Report - go.goodlifestylenews.com/dummyarticleclickers_32435/5b2a1af1c55326397a0e2faee5402c42/55/leadsource/2411/1610/1aa24c8cf485966498af76e0d15bc8b3/mpmta/news/32435/17

Report Overview

Visited public
2023-12-09 01:03:39
Tags
URL
go.goodlifestylenews.com/dummyarticleclickers_32435/5b2a1af1c55326397a0e2faee5402c42/55/leadsource/2411/1610/1aa24c8cf485966498af76e0d15bc8b3/mpmta/news/32435/17
Finishing URL
subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
IP / ASN
172.67.172.49
#13335 CLOUDFLARENET
Title
Good Lifestyle News (MP) Flow

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
subscribe.goodlifestylenews.com	unknown	2020-07-10	2023-01-18 00:53:40	2023-12-08 12:41:45	3.4 kB	78 kB	172.67.172.49
subscriberwelcome.com	unknown	2022-11-16	2022-11-16 14:05:54	2023-12-05 00:55:00	2.0 kB	2.9 MB	172.67.155.79
www.dropbox.com	1994	1995-06-28	2012-05-21 22:31:28	2023-12-07 18:12:32	1.1 kB	216 kB	162.125.71.18
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-08 05:13:57	1.0 kB	49 kB	151.101.1.229
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-08 05:47:56	449 B	94 kB	216.58.207.200
verifiedsecure.org	unknown	2015-12-08	2016-04-06 04:05:11	2023-12-08 12:41:54	882 B	38 kB	104.26.14.168
s3.us-east-1.amazonaws.com	4041	2005-08-18	2017-11-22 15:47:32	2023-12-06 21:04:12	5.0 kB	1.2 MB	16.182.71.216
verifiedwebpage.com	unknown	2022-03-23	2022-03-23 19:03:14	2023-12-08 05:51:23	632 B	1.1 kB	188.114.96.1
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-08 07:43:19	455 B	2.7 kB	216.58.211.10
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-08 08:34:59	458 B	34 kB	142.250.74.42
go.goodlifestylenews.com	unknown	2020-07-10	2022-06-02 23:11:17	2023-12-08 12:31:39	914 B	134 kB	104.21.30.61
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-08 07:46:22	545 B	17 kB	216.58.207.227
uc552e3377e7d1801d39d537a708.dl.dropboxusercontent.com	unknown	unknown	No data	No data	1.3 kB	427 kB	162.125.71.15

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-09 01:03:33	low	162.125.71.15	Client IP	ET INFO DropBox User Content Download Access over SSL M2

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-08	medium	goodlifestylenews.com	Sinkholed
2023-12-08	medium	goodlifestylenews.com	Sinkholed
2023-12-08	medium	goodlifestylenews.com	Sinkholed
2023-12-08	medium	goodlifestylenews.com	Sinkholed
2023-12-08	medium	goodlifestylenews.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3	ScriptElement	152 B	2023-06-01	2024-08-20
Pretty URL subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-01 19:31 Last Seen2024-08-20 18:28 Times Seen446 Hash f428121d5a5fef65b4475cd12946bc04 ee95d8f82bdc0b8001fd8ffa74edd84d5640aa87 a27ebc0bf8c54f5e2c909f78d326d964e1555bae0254d575f6511b0dcc92ae12 Loading...

	www.googletagmanager.com/gtag/js?id=G-WJJ5P9F2X8	ScriptElement	280 kB	2023-12-09	2023-12-09
Pretty URL www.googletagmanager.com/gtag/js?id=G-WJJ5P9F2X8 IP 216.58.207.200 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-09 02:03 Last Seen2023-12-09 02:03 Times Seen2 Hash 98389133036984ed384b002184f783cd 0624a2c439f2016240414890a6cb6dcdd82a0a8c 73ed158acbac1914f4b2a0a14ef4152fdfa9964b7c8bd83370604192597ec03f Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js	ScriptElement	96 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 07:18 Times Seen25105 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	subscribe.goodlifestylenews.com/jquery.caret.js	ScriptElement	2.4 kB	2023-05-08	2024-08-21
Pretty URL subscribe.goodlifestylenews.com/jquery.caret.js IP 172.67.172.49 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-08 14:36 Last Seen2024-08-21 06:57 Times Seen502 Hash 35c3ec8db4ff6e862db42516436216a1 7d9d7731403868cc34edaad1d9e17311541a6f77 adef482d97f599ba0e720ecf2aba0581ea1591ba1bb1eb271f1d98b279ff81ba Loading...

	subscribe.goodlifestylenews.com/jquery.mobilePhoneNumber.js	ScriptElement	26 kB	2023-05-08	2024-08-21
Pretty URL subscribe.goodlifestylenews.com/jquery.mobilePhoneNumber.js IP 172.67.172.49 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-08 14:36 Last Seen2024-08-21 07:32 Times Seen504 Hash 0dbbb5873b895ea3be425af219cf85de 7b9dba563376d7dbd1c5b9b7064ab87eadad5591 02cbbdeb2244fd2855c49ab964c15001bde126c21cc5890d176c537878d6152b Loading...

	subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3	ScriptElement	194 B	2023-05-08	2024-08-21
Pretty URL subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-08 14:36 Last Seen2024-08-21 06:57 Times Seen501 Hash d7ae17d684ddcfa308369e402855826d d6da811e60cab233619e114e823ab9db7242bd5d e42a64d5a754498cd56f9079fd8e341c480ea2a15a6060e00924814586f8c44f Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.min.js	ScriptElement	60 kB	2023-03-08	2025-04-29
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.min.js IP 151.101.1.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:35 Last Seen2025-04-29 17:26 Times Seen795 Hash c5236e5d6a5d0ff97ff8c8e5102c6c03 6fbfdbddbe85c578de559adcc8d07cccbc16d514 87538c4b7e488f5a49d12f98d6a04afc61d00f26a790f319569799acd434eb65 Loading...

	subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3	ScriptElement	641 B	2023-05-08	2024-08-21
Pretty URL subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-08 14:36 Last Seen2024-08-21 06:57 Times Seen501 Hash c2855664f7a14ee99090a0366d9d1e03 35ba8e0f5b5181a8df832c0e12774a761d465dda bf66df111d26d4ef5b3e5df0f4df141fe5d7632260cb83308bfed72caf323af0 Loading...

	subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3	ScriptElement	1.3 kB	2024-08-20	2024-08-20
Pretty URL subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:18 Last Seen2024-08-20 16:18 Times Seen1 Hash c5e6d1bc72c604d86f00a492f0279fb7 85624bdbea8ab4796959c6f5c81da034b3c52577 5ae31da22bb0302e20398fce192c59898890cc594f44f3498714eb25cf1efb5a Loading...

