r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3783
Expires: Mon, 05 Dec 2022 05:06:10 GMT
Date: Mon, 05 Dec 2022 04:03:07 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1867
Cache-Control: max-age=111557
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 04:03:07 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:02:24 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 03:20:12 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2575
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4881
Expires: Mon, 05 Dec 2022 05:24:28 GMT
Date: Mon, 05 Dec 2022 04:03:07 GMT
Connection: keep-alive
cnews6.com/
63.250.43.138301 Moved Permanently 0 B IP 63.250.43.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://cnews6.com/
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: hyNp7UXbnxSqnvmZ7gdagg9ceRCfngbu6PWL/1hFrDdjbmagpH2/pPYljYU77x8vKU44+8aZCOA=
x-amz-request-id: ZT90G68CWMKNDH00
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 03:47:49 GMT
age: 918
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:03:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 03:08:58 GMT
cache-control: public,max-age=3600
age: 3250
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c710d2c602649e35a7d048ceaced3401
7cefc4677aaf0127ad4afce9a6562a4f7a63fcd6
0846c5d9158af0e09919e066b68ac967ba889f789e463bde36659c695c07711c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 04:03:08 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 15:13:36 GMT
Expires: Sun, 11 Dec 2022 15:13:35 GMT
Etag: "7cefc4677aaf0127ad4afce9a6562a4f7a63fcd6"
Cache-Control: max-age=558026,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7749e3e72d6fb524-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1868
Cache-Control: max-age=106491
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 04:03:08 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 09:37:59 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
cnews6.com/
63.250.43.138200 OK 11 kB IP 63.250.43.138:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash 5175c9532da9a3ebbe2c6c7d97d83d3d
a2784c2d82203b5a606f0ffe5047bc51de800ce0
474c1d5a16155bcbf0d82abace968bc8e1d368f63446b1bb9e9b46863e339d1c
GET / HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <https://cnews6.com/wp-json/>; rel="https://api.w.org/"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
x-cacheable: YES
age: 95
x-cache: HIT
accept-ranges: bytes
content-length: 10551
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 4b47c3ad65c6a8c349eaf6c53d406ab4
7fef8f970045fb03c262fad624ef7d6c2949c3f2
1725fbf6f969a67cf473cff43e589f8e63603a7297e1105b8cc32c321ae9699c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 831
Cache-Control: max-age=121673
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 04:03:08 GMT
Etag: "638ca286-116"
Expires: Tue, 06 Dec 2022 13:51:01 GMT
Last-Modified: Sun, 04 Dec 2022 13:37:10 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
push.services.mozilla.com/
54.148.53.106101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.53.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: emoMKV1KodRJQI6fl8IWlA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ffxPMWU2eaOUr1FycrPMK3XE0/o=
cnews6.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
63.250.43.138200 OK 12 kB URL HTTP/2 cnews6.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 63.250.43.138:0
File type ASCII text, with very long lines (47826)
Hash 981383d43a7adb38d6c2bf5286dcd065
e41871905868763178f7d8127e3dfb87909f108f
fceb208fc5a1581abc1926596d5f59fa41e7a7d72027b563303b445cdf7ed126
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: text/css
last-modified: Tue, 29 Nov 2022 11:18:51 GMT
vary: Accept-Encoding
etag: W/"6385ea9b-172a9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
content-length: 12518
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/themes/hitmag/css/fonts.css
63.250.43.138200 OK 455 B URL HTTP/2 cnews6.com/wp-content/themes/hitmag/css/fonts.css
IP 63.250.43.138:0
Hash 5f2e85bcd731b259b4aa6a75bdc072d3
23a93594c7c70535cc6591da4ec4a330c4d01cab
f7620f9f7e578cda469a1abd75d6e164c069bcf4ab573de930355362cb45dd47
GET /wp-content/themes/hitmag/css/fonts.css HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: text/css
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
vary: Accept-Encoding
etag: W/"638601f8-d5a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
content-length: 455
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/themes/hitmag/style.css?ver=6.1.1
63.250.43.138200 OK 13 kB URL HTTP/2 cnews6.com/wp-content/themes/hitmag/style.css?ver=6.1.1
IP 63.250.43.138:0
File type ASCII text, with very long lines (659)
Hash f7253a622df81af966d929e87add4cb1
380351d3173a93687da9ed668f00c47ee1ce5119
51412b380c732500e795e5aa36604f7b0e38ca22c31bbd3a2e15512d0007203d
GET /wp-content/themes/hitmag/style.css?ver=6.1.1 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: text/css
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
vary: Accept-Encoding
etag: W/"638601f8-11130"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
content-length: 12812
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
63.250.43.138200 OK 31 kB URL HTTP/2 cnews6.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 63.250.43.138:0
File type ASCII text, with very long lines (65447)
Hash 2eccf707201b564e5e0cc3637fe4fd79
13b3ab2c399a84808e8fd6a2c795a6a49f5090a4
fb2e62f5864ef969b2d586b0e589fc81d7689038cd54a90fbca4b463e0ca6261
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:33 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 11:18:51 GMT
vary: Accept-Encoding
etag: W/"6385ea9b-15e54"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 95
x-cache: HIT
accept-ranges: bytes
content-length: 31038
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-includes/css/classic-themes.min.css?ver=1
63.250.43.138200 OK 217 B URL HTTP/2 cnews6.com/wp-includes/css/classic-themes.min.css?ver=1
IP 63.250.43.138:0
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: text/css
content-length: 217
last-modified: Tue, 29 Nov 2022 11:18:51 GMT
etag: "6385ea9b-d9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/themes/hitmag/css/font-awesome.min.css?ver=4.7.0
63.250.43.138200 OK 7.1 kB URL HTTP/2 cnews6.com/wp-content/themes/hitmag/css/font-awesome.min.css?ver=4.7.0
IP 63.250.43.138:0
File type ASCII text, with very long lines (30837)
Hash 0ebb760c7d229fd1d2b3a63493306569
58961c039962ea4f5215caa2e0127a8658bcf847
18eecad8f04af6784d466cd2cad0337dea530bef457e6a7b3da473eea589b134
GET /wp-content/themes/hitmag/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: text/css
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
vary: Accept-Encoding
etag: W/"638601f8-7918"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
content-length: 7050
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
63.250.43.138200 OK 4.2 kB URL HTTP/2 cnews6.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 63.250.43.138:0
File type ASCII text, with very long lines (11126)
Hash 5629711d7fdd5b28441bac39b851299f
4e0bf2b7383097f7c352023a1b1b1b48a50356b6
44c444309c7a6c05ff4a9bc198bed9e9596bedb5658637c85689c9a471dcdd16
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:33 GMT
content-type: application/javascript
last-modified: Wed, 15 Jun 2022 13:01:54 GMT
vary: Accept-Encoding
etag: W/"62a9d842-2bd8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 95
x-cache: HIT
accept-ranges: bytes
content-length: 4169
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/themes/hitmag/js/skip-link-focus-fix.js?ver=20151215
63.250.43.138200 OK 416 B URL HTTP/2 cnews6.com/wp-content/themes/hitmag/js/skip-link-focus-fix.js?ver=20151215
IP 63.250.43.138:0
Hash e6f53264ebf762f651ef3c426aba7d7a
c94c31f4cdc7976febd8b722771d433fcd460d87
e5dab0bbdb24e72cded213dba7acb5e41a11e2a317279a046e402d1146512404
GET /wp-content/themes/hitmag/js/skip-link-focus-fix.js?ver=20151215 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:33 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
vary: Accept-Encoding
etag: W/"638601f8-2ab"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 95
x-cache: HIT
accept-ranges: bytes
content-length: 416
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/uploads/2022/12/King-Cobra-Snake-Blocked-Road-2-1-1-348x215.jpeg
63.250.43.138200 OK 53 kB URL HTTP/2 cnews6.com/wp-content/uploads/2022/12/King-Cobra-Snake-Blocked-Road-2-1-1-348x215.jpeg
IP 63.250.43.138:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:05:01 09:03:29], baseline, precision 8, 348x215, components 3\012- data
Hash 4deaeec3b24772616a8291c902015eb5
e62b4efacb0cea76cc232bbebb5e1ef6fa821841
6dd3fe0f60d397489cbd77c045bb5eea06ee41b74ecdd8e18fa7bd77539a8bac
GET /wp-content/uploads/2022/12/King-Cobra-Snake-Blocked-Road-2-1-1-348x215.jpeg HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:52 GMT
content-type: image/jpeg
content-length: 53060
last-modified: Mon, 05 Dec 2022 04:01:24 GMT
etag: "638d6d14-cf44"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 76
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/themes/hitmag/js/navigation.js?ver=20151215
63.250.43.138200 OK 1.4 kB URL HTTP/2 cnews6.com/wp-content/themes/hitmag/js/navigation.js?ver=20151215
IP 63.250.43.138:0
Hash 35fdb76fc8e506633f47811c1b230c24
ece4f110b59319275e869345a122db43be784e51
5082959004f8a45ee0f6093b9d7f86e00e328f120342c0f1455fef3278be8672
GET /wp-content/themes/hitmag/js/navigation.js?ver=20151215 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:33 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
vary: Accept-Encoding
etag: W/"638601f8-f05"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 95
x-cache: HIT
accept-ranges: bytes
content-length: 1356
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
63.250.43.138200 OK 5.0 kB URL HTTP/2 cnews6.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 63.250.43.138:0
File type ASCII text, with very long lines (15660)
Hash 1b982d290af16dac5885f21a198aaa66
f847ca85d23c2f240938bbde0135f3de97925759
