3fNKg3Jj18NWBKJZtufbzebjfkoiuk8TYQ%2FH6ci4GHSWGRBMg1IyhFkewQlBqD2DJz14KQH1%2Fbgcg9dflxjQRAkPmfUb7YYa%2FBEpDH3A5q0Axr4cROOTd4wQJEPwNQAzGwjN9vYkAMY9z3segXLPdiCoMcrlIKgtAQlJSglQVkQlL1qjysb2uo2V9alwWkPT3ujGuqis0P3dNERGdnJT8gz0%2BAevSKwIY5rotESMRdJM2pEIlmkzSDkNKBxErWbwg9DWFlB2jOg1sOWHJPnzv%2BBXI4J%2BeIXpPQAVh2AyZdA3cug5TAJfdD1YdT0sZXdzURpna3TPAfXFfJiDsWmt6NOyAtTF%2FW%2F5iHYITktMFMhNxU%2BlQ8JOurW8Louye51XVpyfy0vZFdu0cnX3ihoIby774nNUhu%2BsmQHd95iE2IC770vbLFKMy6zjiVfXZacC7OsDRPk2xX7oUivObt%2B2ZnM5avX3l5e6eZGWCt1NgKVR%2BfOgckxeerHP6c7%2B%2FzJi5BmBOMqdN3MqdQHYPk2bH546ZP0yvj3O3%2FD6rMwaqZJcw%2Blq4YmTGeHShIoMZtpWsGKw%2B9%2B%2B%2FfSDO%2FYW%2BiYC6DFTWTdCj1ToacqUDWAdWeHRW4OL%2F3cmBZS5Q1TZbzdVBn15ZNorTyuJY2GT%2BPWYpAkVCRpFDbbccApDaM4jGPaQGHHLLxw%2Fx8AAAD%2F%2FwEAAP%2F%2FghDFu34EAAA%3D HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Cookie: u_pl=15933797; uid_id2=1c74e8f0-f883-446a-a7e0-6be1d2735c17:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece39e6de78434e75a812da1a674f8e022=[3078189]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 26 Sep 2022 21:50:41 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: deb44a0b99e932a93ed2a570edef931c
Strict-Transport-Security: max-age=0; includeSubdomains

adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7

34.254.79.202

200 OK

20 B

URL HTTP/1.1
adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
IP
34.254.79.202:0
ASN
#16509 AMAZON-02

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7 HTTP/1.1
Host: adtrack.adleadevent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mynewsj.com
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Type: application/x-javascript
Date: Mon, 26 Sep 2022 21:50:41 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 26 Sep 2022 21:50:41 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Length: 20
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f97fb3901ca271d482507144beb94227
1e11e37741ce260eb4333678fdd1ee977faf4073
9ac322b9a22c80ac8386a51efd64e14349144b1a159471e18689cc729a8ed97f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9AC322B9A22C80AC8386A51EFD64E14349144B1A159471E18689CC729A8ED97F"
Last-Modified: Sun, 25 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9796
Expires: Tue, 27 Sep 2022 00:33:58 GMT
Date: Mon, 26 Sep 2022 21:50:42 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
a0f884d959b986684bb199e29ea6c2af
91d2654bea2dd92ae95b844b32cc345d16c398b7
3d98dc7fc457cb7b3ed70e41609f5f4d5e1c14da530dc876d2a695db704238ed

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3D98DC7FC457CB7B3ED70E41609F5F4D5E1C14DA530DC876D2A695DB704238ED"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4468
Expires: Mon, 26 Sep 2022 23:05:10 GMT
Date: Mon, 26 Sep 2022 21:50:42 GMT
Connection: keep-alive

wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Findex.html&l=1545&fd=448

192.243.59.12

200 OK

0 B

URL HTTP/1.1
wadmargincling.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Findex.html&l=1545&fd=448
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Fus%2Fblog%2Ffinanceskipper%2Fmessage_redcircle2%2F16%2Findex.html&l=1545&fd=448 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Cookie: u_pl=15933797; uid_id2=1c74e8f0-f883-446a-a7e0-6be1d2735c17:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece39e6de78434e75a812da1a674f8e022=[3078189]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 26 Sep 2022 21:50:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.sb4you1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/img/sale3.jpg

172.64.200.2

200 OK

65 kB

URL HTTP/2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/img/sale3.jpg
IP
172.64.200.2:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=242, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=364], progressive, precision 8, 364x242, components 3\012- data
Size
65 kB (64642 bytes)
Hash
61f7b1fa1698507638df7882e2bdfcaf
89134af9a734f4c30d0db01ea36c86895e46b7e3
bc0a583f7e3c834e53d5263ecc90d279b27460ea2e9bce56b7ac6b129eb5849c