HTTP Transactions (34)

URL IP Response Size

go.goodlifestylenews.com/

104.21.30.61

143 B

URL
go.goodlifestylenews.com/
IP
104.21.30.61:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document, ASCII text
Size
143 B (143 bytes)
Hash
f1fb042c62910c34be16ad91cbbd71fa
5bc7aceba9a8704ef4b1d427d7d08b140afcd866
9278d16ed2fdcd5dc651615b0b8adc6b55fb667a9d106a9891b861d4561d9a24

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: go.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 09 Dec 2023 01:03:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 14 Nov 2023 15:41:05 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pVPRDCbAfbpupNrjK7j3w97rffLtW%2BeZjOjOkr7VjxLIbCkXRuBZiKzIW0QhTyFGytdh7PvpNKemLSM226FA6dRBKZYZmwiOH4DspE0Ej2QDiT3AHavsiAx%2Bl4ApLtVwAo6O8KC7eD02CZI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 832953f83b75b517-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17

172.67.172.49

302 Found

38 kB

URL User Request GET HTTP/3
subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17
IP
172.67.172.49:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectgoodlifestylenews.com
Fingerprint6F:1A:61:CC:60:1F:26:F1:38:1B:42:D6:62:31:00:BC:39:7F:73:8B
ValidityFri, 24 Nov 2023 10:01:12 GMT - Thu, 22 Feb 2024 10:01:11 GMT

File type
data
Size
38 kB (37766 bytes)
Hash
4e59fad978c79d0ff3c6b8feddee672d
24a0322ad3963a7f6be92305b9f6ea70f1e9b46e
31a740424ada557a7f2cc331a5a9e0b48d7717ba52c9d93813d2e62714d6c582

HTTP Headers

GET /?email=barry@es.tv&redirect_id=32435&bid=17 HTTP/1.1
Host: subscribe.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Sat, 09 Dec 2023 01:03:22 GMT
content-type: text/html; charset=UTF-8
location: https://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=29a9588e59a28301a9da6bfb05086a9b; path=/
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bxBv2l4EEdSQhO9zbc7Y%2Ffc9%2F%2FiTBYGb2y03ab0wDKGUezHDDqBc1aD7aBRTD%2B9zXqpLLBAZJ0XXLxRlDLga%2BcN%2Fp5RyXuHqyH1VHNOjyiUiuzAQS6lw%2BSsdquoWjC2Qugrc%2F%2FqywY7As2OnBZwJQhss"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 832953efbd83712f-OSL
alt-svc: h3=":443"; ma=86400

subscribe.goodlifestylenews.com/jquery.caret.js

172.67.172.49

200 OK

716 B

URL GET HTTP/1.1
subscribe.goodlifestylenews.com/jquery.caret.js
IP
172.67.172.49:80
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3

File type
ASCII text, with CRLF line terminators
Size
716 B (716 bytes)
Hash
35c3ec8db4ff6e862db42516436216a1
7d9d7731403868cc34edaad1d9e17311541a6f77
adef482d97f599ba0e720ecf2aba0581ea1591ba1bb1eb271f1d98b279ff81ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jquery.caret.js HTTP/1.1
Host: subscribe.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Cookie: PHPSESSID=29a9588e59a28301a9da6bfb05086a9b
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 09 Dec 2023 01:03:24 GMT
Content-Type: application/javascript
Content-Length: 716
Connection: keep-alive
Last-Modified: Tue, 21 Feb 2023 09:39:45 GMT
Cache-Control: max-age=2592000
Expires: Wed, 03 Jan 2024 23:55:01 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 349704
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NwbYkIvFJJ2UtuyZ%2BRri%2B4StgEVVE5AKGNJtKIBV6r5QpRZ111STKcMdg1uDFlhkU%2Frt1RhOVqh86reMFavKwjVTVUIZ0q2k64eJ%2BxvJoqmFvbxlhdo6a8mNR7ZLBHGhnR9suaEWp%2BXrfiAXBIaMpbIy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 832954053c4e7130-OSL
alt-svc: h2=":443"; ma=60

subscribe.goodlifestylenews.com/jquery.mobilePhoneNumber.js

172.67.172.49

200 OK

4.4 kB

URL GET HTTP/1.1
subscribe.goodlifestylenews.com/jquery.mobilePhoneNumber.js
IP
172.67.172.49:80
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3

File type
ASCII text
Size
4.4 kB (4430 bytes)
Hash
0dbbb5873b895ea3be425af219cf85de
7b9dba563376d7dbd1c5b9b7064ab87eadad5591
02cbbdeb2244fd2855c49ab964c15001bde126c21cc5890d176c537878d6152b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jquery.mobilePhoneNumber.js HTTP/1.1
Host: subscribe.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Cookie: PHPSESSID=29a9588e59a28301a9da6bfb05086a9b
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 09 Dec 2023 01:03:25 GMT
Content-Type: application/javascript
Content-Length: 4430
Connection: keep-alive
Last-Modified: Tue, 21 Feb 2023 09:39:45 GMT
Cache-Control: max-age=2592000
Expires: Wed, 03 Jan 2024 23:55:01 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 349705
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Mbgpdf1aKzLWaEWj2md5YoGTE1pQ%2Bg0U%2BGFPfaSXqInPS%2BGbqeEOJkysztPdRAreD4Zu5BFL3dcZ88aoDRagaONPeDIIlAEV8awm2s1e2618y8F%2Baq4p4xTVi4A9wVhodqzzzmJtCemeJ%2FFDng9wSkn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83295405388fb515-OSL
alt-svc: h2=":443"; ma=60

cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.min.js

151.101.1.229

200 OK

17 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.min.js
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (60201)
Size
17 kB (17366 bytes)
Hash
c5236e5d6a5d0ff97ff8c8e5102c6c03
6fbfdbddbe85c578de559adcc8d07cccbc16d514
87538c4b7e488f5a49d12f98d6a04afc61d00f26a790f319569799acd434eb65

HTTP Headers

GET /npm/bootstrap@5.2.2/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://subscribe.goodlifestylenews.com
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.2.2
x-jsd-version-type: version
etag: W/"ec40-b7/b3b6FxXjeVZrcyNB8zLwW1RQ"
content-encoding: br
accept-ranges: bytes
date: Sat, 09 Dec 2023 01:03:25 GMT
age: 8797132
x-served-by: cache-fra-etou8220032-FRA, cache-bma1677-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17366
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css

151.101.1.229

200 OK

30 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (65305)
Size
30 kB (30336 bytes)
Hash
025df1ec88740cad5ff14bb3380da6dd
7abed070e37ce060c0a561575f1d41a7f248fc74
2143941c03dacda8b4f1016ced6e0c6f34e5c04585a3bcffe33c3c626c448a4a

HTTP Headers

GET /npm/bootstrap@5.2.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://subscribe.goodlifestylenews.com
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.2.2
x-jsd-version-type: version
etag: W/"2f955-er7QcON84GDApWFXXx1Bp/JI/HQ"
content-encoding: br
accept-ranges: bytes
date: Sat, 09 Dec 2023 01:03:25 GMT
age: 23198618
x-served-by: cache-fra-eddf8230072-FRA, cache-bma1677-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 30336
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

142.250.74.42

200 OK

33 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (32086)
Size
33 kB (33434 bytes)
Hash
8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

HTTP Headers

GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 08 Dec 2023 14:46:38 GMT
expires: Sat, 07 Dec 2024 14:46:38 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 37007
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-WJJ5P9F2X8