0b6e238cc0728a0bace390dfff472ff8bb5a5fd4714bcfcdac7c28621d67b8dc
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:33 GMT
content-type: application/javascript
last-modified: Wed, 15 Jun 2022 13:01:54 GMT
vary: Accept-Encoding
etag: W/"62a9d842-48b9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 95
x-cache: HIT
accept-ranges: bytes
content-length: 5004
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/themes/hitmag/js/scripts.js?ver=6.1.1
63.250.43.138200 OK 579 B URL HTTP/2 cnews6.com/wp-content/themes/hitmag/js/scripts.js?ver=6.1.1
IP 63.250.43.138:0
File type ASCII text, with CRLF line terminators
Hash a36d4322ed87b11cd05a5fbf9d3135bc
bd8cca6629629708ec5054bd6c25fc2a9d2bb036
bb9a754b70d6ba81817318910d9af6a4d9efeffcd026388f9eec5a6822fd9d5f
GET /wp-content/themes/hitmag/js/scripts.js?ver=6.1.1 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
vary: Accept-Encoding
etag: W/"638601f8-549"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
content-length: 579
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ea9b6b94ec4246f881cb1c742294c0f9
36cd3e7fd45c60d35a85371845f43913e677f2ec
0a77f69ec7f0062a734228f232388597b8a48a027c412280fa4e1a91bb2af5c7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0A77F69EC7F0062A734228F232388597B8A48A027C412280FA4E1A91BB2AF5C7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1826
Expires: Mon, 05 Dec 2022 04:33:35 GMT
Date: Mon, 05 Dec 2022 04:03:09 GMT
Connection: keep-alive
cnews6.com/wp-content/themes/hitmag/fonts/ubuntu-bold-webfont.woff2
63.250.43.138200 OK 29 kB URL HTTP/2 cnews6.com/wp-content/themes/hitmag/fonts/ubuntu-bold-webfont.woff2
IP 63.250.43.138:0
File type Web Open Font Format (Version 2), TrueType, length 29320, version 1.0\012- data
Hash 523215f3b621ae9406e84e39e7976e67
3ff9b171c3ccbd71c73121b803da01b62c033ed9
78cfcd698660fe6904cdccf493e82f639a1a08707c35df07be4566e511bb04cc
GET /wp-content/themes/hitmag/fonts/ubuntu-bold-webfont.woff2 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cnews6.com/wp-content/themes/hitmag/css/fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:39 GMT
content-type: font/woff2
content-length: 29320
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
etag: "638601f8-7288"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://cnews6.com
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 89
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/themes/hitmag/fonts/lato-regular-latin.woff2
63.250.43.138200 OK 24 kB URL HTTP/2 cnews6.com/wp-content/themes/hitmag/fonts/lato-regular-latin.woff2
IP 63.250.43.138:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /wp-content/themes/hitmag/fonts/lato-regular-latin.woff2 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cnews6.com/wp-content/themes/hitmag/css/fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:39 GMT
content-type: font/woff2
content-length: 23580
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
etag: "638601f8-5c1c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://cnews6.com
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 89
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/JNJj-Xek6-M
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/JNJj-Xek6-M
IP 142.250.74.131:0
Hash 2c4b9a6ba0ca96d140a1c99eab66eae3
798c3e78e1289c4b7dc840b94675605b45abd0ba
93c046dff80a46cf3f82622a4206f902793589ac0865a0a0f72c59cc28e0d027
POST /s/gts1p5/JNJj-Xek6-M HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 04:03:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cnews6.com/wp-content/themes/hitmag/fonts/opensans-bold-webfont.woff2
63.250.43.138200 OK 19 kB URL HTTP/2 cnews6.com/wp-content/themes/hitmag/fonts/opensans-bold-webfont.woff2
IP 63.250.43.138:0
File type Web Open Font Format (Version 2), TrueType, length 18992, version 1.0\012- data
Hash 8b1081927e10196dfa2642487a7b2e8c
b9b32eabae814e96e10c20e43d87a5cafc4dc0d4
c3980ea8f019855a578aef98e57530e78df585bce65b79b9f86a3356fa748bf3
GET /wp-content/themes/hitmag/fonts/opensans-bold-webfont.woff2 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cnews6.com/wp-content/themes/hitmag/css/fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:39 GMT
content-type: font/woff2
content-length: 18992
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
etag: "638601f8-4a30"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://cnews6.com
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 89
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/themes/hitmag/fonts/fontawesome-webfont.woff2?v=4.7.0
63.250.43.138200 OK 77 kB URL HTTP/2 cnews6.com/wp-content/themes/hitmag/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 63.250.43.138:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /wp-content/themes/hitmag/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cnews6.com/wp-content/themes/hitmag/css/font-awesome.min.css?ver=4.7.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:39 GMT
content-type: font/woff2
content-length: 77160
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
etag: "638601f8-12d68"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://cnews6.com
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 89
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/themes/hitmag/fonts/ubuntu-regular-webfont.woff2
63.250.43.138200 OK 29 kB URL HTTP/2 cnews6.com/wp-content/themes/hitmag/fonts/ubuntu-regular-webfont.woff2
IP 63.250.43.138:0
File type Web Open Font Format (Version 2), TrueType, length 28592, version 1.0\012- data
Hash a72bbb5a10e8ff13010604a1bb4a4037
4accf5cfaa94279c6cfdf8cda1c75270e8278761
c07bdac3cac751c087419fb7be13f75451845e648c0c67376ce388216693265c
GET /wp-content/themes/hitmag/fonts/ubuntu-regular-webfont.woff2 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cnews6.com/wp-content/themes/hitmag/css/fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:39 GMT
content-type: font/woff2
content-length: 28592
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
etag: "638601f8-6fb0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://cnews6.com
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 89
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/themes/hitmag/fonts/lato-bold-latin.woff2
63.250.43.138200 OK 23 kB URL HTTP/2 cnews6.com/wp-content/themes/hitmag/fonts/lato-bold-latin.woff2
IP 63.250.43.138:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /wp-content/themes/hitmag/fonts/lato-bold-latin.woff2 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cnews6.com/wp-content/themes/hitmag/css/fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:39 GMT
content-type: font/woff2
content-length: 23040
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
etag: "638601f8-5a00"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://cnews6.com
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 89
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/uploads/2022/12/Screenshot_20220919_205005-1-1-3-1-2-1-2-1-348x215.jpg
63.250.43.138200 OK 12 kB URL HTTP/2 cnews6.com/wp-content/uploads/2022/12/Screenshot_20220919_205005-1-1-3-1-2-1-2-1-348x215.jpg
IP 63.250.43.138:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 348x215, components 3\012- data
Hash 63728b8a78fb36cf52186b1bccda9ae3
e877fb0546bd028c0679e09b50e350567b850841
032cf8dfce1256da866345b071ee5c03af1d1b2ba43bc0448633a6adee650850
GET /wp-content/uploads/2022/12/Screenshot_20220919_205005-1-1-3-1-2-1-2-1-348x215.jpg HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:02:46 GMT
content-type: image/jpeg
content-length: 11969
last-modified: Mon, 05 Dec 2022 03:53:48 GMT
etag: "638d6b4c-2ec1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 22
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/uploads/2022/12/1-356-5-348x215.jpg
63.250.43.138200 OK 18 kB URL HTTP/2 cnews6.com/wp-content/uploads/2022/12/1-356-5-348x215.jpg
IP 63.250.43.138:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 348x215, components 3\012- data
Hash 5e77c62299db264d144448dddcb6970e
63687c671c560fc0d5c6fde113a3d098cebea369
01648fd4936ee30abcdf5bec02b4f49930c2253d751020bc2c1673e1858a62f3
GET /wp-content/uploads/2022/12/1-356-5-348x215.jpg HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: image/jpeg
content-length: 17696
last-modified: Mon, 05 Dec 2022 04:00:09 GMT
etag: "638d6cc9-4520"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/uploads/2022/12/24244_65417_5649-735x400-1-735x400-1-2-348x215.jpg
63.250.43.138200 OK 14 kB URL HTTP/2 cnews6.com/wp-content/uploads/2022/12/24244_65417_5649-735x400-1-735x400-1-2-348x215.jpg
IP 63.250.43.138:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 348x215, components 3\012- data
Hash b58c512ebedfa99ae7c66746bb77c54a
692c172672b7129f45b1e6ac8a35500e72aa12d2
73fe18e62a1860cee944618ab68022740ba620f33f3fa2076605d260366841cb
GET /wp-content/uploads/2022/12/24244_65417_5649-735x400-1-735x400-1-2-348x215.jpg HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:40 GMT
content-type: image/jpeg
content-length: 14122
last-modified: Mon, 05 Dec 2022 03:52:01 GMT
etag: "638d6ae1-372a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 88
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
pl17952787.highperformancecpmgate.com/30dc7bb2294acae8ca6474105cb0544f/invoke.js
192.243.59.20200 OK 9.3 kB URL HTTP/1.1 pl17952787.highperformancecpmgate.com/30dc7bb2294acae8ca6474105cb0544f/invoke.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (25061), with no line terminators
Hash 04669ac8cf274bcc7269c1e414b9983b
ff4fbc46598774b05f710cdab448dc49992fb1c1
f11d8b8f18d1d9e72b6bfb437d3c068d846b283a2a770dbc4decaac20ad3f67f
Analyzer Verdict Alert quad9 Sinkholed
GET /30dc7bb2294acae8ca6474105cb0544f/invoke.js HTTP/1.1
Host: pl17952787.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Mon, 05 Dec 2022 04:03:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 42508c9f8b649bf91c9f09c8bfeea01c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cnews6.com/wp-content/uploads/2022/12/King-Cobra-Snake-Blocked-Road-2-1-348x215.jpeg