HTTP Headers

GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/img/sale3.jpg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:42 GMT
content-type: image/jpeg
content-length: 64642
last-modified: Thu, 12 Aug 2021 09:52:54 GMT
etag: "6114ef76-fc82"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 4707944
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ah2gBHFyu8zJ%2B3Uuu%2BBx9qrEwgkYnOEFlotlvwZeD%2BCojchlgBRUeqyRNc5SrJZ1Iud6%2B9ZyH0e%2FNWH%2FD81Vas6zdm68DxS%2FiYf2oWVt4voF1vpx3eljGujGmQAu1e%2FSWkk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f377a98707698-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
a0f884d959b986684bb199e29ea6c2af
91d2654bea2dd92ae95b844b32cc345d16c398b7
3d98dc7fc457cb7b3ed70e41609f5f4d5e1c14da530dc876d2a695db704238ed

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "3D98DC7FC457CB7B3ED70E41609F5F4D5E1C14DA530DC876D2A695DB704238ED"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4468
Expires: Mon, 26 Sep 2022 23:05:10 GMT
Date: Mon, 26 Sep 2022 21:50:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
968198a1616f58bae179ece51ddee081
255d4fd03085e47ca29f32aa918ecb9e2c6d0f31
5cceecab1e6a45fc389eb9f39fd24a346e8b7dae16d37c2bc9ffe6bd52a46c02

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5CCEECAB1E6A45FC389EB9F39FD24A346E8B7DAE16D37C2BC9FFE6BD52A46C02"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13927
Expires: Tue, 27 Sep 2022 01:42:49 GMT
Date: Mon, 26 Sep 2022 21:50:42 GMT
Connection: keep-alive

cdn.sb4you1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/animate.css

172.64.200.2

200 OK

4.8 kB

URL HTTP/2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/animate.css
IP
172.64.200.2:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
4.8 kB (4815 bytes)
Hash
21eb7a65c17a2c22ba104a7ecbf1dc0f
ea8c53be54889c7489aed04e30e3eb83af64dec9
090bd9ceb9a58da038e5ed4a39dfbb63ece49ed4f4f0656ce35f7faa41a3b237

HTTP Headers

GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/animate.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:42 GMT
content-type: text/css
last-modified: Thu, 12 Aug 2021 09:52:53 GMT
etag: W/"6114ef75-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2FKFuzSlQPVA%2BhVlncrrG%2FoQlOkvJjZZZZTAMHjR71iECxgnDWSZUtprb9N855jdnbZK4be%2F02%2Fudxit%2BjrjMip8fyUxP8xdeuzWwQApqmsi2yFzUBRGigsr5eK6Iu1ZunA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f377a783d7698-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=1c74e8f0-f883-446a-a7e0-6be1d2735c17&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=16634562c53f547c47deb1db0259b76a&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21

192.243.61.227

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=1c74e8f0-f883-446a-a7e0-6be1d2735c17&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=16634562c53f547c47deb1db0259b76a&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=1c74e8f0-f883-446a-a7e0-6be1d2735c17&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=16634562c53f547c47deb1db0259b76a&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 26 Sep 2022 21:50:42 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fe2dfd267fdf437672b23b2362b3f72d
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.sb4you1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/js/script.js

172.64.200.2

200 OK

189 B

URL HTTP/2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/js/script.js
IP
172.64.200.2:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
189 B (189 bytes)
Hash
e92fccb89580145c885f0359badbd628
bed02f01f78b1f585462796e01527a268ac7f24c
f9fdf22943d31068189a6e1329d6bc9bf9ebc39b5ce4ccbd1d3a2f99f82a0597

HTTP Headers

GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:42 GMT
content-type: application/javascript
last-modified: Thu, 12 Aug 2021 09:52:54 GMT
etag: W/"6114ef76-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mvjVNmuicCxScUs9wUYvE0jzbU9jMR9W18Pau%2Bx05PITUd8uitR0f5QOW9c0a4iGfPVGH%2F0E7cTf0Rx4E5CXs0kndiSDq4OgqaPIDq%2FoMHKwtKWwAplmaCIvOCh%2F%2Ffiy5KM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f377a783f7698-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 440194
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 440194
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=1c74e8f0-f883-446a-a7e0-6be1d2735c17&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=e39e6de78434e75a812da1a674f8e022&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21

192.243.61.227

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=1c74e8f0-f883-446a-a7e0-6be1d2735c17&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=e39e6de78434e75a812da1a674f8e022&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=1c74e8f0-f883-446a-a7e0-6be1d2735c17&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=0&pk=e39e6de78434e75a812da1a674f8e022&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 26 Sep 2022 21:50:42 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 62b66db6d3c41d21969f82166050a178
Strict-Transport-Security: max-age=0; includeSubdomains