216.58.207.200

200 OK

93 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-WJJ5P9F2X8
IP
216.58.207.200:443
ASN
#15169 GOOGLE

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintC1:58:7C:BF:5A:61:79:08:CB:C2:00:63:60:07:86:BD:EA:0A:45:8A
ValidityMon, 20 Nov 2023 08:02:50 GMT - Mon, 12 Feb 2024 08:02:49 GMT

File type
ASCII text, with very long lines (5955)
Size
93 kB (92994 bytes)
Hash
98389133036984ed384b002184f783cd
0624a2c439f2016240414890a6cb6dcdd82a0a8c
73ed158acbac1914f4b2a0a14ef4152fdfa9964b7c8bd83370604192597ec03f

HTTP Headers

GET /gtag/js?id=G-WJJ5P9F2X8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 09 Dec 2023 01:03:25 GMT
expires: Sat, 09 Dec 2023 01:03:25 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92994
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

verifiedsecure.org/uploads/0.442373001673954581K_Sa3Nyg.png

104.26.14.168

200 OK

251 B

URL GET HTTP/2
verifiedsecure.org/uploads/0.442373001673954581K_Sa3Nyg.png
IP
104.26.14.168:443
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint2F:25:93:6F:A7:DB:DD:73:E9:8A:15:34:D0:CD:1D:A9:ED:D3:06:A1
ValiditySat, 06 May 2023 00:00:00 GMT - Sun, 05 May 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
251 B (251 bytes)
Hash
73816d82cca56c187674258ec5b7bd5a
cd989502a8b941226bb7e5ddc0ff0b62621e701f
cc2b540f494c9f0eb7c7f31880eec48518729e92ffa9e7081eb70193baa985a5

HTTP Headers

GET /uploads/0.442373001673954581K_Sa3Nyg.png HTTP/1.1
Host: verifiedsecure.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sat, 09 Dec 2023 01:03:25 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://verifiedsecure.org/uploads/0.442373001673954581K_Sa3Nyg.png
Cache-Control: max-age=14400
Expires: Sat, 09 Dec 2023 01:13:20 GMT
CF-Cache-Status: HIT
Age: 4
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rQGs%2FQYHCRX%2FvnjKQlgT3FBdSdIfotkvPcP7AH7Dv5D9i9BdEhQkG%2FDzOh8Dya%2B3TgcQjP0ODEJ2P5eaEihsiHCwxrLbNKe%2F%2Fx3rr2ODhNDWiqSRTImwLMIjFUIosW85cWcYzg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 832954061fb8b4f9-OSL
alt-svc: h2=":443"; ma=60

subscriberwelcome.com/uploads/0.204734001673521892LifeAfterUkraine.jpeg

172.67.155.79

200 OK

400 kB

URL GET HTTP/2
subscriberwelcome.com/uploads/0.204734001673521892LifeAfterUkraine.jpeg
IP
172.67.155.79:443
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerGoogle Trust Services LLC
Subjectsubscriberwelcome.com
FingerprintC6:7F:1F:89:8E:A5:44:AC:06:4D:BF:22:DF:3C:A1:81:D5:ED:C8:12
ValiditySat, 11 Nov 2023 03:06:35 GMT - Fri, 09 Feb 2024 03:06:34 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2550x3300, components 3\012- data
Size
400 kB (400505 bytes)
Hash
b9a9621a927a5b9a9c71fdbb53bf8991
9c4cc398edb33da6a79e62701867cbf7fed4056d
d0342e1b39e1c9b80bfb574b18e0a5d9f9cf00e00ca7cf3b2ce1ded70f3bb9ab

HTTP Headers

GET /uploads/0.204734001673521892LifeAfterUkraine.jpeg HTTP/1.1
Host: subscriberwelcome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 09 Dec 2023 01:03:25 GMT
content-type: image/jpeg
content-length: 400505
last-modified: Thu, 12 Jan 2023 11:11:32 GMT
cache-control: max-age=2592000
expires: Tue, 26 Dec 2023 04:19:52 GMT
cf-cache-status: HIT
age: 1111412
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IXXg3WMXvSVKccFw5xfjl1zTxnVKer1IjXeLNscj%2BwrBY1FqYqYCWboA8lw%2Fj1BavVGClBEg6vUSJUD1%2BymhZosWONEC8oQfDIw0CTgIVazSs%2FUjPyQwXLfGxtDGzIEsuWmeQgFapdo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8329540669ea56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

subscriberwelcome.com/uploads/0.4350600016769076711fa4a4d9-a4f8-451c-8bdc-8c541c15cb77.jpg

172.67.155.79

200 OK

144 kB

URL GET HTTP/2
subscriberwelcome.com/uploads/0.4350600016769076711fa4a4d9-a4f8-451c-8bdc-8c541c15cb77.jpg
IP
172.67.155.79:443
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerGoogle Trust Services LLC
Subjectsubscriberwelcome.com
FingerprintC6:7F:1F:89:8E:A5:44:AC:06:4D:BF:22:DF:3C:A1:81:D5:ED:C8:12
ValiditySat, 11 Nov 2023 03:06:35 GMT - Fri, 09 Feb 2024 03:06:34 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 966x1449, components 3\012- data
Size
144 kB (144253 bytes)
Hash
e7eb0da863b2d3ead5846cdc3263a233
138225ea3d8ff08f07b046b858bf46bf2bba2e96
ff19a64983ac2748d6b8361212f1fc41814e1acd0d157ee9c736bbd2a4a03180

HTTP Headers

GET /uploads/0.4350600016769076711fa4a4d9-a4f8-451c-8bdc-8c541c15cb77.jpg HTTP/1.1
Host: subscriberwelcome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 09 Dec 2023 01:03:25 GMT
content-type: image/jpeg
content-length: 144253
last-modified: Mon, 20 Feb 2023 15:41:11 GMT
cache-control: max-age=2592000
expires: Sun, 07 Jan 2024 11:41:54 GMT
cf-cache-status: HIT
age: 48091
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8g3pspTYgmf%2FTqyRi5%2BG0vXREJRNKcAq%2FYcWbiJnL1DaQeD69GwUBT2UA1iKJdJ4gWf6oXBj2SWe6uLjUD9Tqpn2o40A5ELUyaFboYFh8co4n%2FPthiyCQJ3q2RXP2JYnXwrAlFfcOOo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83295406ba0f56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

subscriberwelcome.com/uploads/0.1663680016738854302D2(1).jpg

172.67.155.79

200 OK

1.1 MB

URL GET HTTP/2
subscriberwelcome.com/uploads/0.1663680016738854302D2(1).jpg
IP
172.67.155.79:443
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerGoogle Trust Services LLC
Subjectsubscriberwelcome.com
FingerprintC6:7F:1F:89:8E:A5:44:AC:06:4D:BF:22:DF:3C:A1:81:D5:ED:C8:12
ValiditySat, 11 Nov 2023 03:06:35 GMT - Fri, 09 Feb 2024 03:06:34 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.0 (Windows), datetime=2023:01:10 16:36:41], baseline, precision 8, 1800x2700, components 3\012- data
Size
1.1 MB (1114284 bytes)
Hash
b02e84cdcd5a3e55ded5e64dfd307124
bfaad4b8b4b1b1fafffeda314b8868c94e7280c8
d67985993c18e2a7b22a4193c0613a65096b3376d64539feb646739798d2cf5c