63.250.43.138200 OK 53 kB URL HTTP/2 cnews6.com/wp-content/uploads/2022/12/King-Cobra-Snake-Blocked-Road-2-1-348x215.jpeg
IP 63.250.43.138:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:05:01 09:03:29], baseline, precision 8, 348x215, components 3\012- data
Hash 4deaeec3b24772616a8291c902015eb5
e62b4efacb0cea76cc232bbebb5e1ef6fa821841
6dd3fe0f60d397489cbd77c045bb5eea06ee41b74ecdd8e18fa7bd77539a8bac
GET /wp-content/uploads/2022/12/King-Cobra-Snake-Blocked-Road-2-1-348x215.jpeg HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:35 GMT
content-type: image/jpeg
content-length: 53060
last-modified: Mon, 05 Dec 2022 03:53:05 GMT
etag: "638d6b21-cf44"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 93
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cnews6.com/wp-content/uploads/2022/12/13-47-20-Screenshot_20221128_055325-720x400-1-1-1-1-348x215.jpg
63.250.43.138200 OK 19 kB URL HTTP/2 cnews6.com/wp-content/uploads/2022/12/13-47-20-Screenshot_20221128_055325-720x400-1-1-1-1-348x215.jpg
IP 63.250.43.138:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 348x215, components 3\012- data
Hash 4741816fcf163b18f32c15d0f8f34b2e
395d301ab4ec08c103b68cd4544f02d317be8d9c
e573710504a001d91082cc927a343e08cee369da475f14f1712d231b0df1a5c1
GET /wp-content/uploads/2022/12/13-47-20-Screenshot_20221128_055325-720x400-1-1-1-1-348x215.jpg HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:35 GMT
content-type: image/jpeg
content-length: 19011
last-modified: Mon, 05 Dec 2022 03:50:34 GMT
etag: "638d6a8a-4a43"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 93
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
pl17957461.highperformancecpmgate.com/b6/f3/48/b6f348d0b4462aa756806e72ed310dfc.js
192.243.59.20200 OK 13 kB URL HTTP/1.1 pl17957461.highperformancecpmgate.com/b6/f3/48/b6f348d0b4462aa756806e72ed310dfc.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37111), with no line terminators
Hash 99abada948eb4c8d61bab522b4fa35d5
5e71d0f6a85f13d627a2cbabf9107666d1310192
94abb15a7c7bfc4fb73a9d021a13b815076fb0f9dca3b3d8248a7d20184478c4
Analyzer Verdict Alert quad9 Sinkholed
GET /b6/f3/48/b6f348d0b4462aa756806e72ed310dfc.js HTTP/1.1
Host: pl17957461.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Mon, 05 Dec 2022 04:03:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 252c4a39cb8b333046039ae0ace35f8e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4190c26f01184c51aed2d771ad1429ec
35e2db991eaca4dbe44e4158feb9eddbccba0a4c
4dfbbd61f47a45a39622f70938f29114fe41648e5f74c0aad269d4a0252de5e6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "4DFBBD61F47A45A39622F70938F29114FE41648E5F74C0AAD269D4A0252DE5E6"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13242
Expires: Mon, 05 Dec 2022 07:43:51 GMT
Date: Mon, 05 Dec 2022 04:03:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9057
Expires: Mon, 05 Dec 2022 06:34:06 GMT
Date: Mon, 05 Dec 2022 04:03:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9057
Expires: Mon, 05 Dec 2022 06:34:06 GMT
Date: Mon, 05 Dec 2022 04:03:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9057
Expires: Mon, 05 Dec 2022 06:34:06 GMT
Date: Mon, 05 Dec 2022 04:03:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e81e29f-79a8-4af6-b0c7-7f49bfafb17e.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e81e29f-79a8-4af6-b0c7-7f49bfafb17e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f71032604eecccf0a81f323a5f96a400
f8866d4f3185bcf7871581d75339998b34d6cf6d
d053eedc717d7fd86e621ba948680be16538396d1ba9854b6816626d149b1c57
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e81e29f-79a8-4af6-b0c7-7f49bfafb17e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6886
x-amzn-requestid: d721caf6-2252-4ede-9533-3d3fcd6cce0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpsw-FfRoAMFtOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d5b39-7644a195142f6c420ec7eac6;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 02:45:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RwhNdxS-EBTraqzS_TnCNXj3JXgz5NkO8oLyQaHOhHdtnvBbg4vsRQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 02:45:13 GMT
etag: "f8866d4f3185bcf7871581d75339998b34d6cf6d"
content-type: image/jpeg
age: 4676
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc619d7d-5f58-4402-a30a-fe05dd9e2922.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc619d7d-5f58-4402-a30a-fe05dd9e2922.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6079166a1ed5bac7373183f03f33b84e
b0c9391b87a4560598e43d5084dda41e267974a9
3e2faccbc3e14a10da4a433d789068cdc3fb2d3e2a04a7e2b7ea5f6f6313dcd4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc619d7d-5f58-4402-a30a-fe05dd9e2922.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13647
x-amzn-requestid: 36276b12-9e02-4d00-a100-9aa5c794fc79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_ueEWUoAMFj7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1329-7abb45a85c6bc2235c25d61e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oXeR8DTpEoK8E-BiI7gT4JEIdVBfiimfydNYIC62_rNLlTdem9Buig==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:45:46 GMT
age: 22643
etag: "b0c9391b87a4560598e43d5084dda41e267974a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24c69d7ef356b352956d6dcbc9f5df1d
2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:03:01 GMT
age: 21608
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9e8d044-2cda-4dba-9da8-c0a296845bca.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9e8d044-2cda-4dba-9da8-c0a296845bca.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b8e6f84dff61fedd8ff9baa9bb648883
f8d5cc7b315879b66a11b403463da1330617d2fa
025c66a4a0e7927353e1733d7f8cfb6ec3c9c0228d34267cbff11f09cf112127
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9e8d044-2cda-4dba-9da8-c0a296845bca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12348
x-amzn-requestid: 72f681ef-9ae7-4fc5-8539-230e1d4277a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKa_HpTIAMFrcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abddf-43ef45165fd982997e5018c8;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:09:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ee7Rihwq-F-zcJWcnxZtfzfmhrn0w3mub_5F4j8u0r2Uc91oXrKPzA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 04:17:01 GMT
age: 85568
etag: "f8d5cc7b315879b66a11b403463da1330617d2fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash f0f8b0d8806166791f6d6d9a9aa908ca
e30099fed67b541c022984b41b6de1e9ca8e01bb
c8d3589546edd372653dbcc6fe1bc48340d7bf5dc3b0f37324a9ff8014aa912b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 05 Dec 2022 04:03:09 GMT
Last-Modified: Mon, 05 Dec 2022 03:42:40 GMT
Server: ECS (nyb/1D34)
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jWKctYd0rwQzsUyu25KyIjq5Y8lj_9xM7SbwbHAxuqMSxo9gUGZz9Q==
Age: 1229
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47f316c5-1381-4b6e-9e8d-f1956258ef3e.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47f316c5-1381-4b6e-9e8d-f1956258ef3e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a349d02cce160f72cc93f6fb6e45fa46
a6f82481ea0a820da0f199e8f9051a4aa4013c82
ab320118577a2dcb6ab7ad904d6350e187501a94b39b71fdd70b31cbc8853b24
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47f316c5-1381-4b6e-9e8d-f1956258ef3e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6826
x-amzn-requestid: f0abdba6-14c8-4aae-ba3b-37ba0af2ff08
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_t2FsLIAMFekA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1325-3452be066acddb554f528cc3;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GS4yLzXiIZt-eL9T7gjbf2-vMu8i30WKPDmc2EQDxv0CELjdW1gMVA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:46:51 GMT
age: 22578
etag: "a6f82481ea0a820da0f199e8f9051a4aa4013c82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1caf4c1-b9c0-4db1-a780-00b9a6198731.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1caf4c1-b9c0-4db1-a780-00b9a6198731.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8d76ec668361348eb17d54001fd2e6c6
534299a20a76ea6e3250f0fb35fe772cac04ef51
22676fae3909acf18e6cd4f505ec718fdac156990edb20926afdae2a359a2859
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1caf4c1-b9c0-4db1-a780-00b9a6198731.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5209
x-amzn-requestid: 682056d5-7815-4fd1-b05b-723619128d8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKUXF5eoAMFRvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abdb5-6df5d866267739212832ee66;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:08:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TUn27-HAzSq5FHhr2K7W377QRIQqOh9owE1xVL6BQetiK9U-jtwbsg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 03:45:47 GMT
age: 1042
etag: "534299a20a76ea6e3250f0fb35fe772cac04ef51"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash f0f8b0d8806166791f6d6d9a9aa908ca
e30099fed67b541c022984b41b6de1e9ca8e01bb
c8d3589546edd372653dbcc6fe1bc48340d7bf5dc3b0f37324a9ff8014aa912b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=121579
Date: Mon, 05 Dec 2022 04:03:09 GMT
Etag: "638ca11c-1d7"
Expires: Tue, 06 Dec 2022 13:49:28 GMT
Last-Modified: Sun, 04 Dec 2022 13:31:08 GMT
Server: ECS (nyb/1D1D)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: o57GhJIOjMaKboB2mewbUOKZYrTT1hFWiAWH4ZBBDy5lUZdUC-RdlA==
Age: 1100
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 557ecc6ce424234f6d1b4f29173a15a0
0beab81c024e0751612d9b7ddfa810cd79c825d3
7376a295c56ef7a52473deb8dfa21fd7af564f2262eccbd167c9f7cadb9304ce
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://cnews6.com
access-control-allow-credentials: true
set-cookie: uid_id2=e0456fb7-646c-41e9-8513-14a258c1b8b6:2:1; expires=Thu, 02 Dec 2032 04:03:09 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 10107fccde381f9f7b689b03393b384b
07b4d1abb63f43eff64462bc0c55a214318a7946
707c7bfa890dd62db1cca2580f6c80b92ffc8fb6aa47ed64ccf7837c490fe3ad
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://cnews6.com
access-control-allow-credentials: true