wadmargincling.com/impr.gif?sid=H4sIAAAAAAAC%2F1RS0WscRRyebQM%2BCAWlKIqWE3xQMJfdu73bjX0o1hgJpk1pFX3T2ZnZy5i5nWVm5%2FaSp2BB%2Bub5H2y%2BSxpai9g%2FwCqXgkhAyPliHszfoBaLDz7IXaOHv5ff95vvG%2Fjmm9%2FnO%2B6E%2BHD0eOmK3pJK0YVW3a%2B99lEQXKytysz1a%2F24%2FXE7vFgzvTcX23X%2F9dq7gm3ohYYf%2BH7gB7VlaUSq%2BwsTEjK%2FtxjUF%2F162KgHrRB98%2F%2FZOg%2BWeuC9E%2FIsJB%2FPPfTOQ7IRsu43S8JuFDp%2F452uU7TQBj2%2B%2F0G2kekyQ3cGU%2BMhzfZP1dD2aPkBdLY3tQvd%2B0%2BYyDHxfniAJNs%2FNYmktzv1mSiIDAl%2FGmVvBKFGkHQEpm9C8iMCMI6ra8i6t69qU9LNJyydsGMy9%2FgRZDkmc7%2BeR9b9%2BrKS%2FdoNrVwhdWbRTyvI%2FgiyM0LuDlBsnYEsD8CKzyD5T2Th8Sqy7u6aVRqSH78asCgUcerPp3HcnA%2FDNp2nkfDn24kIeCNqtlgQTQOScgSZjqDEANSegbMenPTgUg8u99DlxzUWBEHkc0b9eJGxJo9E0uZ%2BQKM0oIHfjuHY5A0DFPkATA3AzDZys40NOYBx38OuV7Dcgy0IerxCKQhKS1BSglISlAVB2av2uLINW93myrokOO2N096shrro7NA9XXRERnbyE%2FLMNLhHrwhsiOOaaC6KNhdRHDZDEbVoHDQ4DWg7CtNY%2BI0GrKwg7RlQ62FLjslz5%2F9ALseEfPELEnoAqw7A5Eug7mXQchg1fND1YRj72MruZqK0ztZpnoPrCnkxh2LT21En5IWpi%2Fpf8xDskJwWmKmQmwqfyocEHXVreF2XZPe6Li25v5YXsiu36ORrbxS0EN7d98RmqQ1fWbKDO2%2BxCTGB994XtlilGZdZx5KvLkvOhVnWhgny7Yr9UCTXnF2%2F7Ezm8tVrby%2BvdHMjrJU6G4HKo3PnwOSYPPXjn9Odff7kRUgzgnEVum7mVOoDsHwbNj%2B89ElyZfz7nb9h9VkYNdMkuYfSVUPTSGaHShIoMZtpUsGKw%2B9%2B%2B%2FfSDO%2FYW%2BiYC6DFTWTdCj1ToacqUDWAdWeHRW4OL%2F3cnBYS5Q0TZbzdRBn15ZNorTyuNX0eJSIVUSLCVpgKxpNWK%2FFZypImj2OGwo5Z48L9fwAAAP%2F%2FAQAA%2F%2F8CxBBTfgQAAA%3D%3D