HTTP Headers

GET /uploads/0.1663680016738854302D2(1).jpg HTTP/1.1
Host: subscriberwelcome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 09 Dec 2023 01:03:25 GMT
content-type: image/jpeg
content-length: 1114284
last-modified: Mon, 16 Jan 2023 16:10:30 GMT
cache-control: max-age=2592000
expires: Sun, 31 Dec 2023 20:39:28 GMT
cf-cache-status: HIT
age: 620637
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xJvCsqsM8XE9monALyskh4zhKadioVB6%2FJIjBJWvzE3LqR%2FRi1e3mDi8TcQgNDP96Gl2dli6VXOxwzxh7orof64lYzxaiDAo5GHJAcDiHNSgHeHG8tV98uT4aIbzcUu0q1Lq6FXP2bw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8329540669eb56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

subscriberwelcome.com/uploads/0.1721950016738853872D1(1).jpg

172.67.155.79

200 OK

1.3 MB

URL GET HTTP/2
subscriberwelcome.com/uploads/0.1721950016738853872D1(1).jpg
IP
172.67.155.79:443
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerGoogle Trust Services LLC
Subjectsubscriberwelcome.com
FingerprintC6:7F:1F:89:8E:A5:44:AC:06:4D:BF:22:DF:3C:A1:81:D5:ED:C8:12
ValiditySat, 11 Nov 2023 03:06:35 GMT - Fri, 09 Feb 2024 03:06:34 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.0 (Windows), datetime=2023:01:07 00:05:06 DIY-Thermocam raw data\012- (Lepton 2.x), scale 10000-0, spot sensor temperature 0.000000, unit fahrenheit, color scheme 0, calibration: offset 0.000000, slope 795520.062500], baseline, precision 8, 1800x2700, components 3\012- data
Size
1.3 MB (1288007 bytes)
Hash
91e68c3d20f4e55b01fdbaa834b4e4e6
e54e4ea7f042d2124aa1be976a6fe9d708bb4f9f
3cab775e25b68c23b905d547373476f046b0101e7cfdbd6f016e302f5a429988

HTTP Headers

GET /uploads/0.1721950016738853872D1(1).jpg HTTP/1.1
Host: subscriberwelcome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 09 Dec 2023 01:03:25 GMT
content-type: image/jpeg
content-length: 1288007
last-modified: Mon, 16 Jan 2023 16:09:47 GMT
cache-control: max-age=2592000
expires: Sun, 07 Jan 2024 11:41:54 GMT
cf-cache-status: HIT
age: 48091
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lSchFC5PBR4Fo08uzCdO9EhriC813P5FXb0lrO9bPSl8sBJLtFwb23E2vIjBgffJBMCqMdzSGxB0PvnLUfuJEK5EAIa2kIWXE2SMFMX0McgP%2BxtlYC1eHl3U%2FJu%2FvNgIbNi8L%2BRwe94%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8329540669f056ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

verifiedsecure.org/uploads/0.442373001673954581K_Sa3Nyg.png

104.26.14.168

200 OK

36 kB

URL GET HTTP/2
verifiedsecure.org/uploads/0.442373001673954581K_Sa3Nyg.png
IP
104.26.14.168:443
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint2F:25:93:6F:A7:DB:DD:73:E9:8A:15:34:D0:CD:1D:A9:ED:D3:06:A1
ValiditySat, 06 May 2023 00:00:00 GMT - Sun, 05 May 2024 23:59:59 GMT

File type
PNG image data, 3369 x 257, 8-bit/color RGBA, non-interlaced\012- data
Size
36 kB (35781 bytes)
Hash
724c1e2ab214eefe0271ee598af8749a
b99bb085dd791488b061c423223318345c590f24
bba2a6dbda4e6833f68c21d84c0f9a09180ae9595b238c982da300cf448ab78c

HTTP Headers

GET /uploads/0.442373001673954581K_Sa3Nyg.png HTTP/1.1
Host: verifiedsecure.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://subscribe.goodlifestylenews.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 09 Dec 2023 01:03:25 GMT
content-type: image/png
content-length: 35781
last-modified: Tue, 17 Jan 2023 11:23:01 GMT
cache-control: max-age=2592000
expires: Tue, 26 Dec 2023 04:19:54 GMT
cf-cache-status: HIT
age: 1111412
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JolWoAL7z5zyI4Og707aYlQOknyZ7tFw8kXeQNzY1TgrN334Y5KFDW%2Fw%2BV68%2FbRUEZZTsY4h%2FOB1oasQnwNFPtdALytM6mDTzDwy1G%2Bx6nQsTlPScyAIHrHVAZpPYh1qfKYr8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 83295408d818b500-OSL
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://subscribe.goodlifestylenews.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 04:57:34 GMT
expires: Fri, 06 Dec 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 158751
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

s3.us-east-1.amazonaws.com/autonewsuploads/BioComplete11231.jpg6471c195d79d29068773ef1f45f2a6e81701260831af28d1f510bac22d9ce0ee94a2d460db

16.182.71.216

200 OK

31 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/BioComplete11231.jpg6471c195d79d29068773ef1f45f2a6e81701260831af28d1f510bac22d9ce0ee94a2d460db
IP
16.182.71.216:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 728x486, components 3\012- data
Size
31 kB (31148 bytes)
Hash
7fb2f8f581663a0e573c66ad0597d0ba
a7f1ab970ce626a582e2e278c679ffad6d54cfa6
4596be2b7dc04469d0037ba9877e7beade69f745b17c52d3b92196ad1495dc30

HTTP Headers

GET /autonewsuploads/BioComplete11231.jpg6471c195d79d29068773ef1f45f2a6e81701260831af28d1f510bac22d9ce0ee94a2d460db HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: uhzVXnQY/nhsSaVLlJKDqQcjPareGEGp4Cn/xzvnUEuVVB4yVZ/4XCyD5hXRqanMrR83bNsrRWc=
x-amz-request-id: 018D6JVM6J9V8XNM
Date: Sat, 09 Dec 2023 01:03:26 GMT
Last-Modified: Wed, 29 Nov 2023 12:27:10 GMT
ETag: "7fb2f8f581663a0e573c66ad0597d0ba"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 31148

s3.us-east-1.amazonaws.com/autonewsuploads/ezgif-5-47919b4e02.jpgffb0eb30c8d21b616192c59bd9b267b01695206154bb376183b29959874d4a6ac12b7f8c39