set-cookie: uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; expires=Thu, 02 Dec 2032 04:03:09 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4190c26f01184c51aed2d771ad1429ec
35e2db991eaca4dbe44e4158feb9eddbccba0a4c
4dfbbd61f47a45a39622f70938f29114fe41648e5f74c0aad269d4a0252de5e6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "4DFBBD61F47A45A39622F70938F29114FE41648E5F74C0AAD269D4A0252DE5E6"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13242
Expires: Mon, 05 Dec 2022 07:43:51 GMT
Date: Mon, 05 Dec 2022 04:03:09 GMT
Connection: keep-alive
cnews6.com/favicon.ico
63.250.43.138204 No Content 0 B IP 63.250.43.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=78856ac7-c11a-4d58-86c2-646125bf5901%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 05 Dec 2022 04:01:37 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-type: image/png
age: 92
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 825a300d1eb0cc3ad3b7ac0c0499b946
5798cd7466b04d4ca41a415b31ea566fb5cd910d
94205b8ddbdc5fcbd36d52ebc36a56e14b7c0a207bb3db2ca1ea1a3bd25cebc1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 05:29:15 GMT
Expires: Sat, 10 Dec 2022 05:29:14 GMT
Etag: "5798cd7466b04d4ca41a415b31ea566fb5cd910d"
Cache-Control: max-age=436564,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7749e3f279c0b524-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 096b5ad9a784e95445c60c6de61b849b
6b46e6c4c6322fb605aa670a7c94ac0f8e43de3e
d24724c785448125dfcc57405f3e43fd4739cacfb33465de727540ecfa80d971
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D24724C785448125DFCC57405F3E43FD4739CACFB33465DE727540ECFA80D971"
Last-Modified: Fri, 02 Dec 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2520
Expires: Mon, 05 Dec 2022 04:45:10 GMT
Date: Mon, 05 Dec 2022 04:03:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3aac4ea74b09f67f69a42aab55a610aa
60ba8c23151a5fc6e82f1254e68c5f695a0bd383
cb8d6383ebceedaf6c40d38ca57dde30df5c0881f79ce9efc625d07f33ec0854
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB8D6383EBCEEDAF6C40D38CA57DDE30DF5C0881F79CE9EFC625D07F33EC0854"
Last-Modified: Sun, 04 Dec 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11329
Expires: Mon, 05 Dec 2022 07:11:59 GMT
Date: Mon, 05 Dec 2022 04:03:10 GMT
Connection: keep-alive
errresound.com/ntv.json?key=30dc7bb2294acae8ca6474105cb0544f&vstc=4
192.243.59.13200 OK 17 kB URL HTTP/1.1 errresound.com/ntv.json?key=30dc7bb2294acae8ca6474105cb0544f&vstc=4
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (17216), with no line terminators
Hash 5780b3f9c41273207c7deb8b98abf164
550c89b3a39e0e5618f17d79a065547f48986e4f
356f9b1ab954db92a059bb7499545f0ae229296ed2880f2daa059f86edab13e1
Analyzer Verdict Alert quad9 Sinkholed
GET /ntv.json?key=30dc7bb2294acae8ca6474105cb0544f&vstc=4 HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: application/json
Content-Length: 17218
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://cnews6.com
Access-Control-Allow-Origin: https://cnews6.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17852288; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
uncs=1; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
pdhtkv49=true; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
uncs49=1; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
nlec30dc7bb2294acae8ca6474105cb0544f=[3254354,3254334,3254335,3254344]; expires=Mon, 05 Dec 2022 04:03:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3e8991c2c443269049b74b793da70ce7
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash a4b2661f9faaf638f68d08191f11b9eb
93a120c099c114d90fd533168343641c6768e3fa
65fd78249b3277256ee56b23d213f0816412daa4c2028d2447a90bbc861af5ba
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 11:33:42 GMT
Expires: Sun, 11 Dec 2022 11:33:41 GMT
Etag: "93a120c099c114d90fd533168343641c6768e3fa"
Cache-Control: max-age=544830,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7749e3f5eba1b524-OSL
errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxRevTibw5etFJZecHG8KMts905PZMWAw5ofBuLtuInsTqquqZ8utrmqruqdnR9DFiOQizMGDeur9zG7WH2FJ%2FgBBZr2EBSGDIHtwQfwThJylJwOjD%2Frz3uvPO3w%2B79UXu%2Fkp8ZHTk7V3zVAqRZfaDb%2F%2ByobU3BSuvnKnHvgN%2F1J9Q%2BqL4aX6oALbfz3w2w3%2F1foNwbbMUtMPfD%2Fwg%2Fp1aUVsBkszFjJ90A0aXb8RNhtBO8TA%2Frd3uQdHPfD%2BKXkRkk%2FPbT5%2BBMkm0MnDq8JtZSZ97VqSK5oZiz4%2FeF9vaVNoJIsyth5ifTCfhnFTQr4%2BA6MP5g5g%2BnuVA0RySrzfA0T6YC4TUX%2F%2FmdJIQWhE%2FDkU%2FQmEmkDSCZi5C8mfEIBxrKxCJ%2FdXjC3o9jOWVuyU1J7%2BDVlMSe2P89DJ4RUlB%2FXbRuWZNNphEJeQgwlkb4I0P0I29CCLI7DsM0j%2BK1l6egs62Vt1ykDycuZeyglkPIESI1DnIa8%2B6SGPPeSph4Sf1Gm7G%2Ft%2BJ47iVms5ZIy1Woy1ly%2FyNm%2BFy7GPnFXyRsjSEZgagdkdpHYHW3IEm%2F8Mt1nCcQ8umxLvvR30eYlCEBSOoKAEhSQoMoKiX%2B5z5ZquvM%2BVy6Ngnpvz3CrHJuvt0n2T9YQmu%2BkpeaHai%2Fd8bwdb4qTe8jnrRFGz2Q0po2KZ0YthJwz8Nov8dhjGcLKEdGdmVodySl56%2BSFSOSXn%2FrqGiB7BqSMweRY0D0CLcafpg26Ow2UfQ32oReGanaHRosFMAm5KpFkN2ba3q07JhdmFgu%2FWIdjx5c%2BHf944PP8xmC2R2hIfyl8IeureeN0UZG%2FdFI48Wk0zmcghra53O6OZOPvDO2K7MJbfvOpG37%2FJKqIqH9wRLrtFNZe658iPVyTnwl43lgny0023IaK13G1eya3O01trb12%2FmaRWOCeNnoDKJx%2Fsg8kp%2Bd9Hv83e5YXhp5B2ApuXSPJjMg9IcwSW7sClC%2FXOEFi1mIlSD0Vejm0zWvxUkkCJRU%2BjEu5ffbSod9099GwNNLsLnZTo2xJ9VYKqEVz%2B%2F3GW2uPLj7%2Bp4ltEqjaOlK3tRcqqr2arreCNCi5X8DacPKmLduzHwm%2BKKO5GcYf6vBuH3Yh2A9GJ2jRA5qbsy%2BSTfwAAAP%2F%2FAQAA%2F%2F8lCH6zfgQAAA%3D%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxRevTibw5etFJZecHG8KMts905PZMWAw5ofBuLtuInsTqquqZ8utrmqruqdnR9DFiOQizMGDeur9zG7WH2FJ%2FgBBZr2EBSGDIHtwQfwThJylJwOjD%2Frz3uvPO3w%2B79UXu%2Fkp8ZHTk7V3zVAqRZfaDb%2F%2ByobU3BSuvnKnHvgN%2F1J9Q%2BqL4aX6oALbfz3w2w3%2F1foNwbbMUtMPfD%2Fwg%2Fp1aUVsBkszFjJ90A0aXb8RNhtBO8TA%2Frd3uQdHPfD%2BKXkRkk%2FPbT5%2BBMkm0MnDq8JtZSZ97VqSK5oZiz4%2FeF9vaVNoJIsyth5ifTCfhnFTQr4%2BA6MP5g5g%2BnuVA0RySrzfA0T6YC4TUX%2F%2FmdJIQWhE%2FDkU%2FQmEmkDSCZi5C8mfEIBxrKxCJ%2FdXjC3o9jOWVuyU1J7%2BDVlMSe2P89DJ4RUlB%2FXbRuWZNNphEJeQgwlkb4I0P0I29CCLI7DsM0j%2BK1l6egs62Vt1ykDycuZeyglkPIESI1DnIa8%2B6SGPPeSph4Sf1Gm7G%2Ft%2BJ47iVms5ZIy1Woy1ly%2FyNm%2BFy7GPnFXyRsjSEZgagdkdpHYHW3IEm%2F8Mt1nCcQ8umxLvvR30eYlCEBSOoKAEhSQoMoKiX%2B5z5ZquvM%2BVy6Ngnpvz3CrHJuvt0n2T9YQmu%2BkpeaHai%2Fd8bwdb4qTe8jnrRFGz2Q0po2KZ0YthJwz8Nov8dhjGcLKEdGdmVodySl56%2BSFSOSXn%2FrqGiB7BqSMweRY0D0CLcafpg26Ow2UfQ32oReGanaHRosFMAm5KpFkN2ba3q07JhdmFgu%2FWIdjx5c%2BHf944PP8xmC2R2hIfyl8IeureeN0UZG%2FdFI48Wk0zmcghra53O6OZOPvDO2K7MJbfvOpG37%2FJKqIqH9wRLrtFNZe658iPVyTnwl43lgny0023IaK13G1eya3O01trb12%2FmaRWOCeNnoDKJx%2Fsg8kp%2Bd9Hv83e5YXhp5B2ApuXSPJjMg9IcwSW7sClC%2FXOEFi1mIlSD0Vejm0zWvxUkkCJRU%2BjEu5ffbSod9099GwNNLsLnZTo2xJ9VYKqEVz%2B%2F3GW2uPLj7%2Bp4ltEqjaOlK3tRcqqr2arreCNCi5X8DacPKmLduzHwm%2BKKO5GcYf6vBuH3Yh2A9GJ2jRA5qbsy%2BSTfwAAAP%2F%2FAQAA%2F%2F8lCH6zfgQAAA%3D%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxRevTibw5etFJZecHG8KMts905PZMWAw5ofBuLtuInsTqquqZ8utrmqruqdnR9DFiOQizMGDeur9zG7WH2FJ%2FgBBZr2EBSGDIHtwQfwThJylJwOjD%2Frz3uvPO3w%2B79UXu%2Fkp8ZHTk7V3zVAqRZfaDb%2F%2ByobU3BSuvnKnHvgN%2F1J9Q%2BqL4aX6oALbfz3w2w3%2F1foNwbbMUtMPfD%2Fwg%2Fp1aUVsBkszFjJ90A0aXb8RNhtBO8TA%2Frd3uQdHPfD%2BKXkRkk%2FPbT5%2BBMkm0MnDq8JtZSZ97VqSK5oZiz4%2FeF9vaVNoJIsyth5ifTCfhnFTQr4%2BA6MP5g5g%2BnuVA0RySrzfA0T6YC4TUX%2F%2FmdJIQWhE%2FDkU%2FQmEmkDSCZi5C8mfEIBxrKxCJ%2FdXjC3o9jOWVuyU1J7%2BDVlMSe2P89DJ4RUlB%2FXbRuWZNNphEJeQgwlkb4I0P0I29CCLI7DsM0j%2BK1l6egs62Vt1ykDycuZeyglkPIESI1DnIa8%2B6SGPPeSph4Sf1Gm7G%2Ft%2BJ47iVms5ZIy1Woy1ly%2FyNm%2BFy7GPnFXyRsjSEZgagdkdpHYHW3IEm%2F8Mt1nCcQ8umxLvvR30eYlCEBSOoKAEhSQoMoKiX%2B5z5ZquvM%2BVy6Ngnpvz3CrHJuvt0n2T9YQmu%2BkpeaHai%2Fd8bwdb4qTe8jnrRFGz2Q0po2KZ0YthJwz8Nov8dhjGcLKEdGdmVodySl56%2BSFSOSXn%2FrqGiB7BqSMweRY0D0CLcafpg26Ow2UfQ32oReGanaHRosFMAm5KpFkN2ba3q07JhdmFgu%2FWIdjx5c%2BHf944PP8xmC2R2hIfyl8IeureeN0UZG%2FdFI48Wk0zmcghra53O6OZOPvDO2K7MJbfvOpG37%2FJKqIqH9wRLrtFNZe658iPVyTnwl43lgny0023IaK13G1eya3O01trb12%2FmaRWOCeNnoDKJx%2Fsg8kp%2Bd9Hv83e5YXhp5B2ApuXSPJjMg9IcwSW7sClC%2FXOEFi1mIlSD0Vejm0zWvxUkkCJRU%2BjEu5ffbSod9099GwNNLsLnZTo2xJ9VYKqEVz%2B%2F3GW2uPLj7%2Bp4ltEqjaOlK3tRcqqr2arreCNCi5X8DacPKmLduzHwm%2BKKO5GcYf6vBuH3Yh2A9GJ2jRA5qbsy%2BSTfwAAAP%2F%2FAQAA%2F%2F8lCH6zfgQAAA%3D%3D HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17852288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec30dc7bb2294acae8ca6474105cb0544f=[3254354,3254334,3254335,3254344]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 40749dda141250963a62ab35f3f21253
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 921edf4719d00fc9e787f0163dad9917
d174b6498bf23f64df69f917124059bec7a46b3e
ca7f94b946a5920f873661c61d48722c96c0e453363551045b3f788f35c9c885
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA7F94B946A5920F873661C61D48722C96C0E453363551045B3F788F35C9C885"
Last-Modified: Sat, 03 Dec 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12138
Expires: Mon, 05 Dec 2022 07:25:28 GMT
Date: Mon, 05 Dec 2022 04:03:10 GMT
Connection: keep-alive
cdn.tynt.com/tc.js
104.18.36.173200 OK 7.2 kB IP 104.18.36.173:0
Hash 8fcc1d09d632061c71caa05da144eb83
f0f7904d495c5237d426f55863609a4c9d20c034
599436c25fd2ca5b89783baed39f6f36e63d190149fbfbdc927a8fcb89ea89dd
GET /tc.js HTTP/1.1
Host: cdn.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:10 GMT
content-type: application/javascript
last-modified: Thu, 21 Jul 2022 14:57:10 GMT
vary: Accept-Encoding
etag: W/"62d96946-4599"
content-encoding: gzip
cf-cache-status: HIT
age: 131827
expires: Thu, 08 Dec 2022 04:03:10 GMT
cache-control: public, max-age=259200
server: cloudflare
cf-ray: 7749e3f7388a1c02-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 921edf4719d00fc9e787f0163dad9917
d174b6498bf23f64df69f917124059bec7a46b3e
ca7f94b946a5920f873661c61d48722c96c0e453363551045b3f788f35c9c885
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA7F94B946A5920F873661C61D48722C96C0E453363551045B3F788F35C9C885"
Last-Modified: Sat, 03 Dec 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12138
Expires: Mon, 05 Dec 2022 07:25:28 GMT
Date: Mon, 05 Dec 2022 04:03:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 921edf4719d00fc9e787f0163dad9917
d174b6498bf23f64df69f917124059bec7a46b3e
ca7f94b946a5920f873661c61d48722c96c0e453363551045b3f788f35c9c885
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA7F94B946A5920F873661C61D48722C96C0E453363551045B3F788F35C9C885"
Last-Modified: Sat, 03 Dec 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12138
Expires: Mon, 05 Dec 2022 07:25:28 GMT
Date: Mon, 05 Dec 2022 04:03:10 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg
45.133.44.9200 OK 19 kB URL HTTP/2 cdn.cloudimagesb.com/si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash e3f84420ce3bd43532e3ddb8b22a465e
3d7ad384f893e1dbcd8d3bfb260bfc8c4848138a
428d48c9b4e20910da3a15d23ca23eee970be4c013a4cbf5f66355537a8ddd10
GET /si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:10 GMT
content-type: image/jpeg
content-length: 18886
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:15:36 GMT
etag: "621ba3a8-49c6"
expires: Wed, 07 Dec 2022 04:03:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.141.24200 OK 49 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.141.24:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash ceb859e7e7e591d502dbc4c08290a279
5da5cc81d55a52ec0e693bf65bb4b87748fe17f9
990efe99a614f993844acfa77cbe810d4ea240ad22d2f12f2beafd84b7059658
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:09 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 79ad5aa58d6526937e2986213f255bc0
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 05 Dec 2022 04:03:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kBBQ7s9fZnfq%2BQvD%2BJ7TUTBgMMEoBzhw9zjZVAGYEQiOSTeRs05fvCwxyTk0J8tS%2Bl8U9V%2FS02zv%2BKpmd7odCiAm5j9VNQ6KJlTb9M9IpGRb6fhWHofqECn9RU4Egn%2FHOXYbhi8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3f0eaff71b6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
habithate.com/sbar.json?key=b6f348d0b4462aa756806e72ed310dfc&uuid=78856ac7-c11a-4d58-86c2-646125bf5901%3A1%3A1
192.243.59.12200 OK 4.0 kB URL HTTP/1.1 habithate.com/sbar.json?key=b6f348d0b4462aa756806e72ed310dfc&uuid=78856ac7-c11a-4d58-86c2-646125bf5901%3A1%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5796), with no line terminators
Hash 398ded78efe0f1687d5727b36d3eafaa
a2aab0d10af5d40a5ba5546342113bb6de589e86
16e831eb5208192b995033c152f854f9706ffef638a5431322f43db38041b5cb
GET /sbar.json?key=b6f348d0b4462aa756806e72ed310dfc&uuid=78856ac7-c11a-4d58-86c2-646125bf5901%3A1%3A1 HTTP/1.1
Host: habithate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://cnews6.com
Access-Control-Allow-Origin: https://cnews6.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17856962; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; expires=Mon, 12 Dec 2022 04:03:10 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
uncs=1; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
slecb6f348d0b4462aa756806e72ed310dfc=[3760946]; expires=Mon, 05 Dec 2022 04:03:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1ab5f635f18269b432a17d15c0b0b23c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg
45.133.44.9200 OK 25 kB URL HTTP/2 cdn.cloudimagesb.com/si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash f1a49a7d784361bbce9f7ed99c6fc6ec
bb1a5732dc954a89c85089d16d71a00ade1fe682
deb5daa6fcbf7a78b9361e5ac56f09b27986953f03977adbaf32d04a93996bdd
GET /si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:10 GMT
content-type: image/jpeg
content-length: 25012
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:14:05 GMT
etag: "621ba34d-61b4"
expires: Wed, 07 Dec 2022 04:03:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/75/c9/28/75c92834ede96f2f4d3581e4d43e6e4f/1645978427.jpg
45.133.44.9200 OK 22 kB URL HTTP/2 cdn.cloudimagesb.com/si/75/c9/28/75c92834ede96f2f4d3581e4d43e6e4f/1645978427.jpg
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Hash 796d425c7dcd3be5c1cdc6cdd56c1dab
e8cc1589c53cccdd638d3a732fef9e97aa4a45bc
f73ea8486409b59615869827f5c1b1f322ee1374d506e7789019bb4967348437
GET /si/75/c9/28/75c92834ede96f2f4d3581e4d43e6e4f/1645978427.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:10 GMT
content-type: image/jpeg
content-length: 22212
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:14:00 GMT
etag: "621ba348-56c4"
expires: Wed, 07 Dec 2022 04:03:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTiYgelHJJSfHm4LMds%2F0ZHYMGIz5YTDurpvI3oTqqurZcqur2qru6dkRZDEiuQhz8KCeet%2FsZv0RluQPEGTWS1wQMhfZgwvinyDkLD0ZGP2gvx%2F9vsN776svd%2FNT4iOnJ2vvm6FUii61G379tQ2puSlcfeVOPfAb%2FqX6htQXw0v1QZVs%2F83Abzf81%2Bs3BNsyS00%2F8P3AD%2BrXpRWxGSzNUMj0QTdodP1G2GwE7RAD%2B%2F%2FZ5R4c9cD7p%2BRlSD49t%2Fn4ESSbQCcPrwq3lZn0jWtJrmhmLPr84EO9pU2hkSza2HqI9cF8G8ZNCfnmDIw%2BmCuA6e9VChDJKfH%2BCBDpgzlNRP39Z0wjBaER8RdQ9CcQagJJJ2DmLiR%2FQgDGsbIKndxfMbag289QWqFTUnv6D2QxJbU%2Fz0Mnh1eUHNRvG5Vn0miHQVxCDiaQvQnS%2FAjZ0IMsjsCyzyH572Tp6S3oZG%2FVKQPJy5l6KSeQ8QRKjECdh7z6pIc89pCnHhJ%2BUqftbuz7nTiKW63lkDHWajHWXr7I27wVLsc%2BclbRGyFLR2BqBGZ3kNodbMkRbP4L3GYJxz24bEq8D3bQ5yUKQVA4goISFJKgyAiKfrnPlWu68j5XLo%2BCeW3Oa6scm6y3S%2FdN1hOa7Kan5KXKF%2B%2FF3g62xEm95XPWiaJmsxtSRsUyoxfDThj4bRb57TCM4WQJ6c7MpA7llLzy6kOkckrO%2FX0NET2CU0dg8ixoHoAW407TB90ch8s%2BhvpQi8I1O0OjRYOZBNyUSLMasm1vV52SC7MLBd9fhmDHl78Y%2FnXj8PynYLZEakt8LH8l6Kl743VTkL11UzjyaDXNZCKHtLre7Yxm4uyP74ntwlh%2B86ob%2FfA2q4CqfXBHuOwW1VzqniM%2FXZGcC3vdWCbIzzfdhojWcrd5Jbc6T2%2BtvXP9ZpJa4Zw0egIqn3y0Dyan5LlPfpu9ywtDBWknsHmJJD8m84A0R2DpDly6YO8MgVWLnSg9iyIvx7YZLX4qSaDEYqZRCfefOVr0u%2B4eerYGmt2FTkr0bYm%2BKkHVCC5%2Ffpyl9vjy42%2Br%2BA6Rqo0jZWt7kbLq68ra9Sq9NTO5Su%2FCyZO6aMd%2BLPymiOJuFHeoz7tx2I1oNxCdqE0DZG7Kvko%2B%2BxcAAP%2F%2FAQAA%2F%2F9i3WxrfgQAAA%3D%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTiYgelHJJSfHm4LMds%2F0ZHYMGIz5YTDurpvI3oTqqurZcqur2qru6dkRZDEiuQhz8KCeet%2FsZv0RluQPEGTWS1wQMhfZgwvinyDkLD0ZGP2gvx%2F9vsN776svd%2FNT4iOnJ2vvm6FUii61G379tQ2puSlcfeVOPfAb%2FqX6htQXw0v1QZVs%2F83Abzf81%2Bs3BNsyS00%2F8P3AD%2BrXpRWxGSzNUMj0QTdodP1G2GwE7RAD%2B%2F%2FZ5R4c9cD7p%2BRlSD49t%2Fn4ESSbQCcPrwq3lZn0jWtJrmhmLPr84EO9pU2hkSza2HqI9cF8G8ZNCfnmDIw%2BmCuA6e9VChDJKfH%2BCBDpgzlNRP39Z0wjBaER8RdQ9CcQagJJJ2DmLiR%2FQgDGsbIKndxfMbag289QWqFTUnv6D2QxJbU%2Fz0Mnh1eUHNRvG5Vn0miHQVxCDiaQvQnS%2FAjZ0IMsjsCyzyH572Tp6S3oZG%2FVKQPJy5l6KSeQ8QRKjECdh7z6pIc89pCnHhJ%2BUqftbuz7nTiKW63lkDHWajHWXr7I27wVLsc%2BclbRGyFLR2BqBGZ3kNodbMkRbP4L3GYJxz24bEq8D3bQ5yUKQVA4goISFJKgyAiKfrnPlWu68j5XLo%2BCeW3Oa6scm6y3S%2FdN1hOa7Kan5KXKF%2B%2FF3g62xEm95XPWiaJmsxtSRsUyoxfDThj4bRb57TCM4WQJ6c7MpA7llLzy6kOkckrO%2FX0NET2CU0dg8ixoHoAW407TB90ch8s%2BhvpQi8I1O0OjRYOZBNyUSLMasm1vV52SC7MLBd9fhmDHl78Y%2FnXj8PynYLZEakt8LH8l6Kl743VTkL11UzjyaDXNZCKHtLre7Yxm4uyP74ntwlh%2B86ob%2FfA2q4CqfXBHuOwW1VzqniM%2FXZGcC3vdWCbIzzfdhojWcrd5Jbc6T2%2BtvXP9ZpJa4Zw0egIqn3y0Dyan5LlPfpu9ywtDBWknsHmJJD8m84A0R2DpDly6YO8MgVWLnSg9iyIvx7YZLX4qSaDEYqZRCfefOVr0u%2B4eerYGmt2FTkr0bYm%2BKkHVCC5%2Ffpyl9vjy42%2Br%2BA6Rqo0jZWt7kbLq68ra9Sq9NTO5Su%2FCyZO6aMd%2BLPymiOJuFHeoz7tx2I1oNxCdqE0DZG7Kvko%2B%2BxcAAP%2F%2FAQAA%2F%2F9i3WxrfgQAAA%3D%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTiYgelHJJSfHm4LMds%2F0ZHYMGIz5YTDurpvI3oTqqurZcqur2qru6dkRZDEiuQhz8KCeet%2FsZv0RluQPEGTWS1wQMhfZgwvinyDkLD0ZGP2gvx%2F9vsN776svd%2FNT4iOnJ2vvm6FUii61G379tQ2puSlcfeVOPfAb%2FqX6htQXw0v1QZVs%2F83Abzf81%2Bs3BNsyS00%2F8P3AD%2BrXpRWxGSzNUMj0QTdodP1G2GwE7RAD%2B%2F%2FZ5R4c9cD7p%2BRlSD49t%2Fn4ESSbQCcPrwq3lZn0jWtJrmhmLPr84EO9pU2hkSza2HqI9cF8G8ZNCfnmDIw%2BmCuA6e9VChDJKfH%2BCBDpgzlNRP39Z0wjBaER8RdQ9CcQagJJJ2DmLiR%2FQgDGsbIKndxfMbag289QWqFTUnv6D2QxJbU%2Fz0Mnh1eUHNRvG5Vn0miHQVxCDiaQvQnS%2FAjZ0IMsjsCyzyH572Tp6S3oZG%2FVKQPJy5l6KSeQ8QRKjECdh7z6pIc89pCnHhJ%2BUqftbuz7nTiKW63lkDHWajHWXr7I27wVLsc%2BclbRGyFLR2BqBGZ3kNodbMkRbP4L3GYJxz24bEq8D3bQ5yUKQVA4goISFJKgyAiKfrnPlWu68j5XLo%2BCeW3Oa6scm6y3S%2FdN1hOa7Kan5KXKF%2B%2FF3g62xEm95XPWiaJmsxtSRsUyoxfDThj4bRb57TCM4WQJ6c7MpA7llLzy6kOkckrO%2FX0NET2CU0dg8ixoHoAW407TB90ch8s%2BhvpQi8I1O0OjRYOZBNyUSLMasm1vV52SC7MLBd9fhmDHl78Y%2FnXj8PynYLZEakt8LH8l6Kl743VTkL11UzjyaDXNZCKHtLre7Yxm4uyP74ntwlh%2B86ob%2FfA2q4CqfXBHuOwW1VzqniM%2FXZGcC3vdWCbIzzfdhojWcrd5Jbc6T2%2BtvXP9ZpJa4Zw0egIqn3y0Dyan5LlPfpu9ywtDBWknsHmJJD8m84A0R2DpDly6YO8MgVWLnSg9iyIvx7YZLX4qSaDEYqZRCfefOVr0u%2B4eerYGmt2FTkr0bYm%2BKkHVCC5%2Ffpyl9vjy42%2Br%2BA6Rqo0jZWt7kbLq68ra9Sq9NTO5Su%2FCyZO6aMd%2BLPymiOJuFHeoz7tx2I1oNxCdqE0DZG7Kvko%2B%2BxcAAP%2F%2FAQAA%2F%2F9i3WxrfgQAAA%3D%3D HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17852288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec30dc7bb2294acae8ca6474105cb0544f=[3254354,3254334,3254335,3254344]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: affdc53714f0d4340a6b117c03c5706d
Strict-Transport-Security: max-age=0; includeSubdomains
errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3p0F0YvKXvbkeFOQSfdMTybjgsG4mzUYk5hdyU2orq6elFNd1VZ1T09GkOCK7EWYgwf11HmTbPyxhN0%2FQJCJlzUg7FwkBwPinyDsWXp2YPSD%2Fn70%2Bw7vva%2B%2BPMguiIuMnm%2B9rwdCSrrQrLnV13aECnVuqxt3qp5bc69Xd4Ra9K9X%2B2UyvTc9t1lzX6%2Fe4qyrF%2Bqu57qe61VXheGR7i9MUYjkQdurtd2aX695TR998%2F%2FZZg4sdRD2LsjLEOHkyu7jRxBsDBU%2FvMFtN9XJGzfjTNJUG%2FTC4w9VV%2BlcIZ63kXEQqePZNrSdEPLNJWh1PFMA3TssFSAQE%2BL84SFQxzOaCHpHz5gGElwhCF9A3huDyzEEHYPpuxDhEwKwEBubUPH9DW1yuvcMpSU6IZWn%2F0DkE1L58ypUfLIiRb96W8ssFVpZ9KMCoj%2BG6IyRZKdIBw5EfgqWfg4R%2Fk4Wnq5DxYebVmqIsJiqF2IMEY0h%2BRDUOsjKTzjIIgdZ4iAOz6u02Y5ctxUFUaOx5DPGGg3GmkuLYTNs%2BEuRi4yV9IZIkyGYHIKZfSRmH10xhMl%2Bgd0tYEMHNp0Q54N99MICOSfILUFOCXJBkKcEea84CqWt2%2BJ%2BKG0WeLNan9VGMdJp54Ae6bTDFTlILshLpS%2FOi519dPl5teGGrBUE9Xrbp4zyJUYX%2FZbvuU0WuE3fj2BFAWEvTaUOxIS88upDJGJCrvx9EwE9hZWnYOIyaOaB5qNW3QXdHflLLgbqRPHc1lsDrXiN6RihLpCkFaR7zoG8INemF%2FK%2BfwucnS1%2FMfjr1snVT8FMgcQU%2BFj8StCR90bbOieH2zq35NFmkopYDGh5vdspTfnlH9%2Fje7k24doNO%2FzhbVYCZfvgDrfpOlWhUB1LfloRYcjNqjaMk5%2FX7A4PtjK7u5IZlSXrW%2B%2BsrsWJ4dYKrcag4slHR2BiQp775Lfpu7w26EKYMUxWIM7OyCwg9ClYsg%2BbzNlbTWDkfCdILiHPipGpB%2FOfUhBIPp9pUMD%2BZw7m%2FYG9h46pgKZ3oeICPVOgJwtQOYTNnh%2BliTlbfvxtGd8hkJVRIE3lMJBGfl1auz31t0zLZXoXVpxXeTNyI%2B7WeRC1g6hF3bAd%2Be2Atj3eCprUQ2on7Kv4s38BAAD%2F%2FwEAAP%2F%2FNRz5KH4EAAA%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3p0F0YvKXvbkeFOQSfdMTybjgsG4mzUYk5hdyU2orq6elFNd1VZ1T09GkOCK7EWYgwf11HmTbPyxhN0%2FQJCJlzUg7FwkBwPinyDsWXp2YPSD%2Fn70%2Bw7vva%2B%2BPMguiIuMnm%2B9rwdCSrrQrLnV13aECnVuqxt3qp5bc69Xd4Ra9K9X%2B2UyvTc9t1lzX6%2Fe4qyrF%2Bqu57qe61VXheGR7i9MUYjkQdurtd2aX695TR998%2F%2FZZg4sdRD2LsjLEOHkyu7jRxBsDBU%2FvMFtN9XJGzfjTNJUG%2FTC4w9VV%2BlcIZ63kXEQqePZNrSdEPLNJWh1PFMA3TssFSAQE%2BL84SFQxzOaCHpHz5gGElwhCF9A3huDyzEEHYPpuxDhEwKwEBubUPH9DW1yuvcMpSU6IZWn%2F0DkE1L58ypUfLIiRb96W8ssFVpZ9KMCoj%2BG6IyRZKdIBw5EfgqWfg4R%2Fk4Wnq5DxYebVmqIsJiqF2IMEY0h%2BRDUOsjKTzjIIgdZ4iAOz6u02Y5ctxUFUaOx5DPGGg3GmkuLYTNs%2BEuRi4yV9IZIkyGYHIKZfSRmH10xhMl%2Bgd0tYEMHNp0Q54N99MICOSfILUFOCXJBkKcEea84CqWt2%2BJ%2BKG0WeLNan9VGMdJp54Ae6bTDFTlILshLpS%2FOi519dPl5teGGrBUE9Xrbp4zyJUYX%2FZbvuU0WuE3fj2BFAWEvTaUOxIS88upDJGJCrvx9EwE9hZWnYOIyaOaB5qNW3QXdHflLLgbqRPHc1lsDrXiN6RihLpCkFaR7zoG8INemF%2FK%2BfwucnS1%2FMfjr1snVT8FMgcQU%2BFj8StCR90bbOieH2zq35NFmkopYDGh5vdspTfnlH9%2Fje7k24doNO%2FzhbVYCZfvgDrfpOlWhUB1LfloRYcjNqjaMk5%2FX7A4PtjK7u5IZlSXrW%2B%2BsrsWJ4dYKrcag4slHR2BiQp775Lfpu7w26EKYMUxWIM7OyCwg9ClYsg%2BbzNlbTWDkfCdILiHPipGpB%2FOfUhBIPp9pUMD%2BZw7m%2FYG9h46pgKZ3oeICPVOgJwtQOYTNnh%2BliTlbfvxtGd8hkJVRIE3lMJBGfl1auz31t0zLZXoXVpxXeTNyI%2B7WeRC1g6hF3bAd%2Be2Atj3eCprUQ2on7Kv4s38BAAD%2F%2FwEAAP%2F%2FNRz5KH4EAAA%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3p0F0YvKXvbkeFOQSfdMTybjgsG4mzUYk5hdyU2orq6elFNd1VZ1T09GkOCK7EWYgwf11HmTbPyxhN0%2FQJCJlzUg7FwkBwPinyDsWXp2YPSD%2Fn70%2Bw7vva%2B%2BPMguiIuMnm%2B9rwdCSrrQrLnV13aECnVuqxt3qp5bc69Xd4Ra9K9X%2B2UyvTc9t1lzX6%2Fe4qyrF%2Bqu57qe61VXheGR7i9MUYjkQdurtd2aX695TR998%2F%2FZZg4sdRD2LsjLEOHkyu7jRxBsDBU%2FvMFtN9XJGzfjTNJUG%2FTC4w9VV%2BlcIZ63kXEQqePZNrSdEPLNJWh1PFMA3TssFSAQE%2BL84SFQxzOaCHpHz5gGElwhCF9A3huDyzEEHYPpuxDhEwKwEBubUPH9DW1yuvcMpSU6IZWn%2F0DkE1L58ypUfLIiRb96W8ssFVpZ9KMCoj%2BG6IyRZKdIBw5EfgqWfg4R%2Fk4Wnq5DxYebVmqIsJiqF2IMEY0h%2BRDUOsjKTzjIIgdZ4iAOz6u02Y5ctxUFUaOx5DPGGg3GmkuLYTNs%2BEuRi4yV9IZIkyGYHIKZfSRmH10xhMl%2Bgd0tYEMHNp0Q54N99MICOSfILUFOCXJBkKcEea84CqWt2%2BJ%2BKG0WeLNan9VGMdJp54Ae6bTDFTlILshLpS%2FOi519dPl5teGGrBUE9Xrbp4zyJUYX%2FZbvuU0WuE3fj2BFAWEvTaUOxIS88upDJGJCrvx9EwE9hZWnYOIyaOaB5qNW3QXdHflLLgbqRPHc1lsDrXiN6RihLpCkFaR7zoG8INemF%2FK%2BfwucnS1%2FMfjr1snVT8FMgcQU%2BFj8StCR90bbOieH2zq35NFmkopYDGh5vdspTfnlH9%2Fje7k24doNO%2FzhbVYCZfvgDrfpOlWhUB1LfloRYcjNqjaMk5%2FX7A4PtjK7u5IZlSXrW%2B%2BsrsWJ4dYKrcag4slHR2BiQp775Lfpu7w26EKYMUxWIM7OyCwg9ClYsg%2BbzNlbTWDkfCdILiHPipGpB%2FOfUhBIPp9pUMD%2BZw7m%2FYG9h46pgKZ3oeICPVOgJwtQOYTNnh%2BliTlbfvxtGd8hkJVRIE3lMJBGfl1auz31t0zLZXoXVpxXeTNyI%2B7WeRC1g6hF3bAd%2Be2Atj3eCprUQ2on7Kv4s38BAAD%2F%2FwEAAP%2F%2FNRz5KH4EAAA%3D HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17852288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec30dc7bb2294acae8ca6474105cb0544f=[3254354,3254334,3254335,3254344]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2523433907aaf0a65de4fd29682a3115
Strict-Transport-Security: max-age=0; includeSubdomains
errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTiYgelHJJSfHm4LMds%2F0ZHYMGIz5YXDdXTeRvQnVVdWz5VZXtVXd07MjyGJEchHm4EE99b7ZzfojLMkfIMisl7AQyFxkDy6If4KQs%2FTuwOgH%2Ff3o9x3ee199vZOfEB85PV790AylUnSh3fDrb6xLzU3h6st364Hf8K%2FU16W%2BHF6pD6pk%2B28Hfrvhv1m%2FJdimWWj6ge8HflC%2FKa2IzWDhFIVMH3aDRtdvhM1G0A4xsP%2BfXe7BUQ%2B8f0JeheTTCxtPHkOyCXTy6Lpwm5lJ37qR5IpmxqLP9z%2FWm9oUGsm8ja2HWO%2FPtmHclJDvzsHo%2FZkCmP5upQCRnBLvjwCR3p%2FRRNTfO2MaKQiNiL%2BEoj%2BBUBNIOgEz9yD5MwIwjuUV6OTBsrEF3TpDaYVOSe35P5DFlNT%2BvAidHFxTclC%2FY1SeSaMdBnEJOZhA9iZI80NkQw%2ByOATLvoTkT8nC8yXoZHfFKQPJy1P1Uk4g4wmUGIE6D3n1SQ957CFPPST8uE7b3dj3O3EUt1qLIWOs1WKsvXiZt3krXIx95KyiN0KWjsDUCMxuI7Xb2JQj2Pw3uI0Sjntw2ZR4H22jz0sUgqBwBAUlKCRBkREU%2FXKPK9d05QOuXB4Fs9qc1VY5Nllvh%2B6ZrCc02UlPyCuVL97LvW1siuN6y%2BesE0XNZjekjIpFRi%2BHnTDw2yzy22EYw8kS0p07lTqUU%2FLa64%2BQyim58PcNRPQQTh2CyfOgeQBajDtNH3RjHC76GOoDLQrX7AyNFg1mEnBTIs1qyLa8HXVCLp1eKPjxfQh2dPWr4V%2B3Di5%2BDmZLpLbEp%2FJ3gp66P14zBdldM4Ujj1fSTCZySKvr3cloJs7%2F%2FIHYKozlt6%2B70U%2Fvsgqo2od3hcuWqOZS9xz55ZrkXNibxjJBfr3t1kW0mruNa7nVebq0%2Bt7N20lqhXPS6AmofPbJHpickhc%2Be3r6Li8Nc0g7gc1LJPkRmQWkOQRLt%2BHSOXtnCKya70RpDUVejm0zmv9UkkCJ%2BUyjEu4%2FczTvd9x99GwNNLsHnZTo2xJ9VYKqEVz%2B4jhL7dHVJ99X8QMiVRtHytZ2I2XVt5W1a1V6p0pXz5x28rgu2rEfC78porgbxR3q824cdiPaDUQnatMAmZuyb5Iv%2FgUAAP%2F%2FAQAA%2F%2F%2BYL8S1fgQAAA%3D%3D
192.243.59.13200 OK 7 B URL HTTP/1.1 errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTiYgelHJJSfHm4LMds%2F0ZHYMGIz5YXDdXTeRvQnVVdWz5VZXtVXd07MjyGJEchHm4EE99b7ZzfojLMkfIMisl7AQyFxkDy6If4KQs%2FTuwOgH%2Ff3o9x3ee199vZOfEB85PV790AylUnSh3fDrb6xLzU3h6st364Hf8K%2FU16W%2BHF6pD6pk%2B28Hfrvhv1m%2FJdimWWj6ge8HflC%2FKa2IzWDhFIVMH3aDRtdvhM1G0A4xsP%2BfXe7BUQ%2B8f0JeheTTCxtPHkOyCXTy6Lpwm5lJ37qR5IpmxqLP9z%2FWm9oUGsm8ja2HWO%2FPtmHclJDvzsHo%2FZkCmP5upQCRnBLvjwCR3p%2FRRNTfO2MaKQiNiL%2BEoj%2BBUBNIOgEz9yD5MwIwjuUV6OTBsrEF3TpDaYVOSe35P5DFlNT%2BvAidHFxTclC%2FY1SeSaMdBnEJOZhA9iZI80NkQw%2ByOATLvoTkT8nC8yXoZHfFKQPJy1P1Uk4g4wmUGIE6D3n1SQ957CFPPST8uE7b3dj3O3EUt1qLIWOs1WKsvXiZt3krXIx95KyiN0KWjsDUCMxuI7Xb2JQj2Pw3uI0Sjntw2ZR4H22jz0sUgqBwBAUlKCRBkREU%2FXKPK9d05QOuXB4Fs9qc1VY5Nllvh%2B6ZrCc02UlPyCuVL97LvW1siuN6y%2BesE0XNZjekjIpFRi%2BHnTDw2yzy22EYw8kS0p07lTqUU%2FLa64%2BQyim58PcNRPQQTh2CyfOgeQBajDtNH3RjHC76GOoDLQrX7AyNFg1mEnBTIs1qyLa8HXVCLp1eKPjxfQh2dPWr4V%2B3Di5%2BDmZLpLbEp%2FJ3gp66P14zBdldM4Ujj1fSTCZySKvr3cloJs7%2F%2FIHYKozlt6%2B70U%2Fvsgqo2od3hcuWqOZS9xz55ZrkXNibxjJBfr3t1kW0mruNa7nVebq0%2Bt7N20lqhXPS6AmofPbJHpickhc%2Be3r6Li8Nc0g7gc1LJPkRmQWkOQRLt%2BHSOXtnCKya70RpDUVejm0zmv9UkkCJ%2BUyjEu4%2FczTvd9x99GwNNLsHnZTo2xJ9VYKqEVz%2B4jhL7dHVJ99X8QMiVRtHytZ2I2XVt5W1a1V6p0pXz5x28rgu2rEfC78porgbxR3q824cdiPaDUQnatMAmZuyb5Iv%2FgUAAP%2F%2FAQAA%2F%2F%2BYL8S1fgQAAA%3D%3D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTiYgelHJJSfHm4LMds%2F0ZHYMGIz5YXDdXTeRvQnVVdWz5VZXtVXd07MjyGJEchHm4EE99b7ZzfojLMkfIMisl7AQyFxkDy6If4KQs%2FTuwOgH%2Ff3o9x3ee199vZOfEB85PV790AylUnSh3fDrb6xLzU3h6st364Hf8K%2FU16W%2BHF6pD6pk%2B28Hfrvhv1m%2FJdimWWj6ge8HflC%2FKa2IzWDhFIVMH3aDRtdvhM1G0A4xsP%2BfXe7BUQ%2B8f0JeheTTCxtPHkOyCXTy6Lpwm5lJ37qR5IpmxqLP9z%2FWm9oUGsm8ja2HWO%2FPtmHclJDvzsHo%2FZkCmP5upQCRnBLvjwCR3p%2FRRNTfO2MaKQiNiL%2BEoj%2BBUBNIOgEz9yD5MwIwjuUV6OTBsrEF3TpDaYVOSe35P5DFlNT%2BvAidHFxTclC%2FY1SeSaMdBnEJOZhA9iZI80NkQw%2ByOATLvoTkT8nC8yXoZHfFKQPJy1P1Uk4g4wmUGIE6D3n1SQ957CFPPST8uE7b3dj3O3EUt1qLIWOs1WKsvXiZt3krXIx95KyiN0KWjsDUCMxuI7Xb2JQj2Pw3uI0Sjntw2ZR4H22jz0sUgqBwBAUlKCRBkREU%2FXKPK9d05QOuXB4Fs9qc1VY5Nllvh%2B6ZrCc02UlPyCuVL97LvW1siuN6y%2BesE0XNZjekjIpFRi%2BHnTDw2yzy22EYw8kS0p07lTqUU%2FLa64%2BQyim58PcNRPQQTh2CyfOgeQBajDtNH3RjHC76GOoDLQrX7AyNFg1mEnBTIs1qyLa8HXVCLp1eKPjxfQh2dPWr4V%2B3Di5%2BDmZLpLbEp%2FJ3gp66P14zBdldM4Ujj1fSTCZySKvr3cloJs7%2F%2FIHYKozlt6%2B70U%2Fvsgqo2od3hcuWqOZS9xz55ZrkXNibxjJBfr3t1kW0mruNa7nVebq0%2Bt7N20lqhXPS6AmofPbJHpickhc%2Be3r6Li8Nc0g7gc1LJPkRmQWkOQRLt%2BHSOXtnCKya70RpDUVejm0zmv9UkkCJ%2BUyjEu4%2FczTvd9x99GwNNLsHnZTo2xJ9VYKqEVz%2B4jhL7dHVJ99X8QMiVRtHytZ2I2XVt5W1a1V6p0pXz5x28rgu2rEfC78porgbxR3q824cdiPaDUQnatMAmZuyb5Iv%2FgUAAP%2F%2FAQAA%2F%2F%2BYL8S1fgQAAA%3D%3D HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17852288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec30dc7bb2294acae8ca6474105cb0544f=[3254354,3254334,3254335,3254344]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3b93c9b2001704784154132aea34801d
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 91cf1caf5d662df9de8d658cac5b6513
5fc2a66b8681bb1e2ae29aa106a4f101ad31d4ca
5f51b547c0c938514c9ff19953f33c5d88091906b603564f632431d375bfd20e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F51B547C0C938514C9FF19953F33C5D88091906B603564F632431D375BFD20E"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8802
Expires: Mon, 05 Dec 2022 06:29:52 GMT
Date: Mon, 05 Dec 2022 04:03:10 GMT
Connection: keep-alive
habithate.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTjaX3%2B%2Bi4sWDOqKHBNzZ7p7u%2BTCHYEwiwXyRRHLxUl1VPVvZ6q6mqnt6dg5hMSA5KI548dj7zG4WNYTkrii9uciCkPEgi7oI%2FgOCGPAmMzuw%2BELV%2B771vIf3eZ76aLM4IC4Kun%2Ftsh5JpehK2HQbJ2%2FJlOvSNq7cbHhu0z3duCXTdnC6MZxdZvCW54ZN91TjXcHW9Irveq7ruV7jgjQi1sOVOQqZPeh5zZ7bDPymFwYYmv%2F2tnBgqQM%2BOCAvQPLpidUfHkOyGmny6Jywa7nO3jyfFIrm2mDAd95P11JdpkiOytg4iNOdxTS0nRLyxTHodGfBAHqwNWOASE6J87OHKN1ZrIlosH24aaQgUkT8%2FygHNYSqIWkNpu9C8qcEYBxXriJN7l%2FRpqTrhyidoVOy9OwvyHJKln57EWny8KySw8YNrYpc6tRiGFeQwxqyXyMrdpGPHMhyFyz%2FEJL%2FSFaeXUKabF21SkPy%2FTc63W7YpqyzzDyPLgc87C5328xfbgdtzw%2BjOOy53lwiKWvIuIYSY1DroJgd6aCIHRSZg4TvN2jYi123E0dxq9UNGGOtFmNht81D3gq6sYuCzTiMkWdjMDUGMxvIzAbW5Bim%2BB52tYLlDmxOMOAVSkFQWoKSEpSSoMwJykG1zZX1bXWfK1tE3iL7i9yqJjrvb9JtnfdFSjazA%2FL8TDjnufUaa2K%2FEbXjVtDlbhQEbZ%2FSTtjuum3R8QVveS6PGaysIO2xOc2RnJJXX3uETE7JiT%2FOI6K7sGoXTB4HLV4GLScd3wVdnQRdF6P0YSpK63dGOhVNphNwXSHLl5CvO5vqgLw0t7DHfAi2d%2Bb3b27f%2BeeX18FMhcxUuC2fEPTVvcl1XZKt67q05PHVLJeJHNGZvTdymoulr94T66U2%2FOI5O%2F7ybTYDZuWDm8Lml2jKZdq35OuzknNhLmjDBPn2or0lomuFXT1bmLTILl1758LFJDPCWqnTGlQ%2B7XwOJqfkf5c35h%2F3lY%2BfQJoapqiQFHtkEZB6FyzbgM32zvx68u%2F60w9OwWoCo45mosxBWVQT40dHj0oSKHHU06iCFUcSRGLvuz8PsU17D33jgOZ3kSYVBqbCQFWgagxbHJ%2Fkmdk781NrHoiUM4mUcbYiZdRnh9Jaud8QYezGwvVFFPeiuENd3ouDXkR7nuhEIfWQ2yn7JLnzLwAAAP%2F%2FAQAA%2F%2F%2FloVB0kAQAAA%3D%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 habithate.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTjaX3%2B%2Bi4sWDOqKHBNzZ7p7u%2BTCHYEwiwXyRRHLxUl1VPVvZ6q6mqnt6dg5hMSA5KI548dj7zG4WNYTkrii9uciCkPEgi7oI%2FgOCGPAmMzuw%2BELV%2B771vIf3eZ76aLM4IC4Kun%2Ftsh5JpehK2HQbJ2%2FJlOvSNq7cbHhu0z3duCXTdnC6MZxdZvCW54ZN91TjXcHW9Irveq7ruV7jgjQi1sOVOQqZPeh5zZ7bDPymFwYYmv%2F2tnBgqQM%2BOCAvQPLpidUfHkOyGmny6Jywa7nO3jyfFIrm2mDAd95P11JdpkiOytg4iNOdxTS0nRLyxTHodGfBAHqwNWOASE6J87OHKN1ZrIlosH24aaQgUkT8%2FygHNYSqIWkNpu9C8qcEYBxXriJN7l%2FRpqTrhyidoVOy9OwvyHJKln57EWny8KySw8YNrYpc6tRiGFeQwxqyXyMrdpGPHMhyFyz%2FEJL%2FSFaeXUKabF21SkPy%2FTc63W7YpqyzzDyPLgc87C5328xfbgdtzw%2BjOOy53lwiKWvIuIYSY1DroJgd6aCIHRSZg4TvN2jYi123E0dxq9UNGGOtFmNht81D3gq6sYuCzTiMkWdjMDUGMxvIzAbW5Bim%2BB52tYLlDmxOMOAVSkFQWoKSEpSSoMwJykG1zZX1bXWfK1tE3iL7i9yqJjrvb9JtnfdFSjazA%2FL8TDjnufUaa2K%2FEbXjVtDlbhQEbZ%2FSTtjuum3R8QVveS6PGaysIO2xOc2RnJJXX3uETE7JiT%2FOI6K7sGoXTB4HLV4GLScd3wVdnQRdF6P0YSpK63dGOhVNphNwXSHLl5CvO5vqgLw0t7DHfAi2d%2Bb3b27f%2BeeX18FMhcxUuC2fEPTVvcl1XZKt67q05PHVLJeJHNGZvTdymoulr94T66U2%2FOI5O%2F7ybTYDZuWDm8Lml2jKZdq35OuzknNhLmjDBPn2or0lomuFXT1bmLTILl1758LFJDPCWqnTGlQ%2B7XwOJqfkf5c35h%2F3lY%2BfQJoapqiQFHtkEZB6FyzbgM32zvx68u%2F60w9OwWoCo45mosxBWVQT40dHj0oSKHHU06iCFUcSRGLvuz8PsU17D33jgOZ3kSYVBqbCQFWgagxbHJ%2Fkmdk781NrHoiUM4mUcbYiZdRnh9Jaud8QYezGwvVFFPeiuENd3ouDXkR7nuhEIfWQ2yn7JLnzLwAAAP%2F%2FAQAA%2F%2F%2FloVB0kAQAAA%3D%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTjaX3%2B%2Bi4sWDOqKHBNzZ7p7u%2BTCHYEwiwXyRRHLxUl1VPVvZ6q6mqnt6dg5hMSA5KI548dj7zG4WNYTkrii9uciCkPEgi7oI%2FgOCGPAmMzuw%2BELV%2B771vIf3eZ76aLM4IC4Kun%2Ftsh5JpehK2HQbJ2%2FJlOvSNq7cbHhu0z3duCXTdnC6MZxdZvCW54ZN91TjXcHW9Irveq7ruV7jgjQi1sOVOQqZPeh5zZ7bDPymFwYYmv%2F2tnBgqQM%2BOCAvQPLpidUfHkOyGmny6Jywa7nO3jyfFIrm2mDAd95P11JdpkiOytg4iNOdxTS0nRLyxTHodGfBAHqwNWOASE6J87OHKN1ZrIlosH24aaQgUkT8%2FygHNYSqIWkNpu9C8qcEYBxXriJN7l%2FRpqTrhyidoVOy9OwvyHJKln57EWny8KySw8YNrYpc6tRiGFeQwxqyXyMrdpGPHMhyFyz%2FEJL%2FSFaeXUKabF21SkPy%2FTc63W7YpqyzzDyPLgc87C5328xfbgdtzw%2BjOOy53lwiKWvIuIYSY1DroJgd6aCIHRSZg4TvN2jYi123E0dxq9UNGGOtFmNht81D3gq6sYuCzTiMkWdjMDUGMxvIzAbW5Bim%2BB52tYLlDmxOMOAVSkFQWoKSEpSSoMwJykG1zZX1bXWfK1tE3iL7i9yqJjrvb9JtnfdFSjazA%2FL8TDjnufUaa2K%2FEbXjVtDlbhQEbZ%2FSTtjuum3R8QVveS6PGaysIO2xOc2RnJJXX3uETE7JiT%2FOI6K7sGoXTB4HLV4GLScd3wVdnQRdF6P0YSpK63dGOhVNphNwXSHLl5CvO5vqgLw0t7DHfAi2d%2Bb3b27f%2BeeX18FMhcxUuC2fEPTVvcl1XZKt67q05PHVLJeJHNGZvTdymoulr94T66U2%2FOI5O%2F7ybTYDZuWDm8Lml2jKZdq35OuzknNhLmjDBPn2or0lomuFXT1bmLTILl1758LFJDPCWqnTGlQ%2B7XwOJqfkf5c35h%2F3lY%2BfQJoapqiQFHtkEZB6FyzbgM32zvx68u%2F60w9OwWoCo45mosxBWVQT40dHj0oSKHHU06iCFUcSRGLvuz8PsU17D33jgOZ3kSYVBqbCQFWgagxbHJ%2Fkmdk781NrHoiUM4mUcbYiZdRnh9Jaud8QYezGwvVFFPeiuENd3ouDXkR7nuhEIfWQ2yn7JLnzLwAAAP%2F%2FAQAA%2F%2F%2FloVB0kAQAAA%3D%3D HTTP/1.1
Host: habithate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17856962; uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecb6f348d0b4462aa756806e72ed310dfc=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8d625ec74989b5431f940764269b8c8d
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8017f571df5727fe6f3e8c58e931076b
e09e55a3c306f2cb715e4ce1e2f0738ddf202c93
6478758dd37e708534996b23f8189e79637690d22edff70d5183a19ec66854db
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6478758DD37E708534996B23F8189E79637690D22EDFF70D5183A19EC66854DB"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6200
Expires: Mon, 05 Dec 2022 05:46:31 GMT
Date: Mon, 05 Dec 2022 04:03:11 GMT
Connection: keep-alive
habithate.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=110
192.243.59.12200 OK 0 B URL HTTP/1.1 habithate.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=110
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=110 HTTP/1.1
Host: habithate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17856962; uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecb6f348d0b4462aa756806e72ed310dfc=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 04:03:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png
172.64.109.13200 OK 9.4 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png
IP 172.64.109.13:0
File type PNG image data, 240 x 240, 8-bit colormap, non-interlaced\012- data
Hash 910542c04f8bf2f90ee33d17d538a006
18d5943e5d51539038f7988c34bccef2937c5545
5969cb3c5c4f573f5c05035ddf9748ee17d5c71df6fca4e484f65d30e2694e57
GET /sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:11 GMT
content-type: image/png
content-length: 9360
last-modified: Wed, 01 Sep 2021 12:22:39 GMT
etag: "612f708f-2490"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1692515
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OCn7lJueeBpYaDXg4jvUt%2BhCC0STBYlBVSpCcnKQbF7PPdzihq2t0CLcuzdycEUeJu3DrG%2Fkt2HyzgVxUd4hbEnBStt6fwcK72Lg9fykDS6Qv5BJAMrvvdaiYn7zjdb3VzkoDNr31COv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3fa596071c8-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.106200 OK 1.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.106:0
Hash 0e8337e0b856b0d1a929b06e9f22f1b4
2515ca3c7f80267c02ae1e9d81503f4173e520b6
af0aeffac32f16897d9eb90740ab735e4517fc38be87362abd939f1b9dec1724
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Dec 2022 04:03:11 GMT
date: Mon, 05 Dec 2022 04:03:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8017f571df5727fe6f3e8c58e931076b
e09e55a3c306f2cb715e4ce1e2f0738ddf202c93
6478758dd37e708534996b23f8189e79637690d22edff70d5183a19ec66854db
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6478758DD37E708534996B23F8189E79637690D22EDFF70D5183A19EC66854DB"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6200
Expires: Mon, 05 Dec 2022 05:46:31 GMT
Date: Mon, 05 Dec 2022 04:03:11 GMT
Connection: keep-alive
habithate.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fanimate.css&l=79249&fd=352
192.243.59.12200 OK 0 B URL HTTP/1.1 habithate.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fanimate.css&l=79249&fd=352
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fanimate.css&l=79249&fd=352 HTTP/1.1
Host: habithate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17856962; uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecb6f348d0b4462aa756806e72ed310dfc=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css
172.64.109.13200 OK 1.3 kB URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css
IP 172.64.109.13:0
Hash b0b362d133eb4904706bb0622229b74f
22d89f78efb4c1cf967ac7e28821f4f39df8baf7
79b0f34463059aaa97b3b2f0f3319f64e893a595ce9e300d86fb031cc7fa28c0
GET /sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:11 GMT
content-type: text/css
last-modified: Wed, 01 Sep 2021 12:22:34 GMT
etag: W/"612f708a-11aa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pZK8yimm69hCu9GIev790QFI4%2B6q7k3OYF%2BDeHzsMCWABMSpmrjIIFaTblaDRslxQmZzS2o1tgirlThIVEGKjhzRz01DXiI4vrYWXEydSELHxnVVdPBWWNBlCgtzI%2Fxqek9zZSrK8W8o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3f9fcb97521-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
habithate.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fjs%2Fscript.js&l=23003&fd=375
192.243.59.12200 OK 0 B URL HTTP/1.1 habithate.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fjs%2Fscript.js&l=23003&fd=375
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fjs%2Fscript.js&l=23003&fd=375 HTTP/1.1
Host: habithate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17856962; uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecb6f348d0b4462aa756806e72ed310dfc=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
de.tynt.com/deb/v2?id=w!euf8d9kp70&dn=TC&cc=1&r=
67.202.105.32200 OK 4 B URL HTTP/2 de.tynt.com/deb/v2?id=w!euf8d9kp70&dn=TC&cc=1&r=
IP 67.202.105.32:0
File type ASCII text, with no line terminators
Hash 350fd6ef6446635f7a8f608434a405ec
a4b6c275ac2c80ec925b5c0c5c6abb79ba897356
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
GET /deb/v2?id=w!euf8d9kp70&dn=TC&cc=1&r= HTTP/1.1
Host: de.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
expires: Tue, 06 Dec 2022 04:03:11 GMT
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: application/javascript
content-length: 4
date: Mon, 05 Dec 2022 04:03:11 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site
67.202.105.32204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site
IP 67.202.105.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:11 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site
67.202.105.32204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site
IP 67.202.105.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:11 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
habithate.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTjaX77uoePGgjughAXe2u6d7psccgjGJBPOLJJKLl%2Bqq6t3KVnc1Vd3Tu3MIiwHJQXHEi8feZ3azqCEkd0XpzUUWhIwHWdRF8B8QxIA3mdmBxReq3vet5z28z%2FPUR5vlAXFR0v1rl%2FVQKkWXwrbbOnlLZlxXtnXlZstz2%2B7p1i2ZdYPTrbXpZQZveW7Ydk%2B13hVsVS%2F5rue6nuu1LkgjEr22NEMh8wd9r91324Hf9sIAa%2Ba%2FvS0dWOqADw7IC5B8cmLlh8eQrEGWPjon7Gqh8zfPp6WihTYY8J33s9VMVxnSozIxDpJsZz4NbSeEfHEMOtuZM4AebE0ZIJYT4vzsIc525msiHmwfbhoriAwx%2Fz%2BqQQOhGkjagOm7kPwpARjHlavI0vtXtKno%2BiFKp%2BiELDz7C7KakIXfXkSWPjyr5FrrhlZlIXVmsZbUkGsN5HKDvNxFMXQgq12w4kNI%2FiNZenYJWbp11SoNyfff6EVR2KWst8g8jy4GPIwWoy7zF7tB1%2FPDOAn7rjeTSMoGMmmgxAjUOiinRzooEwdl7iDl%2By0a9hPX7SVx0ulEAWOs02EsjLo85J0gSlyUbMphhCIfgakRmNlAbjawKkcw5fewKzUsd2ALggGvUQmCyhJUlKCSBFVBUA3qba6sb%2Bv7XNky9ubZn%2BdOPdbF8ibd1sWyyMhmfkCenwrnPLfeYFXst%2BJu0gki7sZB0PUp7YXdyO2Kni94x3N5wmBlDWmPzWgO5YS8%2Btoj5HJCTvxxHjHdhVW7YPI4aPkyaDXu%2BS7oyjiIXAyzh5morN8b6ky0mU7BdY28WECx7myqA%2FLSzMI%2B8yHY3pnfv7l9559fXgczNXJT47Z8QrCs7o2v64psXdeVJY%2Bv5oVM5ZBO7b1R0EIsfPWeWK%2B04RfP2dGXb7MpMC0f3BS2uEQzLrNlS74%2BKzkX5oI2TJBvL9pbIr5W2pWzpcnK%2FNK1dy5cTHMjrJU6a0Dl097nYHJC%2Fnd5Y%2FZxX%2Fn4CaRpYMoaablH5gGpd8HyDdh878yvJ%2F9uPv3gFKwmMOpoJs4dVGU9Nn589KgkgRJHPY1rWHEkQSz2vvvzENu097BsHNDiLrK0xsDUGKgaVI1gy%2BPjIjd7Z37qzAKxcsaxMs5WrIz67FBaK%2FdboReIKI56jPNYMO71%2FE7UcV2f86DXF14fhZ2wT9I7%2FwIAAP%2F%2FAQAA%2F%2F%2Fxqd6SkAQAAA%3D%3D
192.243.59.12200 OK 7 B URL HTTP/1.1 habithate.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTjaX77uoePGgjughAXe2u6d7psccgjGJBPOLJJKLl%2Bqq6t3KVnc1Vd3Tu3MIiwHJQXHEi8feZ3azqCEkd0XpzUUWhIwHWdRF8B8QxIA3mdmBxReq3vet5z28z%2FPUR5vlAXFR0v1rl%2FVQKkWXwrbbOnlLZlxXtnXlZstz2%2B7p1i2ZdYPTrbXpZQZveW7Ydk%2B13hVsVS%2F5rue6nuu1LkgjEr22NEMh8wd9r91324Hf9sIAa%2Ba%2FvS0dWOqADw7IC5B8cmLlh8eQrEGWPjon7Gqh8zfPp6WihTYY8J33s9VMVxnSozIxDpJsZz4NbSeEfHEMOtuZM4AebE0ZIJYT4vzsIc525msiHmwfbhoriAwx%2Fz%2BqQQOhGkjagOm7kPwpARjHlavI0vtXtKno%2BiFKp%2BiELDz7C7KakIXfXkSWPjyr5FrrhlZlIXVmsZbUkGsN5HKDvNxFMXQgq12w4kNI%2FiNZenYJWbp11SoNyfff6EVR2KWst8g8jy4GPIwWoy7zF7tB1%2FPDOAn7rjeTSMoGMmmgxAjUOiinRzooEwdl7iDl%2By0a9hPX7SVx0ulEAWOs02EsjLo85J0gSlyUbMphhCIfgakRmNlAbjawKkcw5fewKzUsd2ALggGvUQmCyhJUlKCSBFVBUA3qba6sb%2Bv7XNky9ubZn%2BdOPdbF8ibd1sWyyMhmfkCenwrnPLfeYFXst%2BJu0gki7sZB0PUp7YXdyO2Kni94x3N5wmBlDWmPzWgO5YS8%2Btoj5HJCTvxxHjHdhVW7YPI4aPkyaDXu%2BS7oyjiIXAyzh5morN8b6ky0mU7BdY28WECx7myqA%2FLSzMI%2B8yHY3pnfv7l9559fXgczNXJT47Z8QrCs7o2v64psXdeVJY%2Bv5oVM5ZBO7b1R0EIsfPWeWK%2B04RfP2dGXb7MpMC0f3BS2uEQzLrNlS74%2BKzkX5oI2TJBvL9pbIr5W2pWzpcnK%2FNK1dy5cTHMjrJU6a0Dl097nYHJC%2Fnd5Y%2FZxX%2Fn4CaRpYMoaablH5gGpd8HyDdh878yvJ%2F9uPv3gFKwmMOpoJs4dVGU9Nn589KgkgRJHPY1rWHEkQSz2vvvzENu097BsHNDiLrK0xsDUGKgaVI1gy%2BPjIjd7Z37qzAKxcsaxMs5WrIz67FBaK%2FdboReIKI56jPNYMO71%2FE7UcV2f86DXF14fhZ2wT9I7%2FwIAAP%2F%2FAQAA%2F%2F%2Fxqd6SkAQAAA%3D%3D
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTjaX77uoePGgjughAXe2u6d7psccgjGJBPOLJJKLl%2Bqq6t3KVnc1Vd3Tu3MIiwHJQXHEi8feZ3azqCEkd0XpzUUWhIwHWdRF8B8QxIA3mdmBxReq3vet5z28z%2FPUR5vlAXFR0v1rl%2FVQKkWXwrbbOnlLZlxXtnXlZstz2%2B7p1i2ZdYPTrbXpZQZveW7Ydk%2B13hVsVS%2F5rue6nuu1LkgjEr22NEMh8wd9r91324Hf9sIAa%2Ba%2FvS0dWOqADw7IC5B8cmLlh8eQrEGWPjon7Gqh8zfPp6WihTYY8J33s9VMVxnSozIxDpJsZz4NbSeEfHEMOtuZM4AebE0ZIJYT4vzsIc525msiHmwfbhoriAwx%2Fz%2BqQQOhGkjagOm7kPwpARjHlavI0vtXtKno%2BiFKp%2BiELDz7C7KakIXfXkSWPjyr5FrrhlZlIXVmsZbUkGsN5HKDvNxFMXQgq12w4kNI%2FiNZenYJWbp11SoNyfff6EVR2KWst8g8jy4GPIwWoy7zF7tB1%2FPDOAn7rjeTSMoGMmmgxAjUOiinRzooEwdl7iDl%2By0a9hPX7SVx0ulEAWOs02EsjLo85J0gSlyUbMphhCIfgakRmNlAbjawKkcw5fewKzUsd2ALggGvUQmCyhJUlKCSBFVBUA3qba6sb%2Bv7XNky9ubZn%2BdOPdbF8ibd1sWyyMhmfkCenwrnPLfeYFXst%2BJu0gki7sZB0PUp7YXdyO2Kni94x3N5wmBlDWmPzWgO5YS8%2Btoj5HJCTvxxHjHdhVW7YPI4aPkyaDXu%2BS7oyjiIXAyzh5morN8b6ky0mU7BdY28WECx7myqA%2FLSzMI%2B8yHY3pnfv7l9559fXgczNXJT47Z8QrCs7o2v64psXdeVJY%2Bv5oVM5ZBO7b1R0EIsfPWeWK%2B04RfP2dGXb7MpMC0f3BS2uEQzLrNlS74%2BKzkX5oI2TJBvL9pbIr5W2pWzpcnK%2FNK1dy5cTHMjrJU6a0Dl097nYHJC%2Fnd5Y%2FZxX%2Fn4CaRpYMoaablH5gGpd8HyDdh878yvJ%2F9uPv3gFKwmMOpoJs4dVGU9Nn589KgkgRJHPY1rWHEkQSz2vvvzENu097BsHNDiLrK0xsDUGKgaVI1gy%2BPjIjd7Z37qzAKxcsaxMs5WrIz67FBaK%2FdboReIKI56jPNYMO71%2FE7UcV2f86DXF14fhZ2wT9I7%2FwIAAP%2F%2FAQAA%2F%2F%2Fxqd6SkAQAAA%3D%3D HTTP/1.1
Host: habithate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17856962; uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecb6f348d0b4462aa756806e72ed310dfc=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:11 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c72708abeddcdd9372aa206dfa539d8e
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg
172.64.109.13200 OK 576 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg
IP 172.64.109.13:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash 18f3547b5335a975f204deab07ab753a
5cf6d0d1749a2a97986c71071e87303b16267b2b
837d0d7cee53ef4b76f755260e9ac1b5d798ecc4671c82b57a40514590170791
GET /sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:11 GMT
content-type: image/svg+xml
last-modified: Wed, 01 Sep 2021 12:22:39 GMT
etag: W/"612f708f-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1692415
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=62KROxK%2BUpnu3yS%2BzsIroybkMuIpRzr22KfdYzp%2F8FprIZWLWQ5PC%2FlVEX9Q9vp5R%2B4Mlwgu99yUVd4rfNf%2Fnhi4kQoOmO3YgyPZVCBsqdTfuy0K%2F7zL2wh6D4AYLHAj1zo23sYG37Jb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3fa596271c8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site
67.202.105.32204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site
IP 67.202.105.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0
67.202.105.32204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0
IP 67.202.105.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0 HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0
67.202.105.32204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0
IP 67.202.105.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0 HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0
67.202.105.32204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0
IP 67.202.105.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0 HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0
67.202.105.32204 No Content 0 B URL HTTP/2 ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0
IP 67.202.105.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0 HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2
t.dtscout.com/pv/?_a=v&_h=cnews6.com&_ss=5iz9txrr8a&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=594x&_cb=_dtspv.c
141.101.120.10200 OK 557 B URL HTTP/2 t.dtscout.com/pv/?_a=v&_h=cnews6.com&_ss=5iz9txrr8a&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=594x&_cb=_dtspv.c
IP 141.101.120.10:0
File type ASCII text, with no line terminators
Hash 42f5bdac72b55a1468d9292f8c7fc626
a22050665ee14b8b66a496ca2fbfbc2544cd34cc
1620d38ac314a5c0321ac46125e295793185b37c6ed3d2a1c096ad8bbda58b73
GET /pv/?_a=v&_h=cnews6.com&_ss=5iz9txrr8a&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=594x&_cb=_dtspv.c HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: m=1; oa=1; df=1670212989
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:09 GMT
content-type: application/javascript
x-t: 0.162
x-c: 0
expires: Mon, 05 Dec 2022 04:03:08 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7sNDOlH3c8VDbsJ9ChOAaZ3jg6DNqva1XsvjMfk73I9UM6tZCivN7Z2XabfL%2BBOpcCCb1TtIFRVHhFDPOrALzhaCJ1cdMg3RB9CF7%2BM3cJ4ew6ojNmsfZEQhlpUgUe8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7749e3ef8812990f-ARN
content-encoding: br
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=78856ac7-c11a-4d58-86c2-646125bf5901&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=b6f348d0b4462aa756806e72ed310dfc&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=78856ac7-c11a-4d58-86c2-646125bf5901&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=b6f348d0b4462aa756806e72ed310dfc&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=78856ac7-c11a-4d58-86c2-646125bf5901&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=b6f348d0b4462aa756806e72ed310dfc&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 05 Dec 2022 04:03:13 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c2e73ade907b222b5e65f478fc079d43
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js
IP 172.64.109.13:0
GET /sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:11 GMT
content-type: application/javascript
last-modified: Wed, 01 Sep 2021 12:22:37 GMT
etag: W/"612f708d-149a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1692515
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n6trYmz0omKS%2BJVUuAv4RcOanf5YgJ17L6HzNLA0pWVVx0mxoOE9o%2FPnJcCvUNl1K0R8CpmDdT%2BT84RHTYWhqm7Wi8G67QCFRx9hn%2FZt0sZORWoMHBMqKi0d%2BSgg4HwJ6yaFkAwLTMyv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3fa595d71c8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/animate.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/animate.css
IP 172.64.109.13:0
GET /sb/interstitial/software/flashPlayer/mac/multi/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:11 GMT
content-type: text/css
last-modified: Wed, 01 Sep 2021 12:22:34 GMT
etag: W/"612f708a-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JEw0BiV4BcGktSKzS2Rha6G%2BIVWdTbCMCLFsKNxqhn%2BQMeNKFS9t8B0tIKHPm9B8IIswdZjyBUzRa3kqpp30rkbMP45MX2VTMTryJgmqUz%2FImn3GcTuq1Ntpyu3yWiuWogsQotG2dXnX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3f9ecb57521-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/script.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/script.js
IP 172.64.109.13:0
GET /sb/interstitial/software/flashPlayer/mac/multi/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:11 GMT
content-type: application/javascript
last-modified: Wed, 01 Sep 2021 12:22:36 GMT
etag: W/"612f708c-7082"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HNVeDL%2FijhHHl%2BS58UkTma9iVOhx9%2Fm%2Fsfu0hvjCV3TYO%2BaZDm1thrlzxQQH7PDnjNVJQliyCfc6FMxVVJm5QmecBw%2FUVGN6poJncbzUyas%2BJfJZ%2BVIPI5PZO0jpOgEaGqIhmK1ycFqu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3fabd237521-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
waust.at/d.js
104.26.4.7200 OK 0 B IP 104.26.4.7:0
GET /d.js HTTP/1.1
Host: waust.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:08 GMT
content-type: application/x-javascript
last-modified: Thu, 01 Dec 2022 21:21:19 GMT
etag: W/"63891acf-3972"
expires: Tue, 06 Dec 2022 03:13:56 GMT
cache-control: max-age=86400
access-control-allow-origin: *
cf-cache-status: HIT
age: 2952
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pb5RvqHUL6H%2BOjQxwDWSqXK62CNZ2fuB8xDXOsnpcE6Cai%2BGvvMB0WaEOVnwBHWVa9M1OzWVEqsO5UTaWDqaItH%2BhwO5Q%2BxwmzOi3uT5aeGHy9XHZUiGUh9v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3ea8fcf0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/interstitial/software/flashPlayer/mac/multi/1/index.html
45.133.44.3200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/interstitial/software/flashPlayer/mac/multi/1/index.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/interstitial/software/flashPlayer/mac/multi/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:10 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 01 Sep 2021 12:22:33 GMT
etag: W/"612f7089-cfb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Mon, 05 Dec 2022 05:03:10 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
t.dtscout.com/i/?l=https%3A%2F%2Fcnews6.com%2F&j=
141.101.120.10200 OK 0 B URL HTTP/2 t.dtscout.com/i/?l=https%3A%2F%2Fcnews6.com%2F&j=
IP 141.101.120.10:0
GET /i/?l=https%3A%2F%2Fcnews6.com%2F&j= HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:09 GMT
content-type: application/javascript
x-s: mtl3
set-cookie: m=1; Domain=dtscout.com; Expires=Mon, 05-Dec-2022 05:26:29 GMT; Max-Age=5000; Path=/; SameSite=None; Secure
oa=1; Domain=dtscout.com; Expires=Mon, 05-Dec-2022 08:03:09 GMT; Max-Age=14400; Path=/; SameSite=None; Secure
df=1670212989; Domain=dtscout.com; Expires=Wed, 15-Mar-2023 04:03:09 GMT; Max-Age=8640000; Path=/; SameSite=None; Secure
x-t: 0.781
expires: Mon, 05 Dec 2022 04:03:08 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r93fQ%2BBivJRojnJwbGT2foY%2BR4x7xhdudwasPPC63giesCoJ89Binsjnf%2BqcTthh4O1Uh07EMyGrcwXB80qTgehKFWkyjv%2BTWhE2Kmiv0n6P6vWx6Q2nEqPuLnaZ040%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7749e3edff6b990f-ARN
content-encoding: br
X-Firefox-Spdy: h2
whos.amung.us/pingjs/?k=euf8d9kp70&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site&c=d&x=https%3A%2F%2Fcnews6.com%2F&y=&a=0&v=27&r=6759
104.22.74.171200 OK 0 B URL HTTP/2 whos.amung.us/pingjs/?k=euf8d9kp70&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site&c=d&x=https%3A%2F%2Fcnews6.com%2F&y=&a=0&v=27&r=6759
IP 104.22.74.171:0
GET /pingjs/?k=euf8d9kp70&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site&c=d&x=https%3A%2F%2Fcnews6.com%2F&y=&a=0&v=27&r=6759 HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:10 GMT
content-type: text/javascript;charset=UTF-8
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7749e3f3c9100a2d-ARN
X-Firefox-Spdy: h2