192.243.59.12

200 OK

7 B

URL HTTP/1.1
wadmargincling.com/impr.gif?sid=H4sIAAAAAAAC%2F1RS0WscRRyebQM%2BCAWlKIqWE3xQMJfdu73bjX0o1hgJpk1pFX3T2ZnZy5i5nWVm5%2FaSp2BB%2Bub5H2y%2BSxpai9g%2FwCqXgkhAyPliHszfoBaLDz7IXaOHv5ff95vvG%2Fjmm9%2FnO%2B6E%2BHD0eOmK3pJK0YVW3a%2B99lEQXKytysz1a%2F24%2FXE7vFgzvTcX23X%2F9dq7gm3ohYYf%2BH7gB7VlaUSq%2BwsTEjK%2FtxjUF%2F162KgHrRB98%2F%2FZOg%2BWeuC9E%2FIsJB%2FPPfTOQ7IRsu43S8JuFDp%2F452uU7TQBj2%2B%2F0G2kekyQ3cGU%2BMhzfZP1dD2aPkBdLY3tQvd%2B0%2BYyDHxfniAJNs%2FNYmktzv1mSiIDAl%2FGmVvBKFGkHQEpm9C8iMCMI6ra8i6t69qU9LNJyydsGMy9%2FgRZDkmc7%2BeR9b9%2BrKS%2FdoNrVwhdWbRTyvI%2FgiyM0LuDlBsnYEsD8CKzyD5T2Th8Sqy7u6aVRqSH78asCgUcerPp3HcnA%2FDNp2nkfDn24kIeCNqtlgQTQOScgSZjqDEANSegbMenPTgUg8u99DlxzUWBEHkc0b9eJGxJo9E0uZ%2BQKM0oIHfjuHY5A0DFPkATA3AzDZys40NOYBx38OuV7Dcgy0IerxCKQhKS1BSglISlAVB2av2uLINW93myrokOO2N096shrro7NA9XXRERnbyE%2FLMNLhHrwhsiOOaaC6KNhdRHDZDEbVoHDQ4DWg7CtNY%2BI0GrKwg7RlQ62FLjslz5%2F9ALseEfPELEnoAqw7A5Eug7mXQchg1fND1YRj72MruZqK0ztZpnoPrCnkxh2LT21En5IWpi%2Fpf8xDskJwWmKmQmwqfyocEHXVreF2XZPe6Li25v5YXsiu36ORrbxS0EN7d98RmqQ1fWbKDO2%2BxCTGB994XtlilGZdZx5KvLkvOhVnWhgny7Yr9UCTXnF2%2F7Ezm8tVrby%2BvdHMjrJU6G4HKo3PnwOSYPPXjn9Odff7kRUgzgnEVum7mVOoDsHwbNj%2B89ElyZfz7nb9h9VkYNdMkuYfSVUPTSGaHShIoMZtpUsGKw%2B9%2B%2B%2FfSDO%2FYW%2BiYC6DFTWTdCj1ToacqUDWAdWeHRW4OL%2F3cnBYS5Q0TZbzdRBn15ZNorTyuNX0eJSIVUSLCVpgKxpNWK%2FFZypImj2OGwo5Z48L9fwAAAP%2F%2FAQAA%2F%2F8CxBBTfgQAAA%3D%3D
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RS0WscRRyebQM%2BCAWlKIqWE3xQMJfdu73bjX0o1hgJpk1pFX3T2ZnZy5i5nWVm5%2FaSp2BB%2Bub5H2y%2BSxpai9g%2FwCqXgkhAyPliHszfoBaLDz7IXaOHv5ff95vvG%2Fjmm9%2FnO%2B6E%2BHD0eOmK3pJK0YVW3a%2B99lEQXKytysz1a%2F24%2FXE7vFgzvTcX23X%2F9dq7gm3ohYYf%2BH7gB7VlaUSq%2BwsTEjK%2FtxjUF%2F162KgHrRB98%2F%2FZOg%2BWeuC9E%2FIsJB%2FPPfTOQ7IRsu43S8JuFDp%2F452uU7TQBj2%2B%2F0G2kekyQ3cGU%2BMhzfZP1dD2aPkBdLY3tQvd%2B0%2BYyDHxfniAJNs%2FNYmktzv1mSiIDAl%2FGmVvBKFGkHQEpm9C8iMCMI6ra8i6t69qU9LNJyydsGMy9%2FgRZDkmc7%2BeR9b9%2BrKS%2FdoNrVwhdWbRTyvI%2FgiyM0LuDlBsnYEsD8CKzyD5T2Th8Sqy7u6aVRqSH78asCgUcerPp3HcnA%2FDNp2nkfDn24kIeCNqtlgQTQOScgSZjqDEANSegbMenPTgUg8u99DlxzUWBEHkc0b9eJGxJo9E0uZ%2BQKM0oIHfjuHY5A0DFPkATA3AzDZys40NOYBx38OuV7Dcgy0IerxCKQhKS1BSglISlAVB2av2uLINW93myrokOO2N096shrro7NA9XXRERnbyE%2FLMNLhHrwhsiOOaaC6KNhdRHDZDEbVoHDQ4DWg7CtNY%2BI0GrKwg7RlQ62FLjslz5%2F9ALseEfPELEnoAqw7A5Eug7mXQchg1fND1YRj72MruZqK0ztZpnoPrCnkxh2LT21En5IWpi%2Fpf8xDskJwWmKmQmwqfyocEHXVreF2XZPe6Li25v5YXsiu36ORrbxS0EN7d98RmqQ1fWbKDO2%2BxCTGB994XtlilGZdZx5KvLkvOhVnWhgny7Yr9UCTXnF2%2F7Ezm8tVrby%2BvdHMjrJU6G4HKo3PnwOSYPPXjn9Odff7kRUgzgnEVum7mVOoDsHwbNj%2B89ElyZfz7nb9h9VkYNdMkuYfSVUPTSGaHShIoMZtpUsGKw%2B9%2B%2B%2FfSDO%2FYW%2BiYC6DFTWTdCj1ToacqUDWAdWeHRW4OL%2F3cnBYS5Q0TZbzdRBn15ZNorTyuNX0eJSIVUSLCVpgKxpNWK%2FFZypImj2OGwo5Z48L9fwAAAP%2F%2FAQAA%2F%2F8CxBBTfgQAAA%3D%3D HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Cookie: u_pl=15933797; uid_id2=1c74e8f0-f883-446a-a7e0-6be1d2735c17:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece39e6de78434e75a812da1a674f8e022=[3078189]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 26 Sep 2022 21:50:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 153a8ab83a5c0e762c0c1ab623f7558e
Strict-Transport-Security: max-age=0; includeSubdomains

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.10

200 OK

660 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
660 B (660 bytes)
Hash
5860c780c8e9daa4f852038f02b5bdc2
c75c8b4db36bffe075ce493f06d011f855d5541a
f11b9f8e851e15c0c6abd53a9994c6dcef78ceeebd0f0b8bbde610fec8332c85

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 26 Sep 2022 21:50:42 GMT
date: Mon, 26 Sep 2022 21:50:42 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

id5-sync.com/i/12/9.gif?gdpr=true&gdpr_consent=

162.19.138.117

200

43 B

URL HTTP/1.1
id5-sync.com/i/12/9.gif?gdpr=true&gdpr_consent=
IP
162.19.138.117:0
ASN
#16276 OVH SAS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