16.182.71.216

200 OK

62 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/ezgif-5-47919b4e02.jpgffb0eb30c8d21b616192c59bd9b267b01695206154bb376183b29959874d4a6ac12b7f8c39
IP
16.182.71.216:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, comment: "Converted from WebP to JPG using ezgif.com", baseline, precision 8, 1280x918, components 3\012- data
Size
62 kB (61682 bytes)
Hash
69ffe21ab69a1f498139801e2fc5f354
191bbdbe52cadfe052b4e47b939ad7153b30b7a5
3e0ffd80bd501e99f6b6ba95b9702232a54576fce0335989ad12947e42b68f9a

HTTP Headers

GET /autonewsuploads/ezgif-5-47919b4e02.jpgffb0eb30c8d21b616192c59bd9b267b01695206154bb376183b29959874d4a6ac12b7f8c39 HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 28rY5h1KUxyTsIXzI3nwgZMG6l3nUucsH27g5oOJq/y9kGcLwp0pdQj6RSDxDA8W/oK2EJQbMeY=
x-amz-request-id: 0183SYMKH7YJ5H2G
Date: Sat, 09 Dec 2023 01:03:26 GMT
Last-Modified: Wed, 20 Sep 2023 10:35:55 GMT
ETag: "69ffe21ab69a1f498139801e2fc5f354"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 61682

s3.us-east-1.amazonaws.com/autonewsuploads/Bank.jpg0a40ddf619e4a3ad57e0b7f317e86be716974591564f2c0539f6c695e61cacb24bb387346e

16.182.71.216

200 OK

7.4 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/Bank.jpg0a40ddf619e4a3ad57e0b7f317e86be716974591564f2c0539f6c695e61cacb24bb387346e
IP
16.182.71.216:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 275x183, components 3\012- data
Size
7.4 kB (7411 bytes)
Hash
aefbfa5028cf4f49960baf1f0ac4fb01
bfa2ff78725054e6c544c180b4da32b57450f62b
fa41866d7c80c8076fea67cdc7e643e59c73bbb99a7d410b667b937ae5c6e12e

HTTP Headers

GET /autonewsuploads/Bank.jpg0a40ddf619e4a3ad57e0b7f317e86be716974591564f2c0539f6c695e61cacb24bb387346e HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 3EzUseF7oWT/dFF9U2MVzTFSMxSxoXsWEPrUv7/G8ORGLhZIgnLYNWpr/gUKVjlZfdDUIodN4dc=
x-amz-request-id: 018FQH6JEBQRA0JQ
Date: Sat, 09 Dec 2023 01:03:26 GMT
Last-Modified: Mon, 16 Oct 2023 12:25:58 GMT
ETag: "aefbfa5028cf4f49960baf1f0ac4fb01"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 7411

go.goodlifestylenews.com/dummyarticleclickers_32435/5b2a1af1c55326397a0e2faee5402c42/55/leadsource/2411/1610/1aa24c8cf485966498af76e0d15bc8b3/mpmta/news/32435/17

172.67.172.49

302 Found

132 kB

URL User Request GET HTTP/2
go.goodlifestylenews.com/dummyarticleclickers_32435/5b2a1af1c55326397a0e2faee5402c42/55/leadsource/2411/1610/1aa24c8cf485966498af76e0d15bc8b3/mpmta/news/32435/17
IP
172.67.172.49:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectgoodlifestylenews.com
Fingerprint6F:1A:61:CC:60:1F:26:F1:38:1B:42:D6:62:31:00:BC:39:7F:73:8B
ValidityFri, 24 Nov 2023 10:01:12 GMT - Thu, 22 Feb 2024 10:01:11 GMT

File type
JPEG image data, baseline, precision 8, 1024x683, components 3\012- data
Size
132 kB (132289 bytes)
Hash
5c7ee292cc6ee583183a747ee633a2c5
3501dc74290adba0f4bf1be172e9007414befcc7
0beb6a437780888b236b0b769449e5bb99d4afbacf17fe26539759932d33654f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dummyarticleclickers_32435/5b2a1af1c55326397a0e2faee5402c42/55/leadsource/2411/1610/1aa24c8cf485966498af76e0d15bc8b3/mpmta/news/32435/17 HTTP/1.1
Host: go.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 09 Dec 2023 01:03:20 GMT
content-type: text/html; charset=UTF-8
location: https://verifiedwebpage.com/go?ehash=5b2a1af1c55326397a0e2faee5402c42&product=35752&ar=55&cid=2411&lid=1610&slhash=1aa24c8cf485966498af76e0d15bc8b3&redirect_id=32435&bid=17
cache-control: max-age=600
expires: Sat, 09 Dec 2023 01:13:19 GMT
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FZVaIoOFftvus%2BdtPK4OrwJnNY2xiztxzGPPFHpJpDoY6yGaNN6OUUtMDa0sZKvC%2FkKd5pFMZ%2F7kXkP7Sm%2F404XhwS8PYrWYqQXEskMpasEtwYarEBVAbvgW5897cYKHAg1AN5yeqNJM8sU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 832953e5fab75695-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

s3.us-east-1.amazonaws.com/autonewsuploads/Flexafen0923.jpg24105fea5d2cbc4f99663ebf8efb1965169771410322b1d7795f57a8bff650154b90857b9c

16.182.71.216

200 OK

120 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/Flexafen0923.jpg24105fea5d2cbc4f99663ebf8efb1965169771410322b1d7795f57a8bff650154b90857b9c
IP
16.182.71.216:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1024x683, components 3\012- data
Size
120 kB (120079 bytes)
Hash
147bcbb296c532e91d8ba5f5fa0776bc
e1d6b7e5283813469e76d4f006e356d46380c231
0cf3b94b4135f6ed622b0a35696018ce664ef0edb7cfde8925b59bf30ebcaef0

HTTP Headers

GET /autonewsuploads/Flexafen0923.jpg24105fea5d2cbc4f99663ebf8efb1965169771410322b1d7795f57a8bff650154b90857b9c HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: Qk959I2ajwq2AMbB/9fO9UiI20UYYgdGk3yzfTbXThpAAK3ujpw4ks2X6dTTn1DQbg2Uua4DxZI=
x-amz-request-id: 018CSWQKFP26AXDY
Date: Sat, 09 Dec 2023 01:03:26 GMT
Last-Modified: Thu, 19 Oct 2023 11:15:02 GMT
ETag: "147bcbb296c532e91d8ba5f5fa0776bc"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 120079

s3.us-east-1.amazonaws.com/autonewsuploads/oil%20stockkk.jpg0f79d7c6521fdc129b15c3b9aa1c3496168441041164a5612a54233b64b4245e271fc79d2c

16.182.71.216

200 OK

204 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/oil%20stockkk.jpg0f79d7c6521fdc129b15c3b9aa1c3496168441041164a5612a54233b64b4245e271fc79d2c
IP
16.182.71.216:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 1406x874, components 3\012- data
Size
204 kB (203815 bytes)
Hash
6a6adfe1bedc4da72b469a28d4e46116
3de5b170433f48069754754669399303541edd93
78072f4da7459db2a9a896a335a876ccf2b0cbc20b4cd06674bf8ceacf41e499