HTTP Headers

GET /i/12/9.gif?gdpr=true&gdpr_consent= HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Mon, 26-Sep-2022 21:55:43 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Mon, 26-Sep-2022 21:55:43 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Mon, 26-Sep-2022 21:55:43 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Mon, 26-Sep-2022 21:55:43 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Mon, 26-Sep-2022 21:55:43 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Mon, 26-Sep-2022 21:55:43 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Mon, 26 Sep 2022 21:50:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

cmp.quantcast.com/tcfv2/42/cmp2ui-en.js

143.204.55.17

200 OK

60 kB

URL HTTP/2
cmp.quantcast.com/tcfv2/42/cmp2ui-en.js
IP
143.204.55.17:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65469)
Size
60 kB (60316 bytes)
Hash
57a0fc2a38a0372a5e40c4472e8d3849
6c46526f8141558a16debdbe3698bd2e0e925923
da4147e40542cedc19892b9b5fddf1b10db33a30d942dac5700f03e104f09adf

HTTP Headers

GET /tcfv2/42/cmp2ui-en.js HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
access-control-max-age: 86400
last-modified: Tue, 05 Jul 2022 18:40:26 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
date: Sun, 25 Sep 2022 01:26:12 GMT
cache-control: max-age=172800
etag: W/"24932b3e61742029985961c24d35dbb7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eKuToUxNT6-DuxaFGMnwZ2WsEHqKMV1c2wk2OaGXv-0i9jpV7zMRUw==
age: 159872
X-Firefox-Spdy: h2

cmp.quantcast.com/GVL-v2/vendor-list-trimmed-v1.json

143.204.55.17

200 OK

43 kB

URL HTTP/2
cmp.quantcast.com/GVL-v2/vendor-list-trimmed-v1.json
IP
143.204.55.17:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (65512), with no line terminators
Size
43 kB (42924 bytes)
Hash
2f1fd2f69c0177b7f0e45f81b4cceec8
b847a72a53a21b902a1dac6e251a1c17b97b2060
2df066c04438ed329deeee72c01af98f8f2bd58b1a72c9d91cd6c138f7264990

HTTP Headers

GET /GVL-v2/vendor-list-trimmed-v1.json HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
access-control-max-age: 3000
cache-control: max-age=172800
date: Mon, 26 Sep 2022 03:00:37 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-credentials: true
last-modified: Mon, 26 Sep 2022 03:00:33 GMT
etag: W/"1320564804e317fb26f6d5faa7100333"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 405NI3mg1aNKFCoab2XOYXIMiFH6Ko-fiNq1CANYtua3XbAZ2q0mEg==
age: 67806
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
f2fcf838f5d6c8d7cb5eefa19e0fedae
5f453cc4ae4a892937814588913e76e24594921f
85c101df8ee7d95095a4006e520b6a31e765ab314c4ab161c6274ee58a048360

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3035
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 26 Sep 2022 21:50:43 GMT
Last-Modified: Mon, 26 Sep 2022 21:00:08 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 313

wadmargincling.com/pixel/sbs?c=1

192.243.59.12

200 OK

0 B

URL HTTP/1.1
wadmargincling.com/pixel/sbs?c=1
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: wadmargincling.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Cookie: u_pl=15933797; uid_id2=1c74e8f0-f883-446a-a7e0-6be1d2735c17:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slece39e6de78434e75a812da1a674f8e022=[3078189]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 26 Sep 2022 21:50:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1

178.250.0.162

200 OK

43 B

URL HTTP/2
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1
IP
178.250.0.162:0
ASN
#44788 Criteo SA

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:42 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.39:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
414f2b9d4ab6896faad42b864bf628e2
e24745d578e231d26a6b4c862e25b088dc8a322f
4f2a81bcd2823fa5ea4676198aa3f1676de15d90a06a8154984f84ad369da2ac

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 21:50:43 GMT
Last-Modified: Mon, 26 Sep 2022 20:33:24 GMT
Server: ECS (nyb/1DD2)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: G2chRcLD6WkvCNFC2Q402ruxhMVu6eBuyRN4OA_uk9NX5DmqRBt50g==
Age: 4639

l.sharethis.com/pview?event=pview&hostname=mynewsj.com&location=%2Fnews%2Funcategorized%2F&product=sticky-share-buttons&url=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&source=sharethis.js&fcmp=false&fcmpv2=true&has_segmentio=false&title=Uncategorized%20Archives%20%E2%80%94%20My%20News%20Journal&cms=unknown&publisher=61297b2724fac90012c3ba72&sop=true&version=st_sop.js&lang=en

52.29.39.53

204 No Content

0 B

URL HTTP/1.1
l.sharethis.com/pview?event=pview&hostname=mynewsj.com&location=%2Fnews%2Funcategorized%2F&product=sticky-share-buttons&url=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&source=sharethis.js&fcmp=false&fcmpv2=true&has_segmentio=false&title=Uncategorized%20Archives%20%E2%80%94%20My%20News%20Journal&cms=unknown&publisher=61297b2724fac90012c3ba72&sop=true&version=st_sop.js&lang=en
IP
52.29.39.53:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pview?event=pview&hostname=mynewsj.com&location=%2Fnews%2Funcategorized%2F&product=sticky-share-buttons&url=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&source=sharethis.js&fcmp=false&fcmpv2=true&has_segmentio=false&title=Uncategorized%20Archives%20%E2%80%94%20My%20News%20Journal&cms=unknown&publisher=61297b2724fac90012c3ba72&sop=true&version=st_sop.js&lang=en HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: https://mynewsj.com
Access-Control-Expose-Headers: stid
Access-Control-Max-Age: 1728000
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 26 Sep 2022 21:50:43 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive

csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1

178.250.0.162

200 OK

43 B

URL HTTP/2
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1
IP
178.250.0.162:0
ASN
#44788 Criteo SA

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /iev?entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:42 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

cdn.sb4you1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/style.css

172.64.200.2

200 OK

1.0 kB

URL HTTP/2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/style.css
IP
172.64.200.2:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.0 kB (1026 bytes)
Hash
53b61b6a539d092880a9b367de9766ad
34f592473136325b84ccae6e583cf6f0c3822bc0
a215a60ea6b6fde2c4b12e6c47ab0516489901176dc7756d33b16903ae5d316e

HTTP Headers

GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:42 GMT
content-type: text/css
last-modified: Thu, 12 Aug 2021 09:52:52 GMT
etag: W/"6114ef74-e68"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hKMC3ha1rpetGrSK8aY34RZDOTPCWta39IwKZBBQV4tMdXX89br0n2xwQfhRhAxtkvx%2ByxDc4mIojeW6TAp7izX0ilwHEn%2F391HjKXSxhswL3aIFN%2BunmjOdp9z0ewEKsTU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f377a78417698-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

glimtors.net/custom

139.45.197.251

200 OK

39 B

URL HTTP/2
glimtors.net/custom
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mynewsj.com/
Content-Type: application/json
Origin: https://mynewsj.com
Content-Length: 386
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:47 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 3b2feacaa3e3b1db3dad6572ce07c9e9
access-control-allow-origin: https://mynewsj.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=b37a14ece04341b69fb2fb004ada4f34&zoneId=3156533&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?pub=0&userId=b37a14ece04341b69fb2fb004ada4f34&zoneId=3156533&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
258389529839cfa751e803473102b174
bd81436a157f725b87eb00d82c214248b18d8972
6d2f306cb601fc19344109aed133641586448dc01bd3bda603f094ca625844bd

HTTP Headers

GET /gid.js?pub=0&userId=b37a14ece04341b69fb2fb004ada4f34&zoneId=3156533&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mynewsj.com/
Origin: https://mynewsj.com
Connection: keep-alive
Cookie: ID=b88a4e81819d491b8c8d2cb7f6079214
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:47 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mynewsj.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=b88a4e81819d491b8c8d2cb7f6079214; expires=Tue, 26 Sep 2023 21:50:47 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

platform-api.sharethis.com/js/sharethis.js

143.204.55.106

200 OK

0 B

URL HTTP/2
platform-api.sharethis.com/js/sharethis.js
IP
143.204.55.106:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/sharethis.js HTTP/1.1
Host: platform-api.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-encoding: gzip
edge-control: cache-maxage=60m,downstream-ttl=60m
x-frame-options: SAMEORIGIN
date: Mon, 26 Sep 2022 21:46:25 GMT
cache-control: max-age=600, public
etag: W/"3011a-1tH8M8TNdKB39qADlCdHeiBv0FM"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: as7jvE6EBrC8LWS-UfSQovj1TibXSO2_gb1fkBE3ra_AYYfxFzMLvw==
age: 274
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mynewsj.com/
x-crto-bundle: kgswfF9yam41Ujl0dTlCbVlVcVBOdllJN3F5eWxyUkhxaiUyQmtsRUVSMGZmbFRRbWJiaWczdUNtamNyb0tTVkdQTnZqQTVFTzJHTzFwUjlqcHppZVU2akxVeCUyQjJ3ZHdNbjB6bUxSRk1zTWgzaiUyRmNZUiUyQjlPbmFETCUyRlNOJTJCNmdSQ0RSa1NCQw
Origin: https://mynewsj.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:42 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://mynewsj.com
server-processing-duration-in-ticks: 655254
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

c.palama2.com/j/m/i.js?v33333334344445345343353452

104.21.11.254

200 OK

0 B

URL HTTP/2
c.palama2.com/j/m/i.js?v33333334344445345343353452
IP
104.21.11.254:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /j/m/i.js?v33333334344445345343353452 HTTP/1.1
Host: c.palama2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 21 Sep 2022 11:04:55 GMT
etag: W/"632aefd7-e6bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 465177
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GCzV%2BNTuyirpk3q6xe4dRU%2F18d9dwkNiMhe4s4dhNh0AjCMdsEPdKLWpV5Q%2F%2BR9W3E0CFGQJCCL3OHqyOMp3WFf%2FfENHdheo3fSIQziiEM24fV%2FoA%2BNkhVIpBM%2BfFiNw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750f37684dcdb4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

inpagepush.com/400/3156537

139.45.197.237

200 OK

0 B

URL HTTP/2
inpagepush.com/400/3156537
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /400/3156537 HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/javascript
x-trace-id: 308d506c6d4d7a25570068487eb54173
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=edb69926e9c9421e980bec9760b1fe42; expires=Tue, 26 Sep 2023 21:50:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