HTTP Headers

GET /autonewsuploads/oil%20stockkk.jpg0f79d7c6521fdc129b15c3b9aa1c3496168441041164a5612a54233b64b4245e271fc79d2c HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: TGhK5db4gqyBmwgwNWlf33SZ4q37fRth6yWOqj9BdVV/orOofbAVc9inijIHFlRDv5fe5SIONfo=
x-amz-request-id: 0183TQN1Y047QPW2
Date: Sat, 09 Dec 2023 01:03:26 GMT
Last-Modified: Thu, 18 May 2023 11:46:53 GMT
ETag: "6a6adfe1bedc4da72b469a28d4e46116"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 203815

s3.us-east-1.amazonaws.com/autonewsuploads/MWLDark11231.png05e169c244ee73c9146485c1094a75c41701177138d8e903bca5ca5023879538c4f672ec1a

16.182.71.216

200 OK

231 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/MWLDark11231.png05e169c244ee73c9146485c1094a75c41701177138d8e903bca5ca5023879538c4f672ec1a
IP
16.182.71.216:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
PNG image data, 1782 x 531, 8-bit/color RGB, non-interlaced\012- data
Size
231 kB (230697 bytes)
Hash
ffcc0938460c10b288e32060977a8eb2
2717fa86974c516b46f54ec978473ea78ff66179
6414a8bcdf55e29557d06a716e8b54797735bc415e781d457d6b146eabccbe03

HTTP Headers

GET /autonewsuploads/MWLDark11231.png05e169c244ee73c9146485c1094a75c41701177138d8e903bca5ca5023879538c4f672ec1a HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 5SEJG0XmRcR6ozxRgxsjgOW47Jj6ffhlQDMQbmJFscPzIymwfuHl82mdAfpDRP4cv6OdHhBk4Us=
x-amz-request-id: 018E0PXNNV5DZZTF
Date: Sat, 09 Dec 2023 01:03:26 GMT
Last-Modified: Tue, 28 Nov 2023 13:12:20 GMT
ETag: "ffcc0938460c10b288e32060977a8eb2"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 230697

s3.us-east-1.amazonaws.com/autonewsuploads/6942088868_1268d22cc6_b.jpg64ae2dee0d573a126daead9ca43b45a71701175677a0a6fd4a7d678dc4b10a8b0a442d79d3

16.182.71.216

200 OK

134 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/6942088868_1268d22cc6_b.jpg64ae2dee0d573a126daead9ca43b45a71701175677a0a6fd4a7d678dc4b10a8b0a442d79d3
IP
16.182.71.216:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 1023x819, components 3\012- data
Size
134 kB (134207 bytes)
Hash
becdf93dc43f24fb0ff3f43e2b90fd2e
4345bb2bbd92eee71e9cf26a2043255de44e80b5
61ce6d67e1a594135330a6a8a1f17ff27d0adbfe00d7dd32fc0cdb8644fdaa22

HTTP Headers

GET /autonewsuploads/6942088868_1268d22cc6_b.jpg64ae2dee0d573a126daead9ca43b45a71701175677a0a6fd4a7d678dc4b10a8b0a442d79d3 HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: ckcTUYI0H+g5auT+djOIuQf6T12G9gcSMFYP/4NY5sM3SVpqqvn6L9uWfx3FHevsLURXpat+120=
x-amz-request-id: 0186BNS8JR0SG7R1
Date: Sat, 09 Dec 2023 01:03:26 GMT
Last-Modified: Tue, 28 Nov 2023 12:47:59 GMT
ETag: "becdf93dc43f24fb0ff3f43e2b90fd2e"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 134207

s3.us-east-1.amazonaws.com/autonewsuploads/48840943791_d5e5b61c77_b.jpg1297b512d8662dfc3d25bd3ed04913e4170126007173095a81318d6711280b20d78087dea6

16.182.71.216

200 OK

238 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/48840943791_d5e5b61c77_b.jpg1297b512d8662dfc3d25bd3ed04913e4170126007173095a81318d6711280b20d78087dea6
IP
16.182.71.216:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1024x683, components 3\012- data
Size
238 kB (238484 bytes)
Hash
7cd76f96de3fb0e688dbfdafb56a0f6b
c4bad117d40060ed4283626d1f653d755e21d372
0972fe50db49f3f941e277442292331790f6ee7c1d4ba0c746d8914b3a6ffe42

HTTP Headers

GET /autonewsuploads/48840943791_d5e5b61c77_b.jpg1297b512d8662dfc3d25bd3ed04913e4170126007173095a81318d6711280b20d78087dea6 HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: Y71B+h88PmXYJ45Jf2X4zdpDCjqw5n2dE38MlVJfdu3Hs4iX4Qje0s3wb5SMZlRcs2ZKUj3hxmc=
x-amz-request-id: 0180TGT0CQ2N1Z90
Date: Sat, 09 Dec 2023 01:03:26 GMT
Last-Modified: Wed, 29 Nov 2023 12:14:29 GMT
ETag: "7cd76f96de3fb0e688dbfdafb56a0f6b"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 238484

subscribe.goodlifestylenews.com/favicon.ico

172.67.172.49

404 Not Found

238 B

URL GET HTTP/1.1
subscribe.goodlifestylenews.com/favicon.ico
IP
172.67.172.49:80
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: subscribe.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Cookie: PHPSESSID=29a9588e59a28301a9da6bfb05086a9b; _ga_WJJ5P9F2X8=GS1.1.1702083812.1.0.1702083812.0.0.0; _ga=GA1.1.678782140.1702083812
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sat, 09 Dec 2023 01:03:26 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dRDEabM3e%2BzBLuI9hvPTBnPHFVVM6YmxAiOB5zGEyIVFL8IbGj79rO9FZi7ANHvaxktPP8ILvGoa5x6tKz8YP0UY7sUE2Wx6U3MuVpBeQRiDWmg5hfd3AqwBcEtsQb1YXInBbRj%2BetBYKEC5SA3RPpI5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8329540d2cbcb515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.dropbox.com/s/dl/9kywb1xfr244qtl/BidenBucks07%237.jpg

162.125.71.18

302 Found

773 B

URL GET HTTP/2
www.dropbox.com/s/dl/9kywb1xfr244qtl/BidenBucks07%237.jpg
IP
162.125.71.18:443
ASN
#19679 DROPBOX

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerDigiCert Inc
Subject*.dropbox.com
Fingerprint17:55:A3:E8:7A:9A:D8:FF:86:5A:8E:81:2C:30:73:6B:8A:88:10:43
ValidityTue, 31 Oct 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
773 B (773 bytes)
Hash
d9aeae4084d8fc36d008bf71f5859399
378b3d11606cd09ace5bdffaa90cf128cb30d4bc
9dbeecaf288457d1ed0366f5ab7f8da790f15a0113fca7663e1c81a4b775b26a

HTTP Headers

GET /s/dl/9kywb1xfr244qtl/BidenBucks07%237.jpg HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://subscribe.goodlifestylenews.com/
DNT: 1
Connection: keep-alive
Cookie: gvc=MTE3NjQxNzMxMjE1Nzc5NzY3ODYzOTM4NDQ3MDIwMzY5NzMzNDQ1; t=WphrGaW3zr6HlJI8mwxCZ-Zh; __Host-js_csrf=WphrGaW3zr6HlJI8mwxCZ-Zh
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-security-policy: sandbox
location: https://uc552e3377e7d1801d39d537a708.dl.dropboxusercontent.com/cd/0/get/CJBCYxJQfn_ZmbVCIU9FJepTiKWUv_DbzUHhCFimnPZ9CangnQw4pUKuq1uZUIJ2L-DYClIPy7VaBBL7Pw2Ib6mfPoZnpVfnrIJdF2BvwxlipwGqNuzzpOUUTZtb8P09hvFZW3gPWOJNts3MkgStXt4p/file?dl=1#
referrer-policy: strict-origin-when-cross-origin
set-cookie: t=WphrGaW3zr6HlJI8mwxCZ-Zh; Domain=dropbox.com; expires=Tue, 08 Dec 2026 01:03:26 GMT; HttpOnly; Path=/; SameSite=None; Secure
__Host-js_csrf=WphrGaW3zr6HlJI8mwxCZ-Zh; expires=Tue, 08 Dec 2026 01:03:26 GMT; Path=/; SameSite=None; Secure
__Host-ss=FxUAz26__g; expires=Tue, 08 Dec 2026 01:03:26 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
__Host-logged-out-session=ChCz1jGlBMjYrPcGKh9jh5%2FoEN35zqsGGi5BSVpraVdsS05LVVUzQnpoTXNhRVVNU1p5dFhOYy04OENwc3JhTDhLVDJxTWR3; HttpOnly; Path=/; SameSite=None; Secure
locale=en; Domain=dropbox.com; expires=Thu, 07 Dec 2028 01:03:26 GMT; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-frame-options: DENY
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
date: Sat, 09 Dec 2023 01:03:25 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: b6aa116eb79d421f8033c78fe0e7f47e
X-Firefox-Spdy: h2

uc552e3377e7d1801d39d537a708.dl.dropboxusercontent.com/cd/0/get/CJBCYxJQfn_ZmbVCIU9FJepTiKWUv_DbzUHhCFimnPZ9CangnQw4pUKuq1uZUIJ2L-DYClIPy7VaBBL7Pw2Ib6mfPoZnpVfnrIJdF2BvwxlipwGqNuzzpOUUTZtb8P09hvFZW3gPWOJNts3MkgStXt4p/file?dl=1

162.125.71.15

213 kB

URL
uc552e3377e7d1801d39d537a708.dl.dropboxusercontent.com/cd/0/get/CJBCYxJQfn_ZmbVCIU9FJepTiKWUv_DbzUHhCFimnPZ9CangnQw4pUKuq1uZUIJ2L-DYClIPy7VaBBL7Pw2Ib6mfPoZnpVfnrIJdF2BvwxlipwGqNuzzpOUUTZtb8P09hvFZW3gPWOJNts3MkgStXt4p/file?dl=1
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size
213 kB (212787 bytes)
Hash
670520755720fa053a763b3c20791e04
7dc82546a7444f1e3ed621b703024e560869fb67
eb16e6d2538f2306436b16cb9df8141305667c8c85bccea6be19ce148f1e23d0

HTTP Headers

GET /cd/0/get/CJBCYxJQfn_ZmbVCIU9FJepTiKWUv_DbzUHhCFimnPZ9CangnQw4pUKuq1uZUIJ2L-DYClIPy7VaBBL7Pw2Ib6mfPoZnpVfnrIJdF2BvwxlipwGqNuzzpOUUTZtb8P09hvFZW3gPWOJNts3MkgStXt4p/file?dl=1 HTTP/1.1
Host: uc552e3377e7d1801d39d537a708.dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://subscribe.goodlifestylenews.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename="BidenBucks07#7.jpg"; filename*=UTF-8''BidenBucks07%237.jpg
content-security-policy: sandbox
etag: 1675266162900395d
pragma: public
referrer-policy: no-referrer
vary: Origin
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow, noimageindex
x-server-response-time: 155
x-webkit-csp: sandbox
content-type: application/binary
date: Sat, 09 Dec 2023 01:03:26 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 212787
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 2cbfb89de59a4c94867a9f335e28821b
X-Firefox-Spdy: h2

subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3

0.0.0.0

0 B

URL User Request GET
subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
IP
0.0.0.0:0
ASN
#0

Certificate
IssuerGoogle Trust Services LLC
Subjectgoodlifestylenews.com
Fingerprint6F:1A:61:CC:60:1F:26:F1:38:1B:42:D6:62:31:00:BC:39:7F:73:8B
ValidityFri, 24 Nov 2023 10:01:12 GMT - Thu, 22 Feb 2024 10:01:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3 HTTP/1.1
Host: subscribe.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=29a9588e59a28301a9da6bfb05086a9b
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3

172.67.172.49

200 OK

30 kB

URL User Request GET HTTP/1.1
subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
IP
172.67.172.49:80
ASN
#13335 CLOUDFLARENET

File type

Size
30 kB (30421 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3 HTTP/1.1
Host: subscribe.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=29a9588e59a28301a9da6bfb05086a9b
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 09 Dec 2023 01:03:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: X-Requested-With
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ENxta1nzuP6NY2%2F4fKlrjX%2FcALGMmKQ536LjibDuJ9Kikfy5coUvAfYtjo%2FDeWsltey2vZBTWIdvBO3U2vi9lricr8CEPtfOJAvn6RbBGYkNC%2Bkv5fU35vvHNVyJkfP6yoDNrXnlqxUY%2Bb%2FDghCI7PBh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 832953fcaf047130-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

s3.us-east-1.amazonaws.com/autonewsuploads/6113249083_c4897d4d26_b.jpgedc47e0b215871c243eb5cd4c05f658e16971999207efe880183ffa7e938e512d5ae698154

16.182.71.216

200 OK

132 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/6113249083_c4897d4d26_b.jpgedc47e0b215871c243eb5cd4c05f658e16971999207efe880183ffa7e938e512d5ae698154
IP
16.182.71.216:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 1024x683, components 3\012- data
Size
132 kB (132289 bytes)
Hash
5c7ee292cc6ee583183a747ee633a2c5
3501dc74290adba0f4bf1be172e9007414befcc7
0beb6a437780888b236b0b769449e5bb99d4afbacf17fe26539759932d33654f

HTTP Headers

GET /autonewsuploads/6113249083_c4897d4d26_b.jpgedc47e0b215871c243eb5cd4c05f658e16971999207efe880183ffa7e938e512d5ae698154 HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: cd9vnW0nNLv487meNubQ4ikqPe0nPLzH555+dRL/azrQ+06eYfnsT3JKm9yW3omzGMiRvMjKq/A=
x-amz-request-id: 0180D5P0WP6FV4EA
Date: Sat, 09 Dec 2023 01:03:26 GMT
Last-Modified: Fri, 13 Oct 2023 12:25:21 GMT
ETag: "5c7ee292cc6ee583183a747ee633a2c5"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 132289

verifiedwebpage.com/go?ehash=5b2a1af1c55326397a0e2faee5402c42&product=35752&ar=55&cid=2411&lid=1610&slhash=1aa24c8cf485966498af76e0d15bc8b3&redirect_id=32435&bid=17

188.114.96.1

302 Found

0 B

URL User Request GET HTTP/2
verifiedwebpage.com/go?ehash=5b2a1af1c55326397a0e2faee5402c42&product=35752&ar=55&cid=2411&lid=1610&slhash=1aa24c8cf485966498af76e0d15bc8b3&redirect_id=32435&bid=17
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectverifiedwebpage.com
Fingerprint0D:F8:EF:F4:23:CD:FB:7E:DE:C7:29:3C:B4:F7:A4:CE:6A:FB:89:AB
ValiditySat, 14 Oct 2023 13:52:56 GMT - Fri, 12 Jan 2024 13:52:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go?ehash=5b2a1af1c55326397a0e2faee5402c42&product=35752&ar=55&cid=2411&lid=1610&slhash=1aa24c8cf485966498af76e0d15bc8b3&redirect_id=32435&bid=17 HTTP/1.1
Host: verifiedwebpage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 09 Dec 2023 01:03:21 GMT
content-type: text/html; charset=UTF-8
location: https://subscribe.goodlifestylenews.com?email=barry@es.tv&redirect_id=32435&bid=17
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=2b9fae0bf3886b30dda4f53a446cd156; path=/
pixel_session_hash_35752=3415259331988425410; expires=Mon, 08-Jan-2024 01:03:20 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=None
bt_tracking_product_35752=7efdbd04e24affdb86bacc9876b912de479ede8499fb2de2dccf907f106efdbe; expires=Mon, 11-Dec-2023 01:03:20 GMT; Max-Age=172800
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ye5KAaJOFtdatn5K8PbNIq3rDGeHKmNi%2BqIvnYc1ds16b%2FRJoXwi28KNphphahKg%2B8UjDyGFgj0QKhRilO1bifzZJsKQkO7ykHnkrzRmMz3pisz%2F%2FTtc5MTeLHcmv26u34w%2F%2Ba6L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 832953ea8f977127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto

216.58.211.10

200 OK

2.1 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (2158), with no line terminators
Size
2.1 kB (2102 bytes)
Hash
7fad5e7e182f10e7ece237afa8caae03
3e446dd2d5f5a34d3e6a55063ef740fe292a42a1
5b353f7d4f4359ff0b19d42c322ddf1e4cb8b350644d3c7daefc39739ba114f0

HTTP Headers

GET /css?family=Roboto HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 09 Dec 2023 01:03:25 GMT
date: Sat, 09 Dec 2023 01:03:25 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.dropbox.com/s/9kywb1xfr244qtl/BidenBucks07%237.jpg?dl=1

162.125.71.18

302 Found

213 kB

URL GET HTTP/2
www.dropbox.com/s/9kywb1xfr244qtl/BidenBucks07%237.jpg?dl=1
IP
162.125.71.18:443
ASN
#19679 DROPBOX

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerDigiCert Inc
Subject*.dropbox.com
Fingerprint17:55:A3:E8:7A:9A:D8:FF:86:5A:8E:81:2C:30:73:6B:8A:88:10:43
ValidityTue, 31 Oct 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type

Size
213 kB (212787 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s/9kywb1xfr244qtl/BidenBucks07%237.jpg?dl=1 HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/html; charset=utf-8
location: /s/dl/9kywb1xfr244qtl/BidenBucks07%237.jpg
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=MTE3NjQxNzMxMjE1Nzc5NzY3ODYzOTM4NDQ3MDIwMzY5NzMzNDQ1; Path=/; Expires=Thu, 07 Dec 2028 01:03:25 GMT; HttpOnly; Secure; SameSite=None
t=WphrGaW3zr6HlJI8mwxCZ-Zh; Path=/; Domain=dropbox.com; Expires=Tue, 08 Dec 2026 01:03:25 GMT; HttpOnly; Secure; SameSite=None
__Host-js_csrf=WphrGaW3zr6HlJI8mwxCZ-Zh; Path=/; Expires=Tue, 08 Dec 2026 01:03:25 GMT; Secure; SameSite=None
__Host-ss=FxUAz26__g; Path=/; Expires=Tue, 08 Dec 2026 01:03:25 GMT; HttpOnly; Secure; SameSite=Strict
locale=en; Path=/; Domain=dropbox.com; Expires=Thu, 07 Dec 2028 01:03:25 GMT
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noimageindex
x-xss-protection: 1; mode=block
date: Sat, 09 Dec 2023 01:03:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: envoy
cache-control: no-cache, no-store
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 855a869b1e9649be8c1c20d0f89e77a5
X-Firefox-Spdy: h2

162.125.71.15

200 OK

213 kB

URL GET HTTP/2
uc552e3377e7d1801d39d537a708.dl.dropboxusercontent.com/cd/0/get/CJBCYxJQfn_ZmbVCIU9FJepTiKWUv_DbzUHhCFimnPZ9CangnQw4pUKuq1uZUIJ2L-DYClIPy7VaBBL7Pw2Ib6mfPoZnpVfnrIJdF2BvwxlipwGqNuzzpOUUTZtb8P09hvFZW3gPWOJNts3MkgStXt4p/file?dl=1
IP
162.125.71.15:443
ASN
#19679 DROPBOX

Requested by
http://subscribe.goodlifestylenews.com/?email=barry@es.tv&redirect_id=32435&bid=17&ses_id=fe1253d7ae6d66d38039dcaaaa5f00c3
Certificate
IssuerDigiCert Inc
Subjectdl.dropbox.com
FingerprintF7:BA:5F:D1:73:A5:04:E6:AC:52:C4:92:6F:20:23:8D:FD:B3:3F:D0
ValidityTue, 14 Feb 2023 00:00:00 GMT - Sat, 16 Mar 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size
213 kB (212787 bytes)
Hash
670520755720fa053a763b3c20791e04
7dc82546a7444f1e3ed621b703024e560869fb67
eb16e6d2538f2306436b16cb9df8141305667c8c85bccea6be19ce148f1e23d0

HTTP Headers

GET /cd/0/get/CJBCYxJQfn_ZmbVCIU9FJepTiKWUv_DbzUHhCFimnPZ9CangnQw4pUKuq1uZUIJ2L-DYClIPy7VaBBL7Pw2Ib6mfPoZnpVfnrIJdF2BvwxlipwGqNuzzpOUUTZtb8P09hvFZW3gPWOJNts3MkgStXt4p/file?dl=1 HTTP/1.1
Host: uc552e3377e7d1801d39d537a708.dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://subscribe.goodlifestylenews.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename="BidenBucks07#7.jpg"; filename*=UTF-8''BidenBucks07%237.jpg
content-security-policy: sandbox
etag: 1675266162900395d
pragma: public
referrer-policy: no-referrer
vary: Origin
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow, noimageindex
x-server-response-time: 155
x-webkit-csp: sandbox
content-type: application/binary
date: Sat, 09 Dec 2023 01:03:26 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 212787
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 2cbfb89de59a4c94867a9f335e28821b
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (34)

URL

IP

ASN