139.45.197.237

200 OK

0 B

URL HTTP/2
dozubatan.com/500/4495524?excludes=&oaid=b88a4e81819d491b8c8d2cb7f6079214&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /500/4495524?excludes=&oaid=b88a4e81819d491b8c8d2cb7f6079214&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Cookie: OAID=b88a4e81819d491b8c8d2cb7f6079214
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: application/javascript
x-trace-id: 4a9cdd549f9286036091671a47ce29df
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://mynewsj.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=b88a4e81819d491b8c8d2cb7f6079214; expires=Tue, 26 Sep 2023 21:50:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mynewsj.com/
x-crto-bundle: kgswfF9yam41Ujl0dTlCbVlVcVBOdllJN3F5eWxyUkhxaiUyQmtsRUVSMGZmbFRRbWJiaWczdUNtamNyb0tTVkdQTnZqQTVFTzJHTzFwUjlqcHppZVU2akxVeCUyQjJ3ZHdNbjB6bUxSRk1zTWgzaiUyRmNZUiUyQjlPbmFETCUyRlNOJTJCNmdSQ0RSa1NCQw
Origin: https://mynewsj.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:42 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://mynewsj.com
server-processing-duration-in-ticks: 583680
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js

143.204.55.17

200 OK

0 B

URL HTTP/2
quantcast.mgr.consensu.org/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js
IP
143.204.55.17:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js HTTP/1.1
Host: quantcast.mgr.consensu.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 28 Jun 2022 13:53:56 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
content-encoding: br
date: Mon, 26 Sep 2022 21:50:35 GMT
cache-control: max-age=900
etag: W/"c53bd785b1ee57b613221019d7d72626"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _gZjQNj0OcmT8yZWZoD0SwnX1Z7AhXqpiFj0sqYwROHK4DDC9Zz06w==
age: 9
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/index.html

45.133.44.3

200 OK

0 B

URL HTTP/2
cdn.barscreative1.com/sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/index.html
IP
45.133.44.3:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sb/notifications/utility/default/us/blog/financeskipper/message_redcircle2/16/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:42 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 12 Aug 2021 09:54:31 GMT
etag: W/"6114efd7-609"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Mon, 26 Sep 2022 22:50:42 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

bedrapiona.com/5/3156542/?oo=1&js_build=iclick-v1.430.0

139.45.197.234

200 OK

0 B

URL HTTP/2
bedrapiona.com/5/3156542/?oo=1&js_build=iclick-v1.430.0
IP
139.45.197.234:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /5/3156542/?oo=1&js_build=iclick-v1.430.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: application/json
x-trace-id: 6251dc69e3a4b6a269f5ffca3c8c683e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://mynewsj.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=188037cb7d924b2eb18cdf8e6d91cf5f; expires=Tue, 26 Sep 2023 21:50:40 GMT; path=/; secure; SameSite=None
oaidts=1664229040; expires=Tue, 26 Sep 2023 21:50:40 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

secure.quantserve.com/quant.js

91.228.74.168

200 OK

0 B

URL HTTP/2
secure.quantserve.com/quant.js
IP
91.228.74.168:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /quant.js HTTP/1.1
Host: secure.quantserve.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:41 GMT
content-type: application/javascript
accept-ranges: bytes
cache-control: private, max-age=604800
content-encoding: gzip
etag: "eN3sxSgaav0x5wHLxGB1gQ=="
expires: Mon, 03 Oct 2022 21:50:41 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2

139.45.197.237

200 OK

0 B

URL HTTP/2
inpagepush.com/500/3156537?excludes=&oaid=b88a4e81819d491b8c8d2cb7f6079214&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /500/3156537?excludes=&oaid=b88a4e81819d491b8c8d2cb7f6079214&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fmynewsj.com%2Fnews%2Funcategorized%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: inpagepush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Cookie: OAID=edb69926e9c9421e980bec9760b1fe42
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:40 GMT
content-type: application/javascript
x-trace-id: b4b063683a70d9173379304e5b159486
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://mynewsj.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=b88a4e81819d491b8c8d2cb7f6079214; expires=Tue, 26 Sep 2023 21:50:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

test.cmp.quantcast.com/GVL-v2/cmp-list.json

143.204.55.116

200 OK

0 B

URL HTTP/2
test.cmp.quantcast.com/GVL-v2/cmp-list.json
IP
143.204.55.116:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /GVL-v2/cmp-list.json HTTP/1.1
Host: test.cmp.quantcast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
access-control-max-age: 86400
cache-control: max-age=172800
date: Mon, 26 Sep 2022 03:00:35 GMT
last-modified: Fri, 16 Sep 2022 19:52:29 GMT
etag: W/"50fb7062a6b6a4e6efde705408cf32f0"
x-amz-server-side-encryption: AES256
x-amz-version-id: oUUwrY_6WJ4t3DAGrQVvhBXnrJz9w1fe
server: AmazonS3
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qUsyezFqnT_bwXnEWi1oA9dRwsaemfHolAEU6lxy2b2DM1HmrKVQUw==
age: 67807
X-Firefox-Spdy: h2

mynewsj.com/news/uncategorized/

104.21.41.21

200 OK

0 B

URL HTTP/2
mynewsj.com/news/uncategorized/
IP
104.21.41.21:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /news/uncategorized/ HTTP/1.1
Host: mynewsj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Cookie
cache-control: max-age=3, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bAM5blLQFt3%2F7SQpXGV6S0til6Hf5jHAzctfwtyqm9XrlAUoJNe85xq8VzWLAwMWvXfVc5KutQrTyu9Rzz0ldJ5%2FlnpAN1dQknn9fn87EyZKzg2II6f8P0YlxG6u0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750f3763ee060b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

glimtors.net/ntfc.php?p=3156533

139.45.197.251

200 OK

0 B

URL HTTP/2
glimtors.net/ntfc.php?p=3156533
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /ntfc.php?p=3156533 HTTP/1.1
Host: glimtors.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: W/"63296afd-38a8"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

benumelan.com/1?z=3846473

139.45.197.239

200 OK

0 B

URL HTTP/2
benumelan.com/1?z=3846473
IP
139.45.197.239:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1?z=3846473 HTTP/1.1
Host: benumelan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 577d9e7617e76ba22fc0a51a74b3045f
access-control-expose-headers: X-Sc
x-sc: qTVppnOkjtOC69PGjRhyDyCw5LP5j82w_X0nSwKFphA1oNfF__6aj6UC5LoPtcM8znrwpu12-C-Nvk2FPIJt6TvE2-0=
set-cookie: scm=1; expires=Tue, 26 Sep 2023 21:50:39 GMT; secure; SameSite=None
OAID=9019c06fa7bf492e9a09448e8a2fbd77; expires=Tue, 26 Sep 2023 21:50:39 GMT; secure; SameSite=None
oaidts=1664229039; expires=Tue, 26 Sep 2023 21:50:39 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fmynewsj.com%2F&domain=mynewsj.com&cw=1&lsw=1

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fmynewsj.com%2F&domain=mynewsj.com&cw=1&lsw=1
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fmynewsj.com%2F&domain=mynewsj.com&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://mynewsj.com
server-processing-duration-in-ticks: 1172760
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

cmp.quantcast.com/tcfv2/google-atp-list.json

143.204.55.17

200 OK

0 B

URL HTTP/2
cmp.quantcast.com/tcfv2/google-atp-list.json
IP
143.204.55.17:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tcfv2/google-atp-list.json HTTP/1.1
Host: cmp.quantcast.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/json
access-control-max-age: 3000
cache-control: max-age=172800
date: Mon, 26 Sep 2022 03:01:30 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-credentials: true
last-modified: Mon, 26 Sep 2022 03:01:26 GMT
etag: W/"62506e65c6a8201a32eb8553540dd4f4"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: uJkXMnkO8p6H-WnlBFB9bUkzjM9mUxqJdo58k19Hq10-sLnyCp5KtA==
age: 67753
X-Firefox-Spdy: h2

ads.themoneytizer.com/s/gen.js?type=6

185.76.9.25

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/s/gen.js?type=6
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/gen.js?type=6 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=86400
x-accel-expires: @1664251299
server: CDN77-Turbo
x-77-nzt: AblMCRRS8Zn/jPoAAA
x-77-nzt-ray: U5qhjU6W81g
x-cache: HIT
x-age: 64140
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2

dozubatan.com/400/4495524

139.45.197.237

200 OK

0 B

URL HTTP/2
dozubatan.com/400/4495524
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /400/4495524 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: application/javascript
x-trace-id: fba38313f5f81ad868491128153bebe8
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=a413563f5a654b1bbdd83282cd3fc823; expires=Tue, 26 Sep 2023 21:50:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258

172.67.13.182

200 OK

0 B

URL HTTP/2
spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258
IP
172.67.13.182:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mynewsj.com
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 26 Sep 2022 21:50:39 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://mynewsj.com
set-cookie: zc=088ffde6-5fac-4755-688e-415ca1350dfd; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
zsc=a%B1BZ%98Y%D6%A8%BE%87%BC%CB%ED%15h%5C%5BxfL%3D%BB%9Bd%F2%B4%1C%CF%0D%3A%E8w%24%82%A4%BAG%F7%8D%95i%C9%9D%87%10%F7%805o%E1r%FDL%05%1BG%A7%DC%29g%23%0F%3D%AAbz0%09%974%05%D5%8F%E8%818ss%9E%DD_%9F%1F; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 750f376a49b10b4d-OSL
content-encoding: br
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/sms.svg

54.230.111.128

200 OK

0 B

URL HTTP/2
platform-cdn.sharethis.com/img/sms.svg
IP
54.230.111.128:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/sms.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mynewsj.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sun, 25 Sep 2022 03:57:25 GMT
cache-control: public, max-age=2592000
etag: W/"e7eca7e85a8b3599935b0649debb23f2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lH75F-qE1xVVbQ606n-h9oPRdfxmgih3AzjflCsHeRCxrOU2IQ3J-A==
age: 150815
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (59)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations