Report - cnews6.com/

Report Overview

Submitted URL
cnews6.com/
IP
63.250.43.139
ASN
#22612 NAMECHEAP-NET
Submitted
2022-12-05 04:03:18
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
errresound.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.7 kB	21 kB	192.243.59.13
cdn.cloudimagesb.com	23099	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	67 kB	45.133.44.9
cdn.barscreative1.com	25648	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435 B	386 B	45.133.44.3
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.9 kB	104.18.32.68
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700 B	1.9 kB	54.230.245.118
cdn.tynt.com	7260	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	348 B	7.6 kB	104.18.36.173
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
pl17957461.highperformancecpmgate.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	412 B	14 kB	192.243.59.20
cdn.creative-bars1.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	16 kB	172.64.109.13
de.tynt.com	1252	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	378 B	329 B	67.202.105.32
t.dtscout.com	11951	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	869 B	2.1 kB	141.101.120.10
pl17952787.highperformancecpmgate.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	410 B	10 kB	192.243.59.20
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	62 kB	34.120.237.76
habithate.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.3 kB	8.1 kB	192.243.59.12
whos.amung.us	12687	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	474 B	217 B	104.22.74.171
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
unseenreport.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	708 B	423 B	192.243.61.227
cnews6.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	472 kB	63.250.43.138
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.9 kB	23.36.77.32
ic.tynt.com	4300	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	2.1 kB	67.202.105.32
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.53.106
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700 B	1.4 kB	142.250.74.131
friendshipmale.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	355 B	50 kB	172.64.141.24
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	377 B	1.9 kB	142.250.74.106
waust.at	38137	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	343 B	726 B	104.26.4.7
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	11 kB	23.36.77.32
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.2 kB	93.184.220.29
simplewebanalysis.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	762 B	806 B	52.28.211.11

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-05	medium	cdn.barscreative1.com/sb/interstitial/software/flashPlayer/mac/multi/1/index.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-04	medium	highperformancecpmgate.com	Sinkholed
2022-12-04	medium	highperformancecpmgate.com	Sinkholed
2022-12-05	medium	errresound.com	Sinkholed
2022-12-05	medium	errresound.com	Sinkholed
2022-12-05	medium	errresound.com	Sinkholed
2022-12-05	medium	errresound.com	Sinkholed
2022-12-05	medium	errresound.com	Sinkholed
2022-12-04	medium	unseenreport.com	Sinkholed

JavaScript (19)

	URL	Size	First Seen	Last Seen
	cnews6.com/	2.1 kB	2023-03-08	2023-03-11
Pretty URL cnews6.com/ IP 63.250.43.138 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:32:51 Last Seen2023-03-11 23:33:27 Times Seen1 Hash 5c167fad7f5ee4fcc682fdff30e5b393 0bf51c12d18d79d0e5fdd929e77e711cea6b150b 850cc8197372d382706363b0efe242f82762dfb53aeb373a8ac512abb0e90640 Loading...

	cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js	84 kB	2023-03-07	2024-03-31
Pretty URL cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js IP 172.64.109.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:11 Last Seen2024-03-31 06:06:50 Times Seen542 Hash 6326c600df01e3bfb9b40e1aa08176f8 6b4fb754d29b297b539bf62ba9b4eaf0f33f314a df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3 Loading...

	t.dtscout.com/i/?l=https%3A%2F%2Fcnews6.com%2F&j=	2.1 kB	2023-03-07	2024-04-18
Pretty URL t.dtscout.com/i/?l=https%3A%2F%2Fcnews6.com%2F&j= IP 141.101.120.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-04-18 07:35:28 Times Seen4392 Hash 51bd741af3fcc4984d1a753eebfa1141 534664acf69cbbb5c9b97c96b63dd37bdc580da2 3e9c8e5dcf3cbff9e1b7211551a31fe388f1b8e607fd78a0a34855be65da721c Loading...

	pl17957461.highperformancecpmgate.com/b6/f3/48/b6f348d0b4462aa756806e72ed310dfc.js	37 kB	2023-03-08	2023-03-08
Pretty URL pl17957461.highperformancecpmgate.com/b6/f3/48/b6f348d0b4462aa756806e72ed310dfc.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:32:51 Last Seen2023-03-08 16:32:51 Times Seen1 Hash ac894e127d13d433a642e70abd057380 faa27511b5da4186bc1d7a3bb2af9b407540d38d c6aa2392a72273389fc3313846a5b612361032a82d8d3f2136c6a5a69607aea9 Loading...

	whos.amung.us/pingjs/?k=euf8d9kp70&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site&c=d&x=https%3A%2F%2Fcnews6.com%2F&y=&a=0&v=27&r=6759	29 B	2023-03-08	2023-03-08
Pretty URL whos.amung.us/pingjs/?k=euf8d9kp70&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site&c=d&x=https%3A%2F%2Fcnews6.com%2F&y=&a=0&v=27&r=6759 IP 104.22.74.171 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:32:51 Last Seen2023-03-08 16:32:51 Times Seen1 Hash 81377e95a01b65b684cca595829c79bb 6d0998b02602ae5efd626ce69df442413af7e924 3e02be6d0d6d3801652b171d6ad5714d3a24f845ab4aa48ee99ca1ef2bd63e67 Loading...

	cdn.tynt.com/tc.js	18 kB	2023-03-07	2023-03-17
Pretty URL cdn.tynt.com/tc.js IP 104.18.36.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2023-03-17 12:46:36 Times Seen1 Hash f9ab02a95c5035df7c44c8c046e95866 bafa1e72a0fa99774b56e31d04f5393bb1c04bbc 937458495c30f567aeafe715f0164bfe061ab17aee4a34aabbf191f69a6d32ae Loading...

	http:blank	10 kB	2023-03-08	2023-03-11
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:32:51 Last Seen2023-03-11 23:33:27 Times Seen1 Hash d0de5be41e672ad97fb5ac87a43610e8 685fd030cae63cfe02eb83cd1734e75b68838f34 4ed8856975fd1ff30ca6eab0ada51f0d8ee6403f9323a3857d01823e3fd438aa Loading...

	cnews6.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	11 kB	2023-03-07	2024-04-18
Pretty URL cnews6.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 IP 63.250.43.138 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-18 09:47:22 Times Seen68471 Hash 79b4956b7ec478ec10244b5e2d33ac7d a46025b9d05e3df30d610a8aef14f392c7058dc9 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Loading...

	cnews6.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1	19 kB	2023-03-07	2024-04-17
Pretty URL cnews6.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 IP 63.250.43.138 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-17 08:02:08 Times Seen37986 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	cnews6.com/wp-content/themes/hitmag/js/skip-link-focus-fix.js?ver=20151215	683 B	2023-03-07	2024-04-18
Pretty URL cnews6.com/wp-content/themes/hitmag/js/skip-link-focus-fix.js?ver=20151215 IP 63.250.43.138 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2024-04-18 11:49:17 Times Seen3271 Hash 75abd4cd8807b312f9f7faeb77ee774b e7b7a7ed06d0123ab8667a1d1eeb23de9f2bece7 ca424c0181141900220a19f998ffa7660380bc99ab99557ad458a083251f7034 Loading...

	pl17952787.highperformancecpmgate.com/30dc7bb2294acae8ca6474105cb0544f/invoke.js	25 kB	2023-03-08	2023-03-08
Pretty URL pl17952787.highperformancecpmgate.com/30dc7bb2294acae8ca6474105cb0544f/invoke.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:32:51 Last Seen2023-03-08 16:32:51 Times Seen1 Hash 86a227ae9c1a5d37344ece3715096945 75c533fc2d8d02a37273d7a3cf1310adb1f910c8 4a362041fa497c2fd4a6cca46c0d934c03b33af41bf06cdf1dcf01700d300863 Loading...

	cnews6.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1	90 kB	2023-03-08	2024-04-17
Pretty URL cnews6.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1 IP 63.250.43.138 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:46 Last Seen2024-04-17 19:29:15 Times Seen31774 Hash 17738318d61d394f1de8890d589afaec f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3 cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981 Loading...

	cnews6.com/	92 B	2023-03-08	2023-03-08
Pretty URL cnews6.com/ IP 63.250.43.138 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:32:51 Last Seen2023-03-08 16:32:51 Times Seen1 Hash ef06d5f8c27da9c2153fe269cc5c7fd9 66b43384ff16e64c07e32ff7332ce8f018685732 cf5e14dd046c65e638e3abd7cc0667104e411c9b6521a1de0126b4676df37517 Loading...

	cnews6.com/wp-content/themes/hitmag/js/scripts.js?ver=6.1.1	1.4 kB	2023-03-07	2024-03-18
Pretty URL cnews6.com/wp-content/themes/hitmag/js/scripts.js?ver=6.1.1 IP 63.250.43.138 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:17 Last Seen2024-03-18 16:00:38 Times Seen79 Hash 62134462963c081fa1df60e6ef2561ab 53ad2fd1d64b58503c9bc54089ac3f88cee9cbba fbf04ca6523c345af62d1fd7554676762c9e8375c17f02d5d504c7d2802aebc9 Loading...

	t.dtscout.com/pv/?_a=v&_h=cnews6.com&_ss=5iz9txrr8a&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=594x&_cb=_dtspv.c	52 B	2023-03-08	2023-03-08
Pretty URL t.dtscout.com/pv/?_a=v&_h=cnews6.com&_ss=5iz9txrr8a&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=594x&_cb=_dtspv.c IP 141.101.120.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:32:51 Last Seen2023-03-08 16:32:51 Times Seen1 Hash d6e1adaae71d0ed7aff9cfd104209e81 c02efa300014e28b2aa86e669891a5a896ebe2ae c6c6107fd22ae5b8ae0bbaad2cbb70737cc7c06bc95be5ff9172e01536107dbc Loading...

	de.tynt.com/deb/v2?id=w!euf8d9kp70&dn=TC&cc=1&r=	4 B	2023-03-07	2024-04-10
Pretty URL de.tynt.com/deb/v2?id=w!euf8d9kp70&dn=TC&cc=1&r= IP 67.202.105.32 ASN #32748 STEADFAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-04-10 18:49:13 Times Seen3069 Hash 350fd6ef6446635f7a8f608434a405ec a4b6c275ac2c80ec925b5c0c5c6abb79ba897356 d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179 Loading...

	waust.at/d.js	15 kB	2023-03-08	2024-04-18
Pretty URL waust.at/d.js IP 104.26.4.7 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:06 Last Seen2024-04-18 11:38:44 Times Seen2173 Hash 38cdedd658fa41770f607c0b117c1f82 3f3c9c6c330ab649e27ec56a8d852e9d41b0edf4 951feaddb6ad45bcc58fee7033004366978150e8f2927692781c3e2755c7c15c Loading...

	cnews6.com/wp-content/themes/hitmag/js/navigation.js?ver=20151215	3.8 kB	2023-03-07	2024-04-18
Pretty URL cnews6.com/wp-content/themes/hitmag/js/navigation.js?ver=20151215 IP 63.250.43.138 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:48 Last Seen2024-04-18 11:49:17 Times Seen270 Hash f5d9d209852795da2a237895e87f2d72 521c90e7aa1c335bc5df2120a144ab800bac1644 ccabeb2cb5391e2956a1866ea45523a82f4117cbfc70e46b2aac5aaa6d3d359a Loading...

		Size	First Seen	Last Seen
	#1 Eval - b2c2041f8d99c45e0f21474fe4f8b7bc	17 B	2023-03-07	2024-04-18
Pretty Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-18 09:23:47 Times Seen7384 Hash b2c2041f8d99c45e0f21474fe4f8b7bc 0b876666393469c726a2e3edbb29544c03a92154 17f5bfdbae6b35ae8bc3b27c069526d694021fe1e37a8027678e770fbb05e061 Loading...

HTTP Transactions (104)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3783
Expires: Mon, 05 Dec 2022 05:06:10 GMT
Date: Mon, 05 Dec 2022 04:03:07 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1867
Cache-Control: max-age=111557
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 04:03:07 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:02:24 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 03:20:12 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2575
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4881
Expires: Mon, 05 Dec 2022 05:24:28 GMT
Date: Mon, 05 Dec 2022 04:03:07 GMT
Connection: keep-alive

cnews6.com/

63.250.43.138

301 Moved Permanently

0 B

URL HTTP/1.1
cnews6.com/
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://cnews6.com/

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: hyNp7UXbnxSqnvmZ7gdagg9ceRCfngbu6PWL/1hFrDdjbmagpH2/pPYljYU77x8vKU44+8aZCOA=
x-amz-request-id: ZT90G68CWMKNDH00
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 03:47:49 GMT
age: 918
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:03:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 03:08:58 GMT
cache-control: public,max-age=3600
age: 3250
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
c710d2c602649e35a7d048ceaced3401
7cefc4677aaf0127ad4afce9a6562a4f7a63fcd6
0846c5d9158af0e09919e066b68ac967ba889f789e463bde36659c695c07711c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 04:03:08 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 15:13:36 GMT
Expires: Sun, 11 Dec 2022 15:13:35 GMT
Etag: "7cefc4677aaf0127ad4afce9a6562a4f7a63fcd6"
Cache-Control: max-age=558026,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7749e3e72d6fb524-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1868
Cache-Control: max-age=106491
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 04:03:08 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 09:37:59 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

cnews6.com/

63.250.43.138

200 OK

11 kB

URL HTTP/2
cnews6.com/
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Size
11 kB (10551 bytes)
Hash
5175c9532da9a3ebbe2c6c7d97d83d3d
a2784c2d82203b5a606f0ffe5047bc51de800ce0
474c1d5a16155bcbf0d82abace968bc8e1d368f63446b1bb9e9b46863e339d1c

HTTP Headers

GET / HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <https://cnews6.com/wp-json/>; rel="https://api.w.org/"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
x-cacheable: YES
age: 95
x-cache: HIT
accept-ranges: bytes
content-length: 10551
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
4b47c3ad65c6a8c349eaf6c53d406ab4
7fef8f970045fb03c262fad624ef7d6c2949c3f2
1725fbf6f969a67cf473cff43e589f8e63603a7297e1105b8cc32c321ae9699c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 831
Cache-Control: max-age=121673
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 04:03:08 GMT
Etag: "638ca286-116"
Expires: Tue, 06 Dec 2022 13:51:01 GMT
Last-Modified: Sun, 04 Dec 2022 13:37:10 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278

push.services.mozilla.com/

54.148.53.106

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.53.106:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: emoMKV1KodRJQI6fl8IWlA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ffxPMWU2eaOUr1FycrPMK3XE0/o=

cnews6.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1

63.250.43.138

200 OK

12 kB

URL HTTP/2
cnews6.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (47826)
Size
12 kB (12518 bytes)
Hash
981383d43a7adb38d6c2bf5286dcd065
e41871905868763178f7d8127e3dfb87909f108f
fceb208fc5a1581abc1926596d5f59fa41e7a7d72027b563303b445cdf7ed126

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: text/css
last-modified: Tue, 29 Nov 2022 11:18:51 GMT
vary: Accept-Encoding
etag: W/"6385ea9b-172a9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
content-length: 12518
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/themes/hitmag/css/fonts.css

63.250.43.138

200 OK

455 B

URL HTTP/2
cnews6.com/wp-content/themes/hitmag/css/fonts.css
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
455 B (455 bytes)
Hash
5f2e85bcd731b259b4aa6a75bdc072d3
23a93594c7c70535cc6591da4ec4a330c4d01cab
f7620f9f7e578cda469a1abd75d6e164c069bcf4ab573de930355362cb45dd47

HTTP Headers

GET /wp-content/themes/hitmag/css/fonts.css HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: text/css
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
vary: Accept-Encoding
etag: W/"638601f8-d5a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
content-length: 455
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/themes/hitmag/style.css?ver=6.1.1

63.250.43.138

200 OK

13 kB

URL HTTP/2
cnews6.com/wp-content/themes/hitmag/style.css?ver=6.1.1
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (659)
Size
13 kB (12812 bytes)
Hash
f7253a622df81af966d929e87add4cb1
380351d3173a93687da9ed668f00c47ee1ce5119
51412b380c732500e795e5aa36604f7b0e38ca22c31bbd3a2e15512d0007203d

HTTP Headers

GET /wp-content/themes/hitmag/style.css?ver=6.1.1 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: text/css
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
vary: Accept-Encoding
etag: W/"638601f8-11130"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
content-length: 12812
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

63.250.43.138

200 OK

31 kB

URL HTTP/2
cnews6.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (65447)
Size
31 kB (31038 bytes)
Hash
2eccf707201b564e5e0cc3637fe4fd79
13b3ab2c399a84808e8fd6a2c795a6a49f5090a4
fb2e62f5864ef969b2d586b0e589fc81d7689038cd54a90fbca4b463e0ca6261

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:33 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 11:18:51 GMT
vary: Accept-Encoding
etag: W/"6385ea9b-15e54"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 95
x-cache: HIT
accept-ranges: bytes
content-length: 31038
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-includes/css/classic-themes.min.css?ver=1

63.250.43.138

200 OK

217 B

URL HTTP/2
cnews6.com/wp-includes/css/classic-themes.min.css?ver=1
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
217 B (217 bytes)
Hash
95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

HTTP Headers

GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: text/css
content-length: 217
last-modified: Tue, 29 Nov 2022 11:18:51 GMT
etag: "6385ea9b-d9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/themes/hitmag/css/font-awesome.min.css?ver=4.7.0

63.250.43.138

200 OK

7.1 kB

URL HTTP/2
cnews6.com/wp-content/themes/hitmag/css/font-awesome.min.css?ver=4.7.0
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (30837)
Size
7.1 kB (7050 bytes)
Hash
0ebb760c7d229fd1d2b3a63493306569
58961c039962ea4f5215caa2e0127a8658bcf847
18eecad8f04af6784d466cd2cad0337dea530bef457e6a7b3da473eea589b134

HTTP Headers

GET /wp-content/themes/hitmag/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: text/css
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
vary: Accept-Encoding
etag: W/"638601f8-7918"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
content-length: 7050
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

63.250.43.138

200 OK

4.2 kB

URL HTTP/2
cnews6.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (11126)
Size
4.2 kB (4169 bytes)
Hash
5629711d7fdd5b28441bac39b851299f
4e0bf2b7383097f7c352023a1b1b1b48a50356b6
44c444309c7a6c05ff4a9bc198bed9e9596bedb5658637c85689c9a471dcdd16

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:33 GMT
content-type: application/javascript
last-modified: Wed, 15 Jun 2022 13:01:54 GMT
vary: Accept-Encoding
etag: W/"62a9d842-2bd8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 95
x-cache: HIT
accept-ranges: bytes
content-length: 4169
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/themes/hitmag/js/skip-link-focus-fix.js?ver=20151215

63.250.43.138

200 OK

416 B

URL HTTP/2
cnews6.com/wp-content/themes/hitmag/js/skip-link-focus-fix.js?ver=20151215
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
416 B (416 bytes)
Hash
e6f53264ebf762f651ef3c426aba7d7a
c94c31f4cdc7976febd8b722771d433fcd460d87
e5dab0bbdb24e72cded213dba7acb5e41a11e2a317279a046e402d1146512404

HTTP Headers

GET /wp-content/themes/hitmag/js/skip-link-focus-fix.js?ver=20151215 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:33 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
vary: Accept-Encoding
etag: W/"638601f8-2ab"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 95
x-cache: HIT
accept-ranges: bytes
content-length: 416
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/uploads/2022/12/King-Cobra-Snake-Blocked-Road-2-1-1-348x215.jpeg

63.250.43.138

200 OK

53 kB

URL HTTP/2
cnews6.com/wp-content/uploads/2022/12/King-Cobra-Snake-Blocked-Road-2-1-1-348x215.jpeg
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:05:01 09:03:29], baseline, precision 8, 348x215, components 3\012- data
Size
53 kB (53060 bytes)
Hash
4deaeec3b24772616a8291c902015eb5
e62b4efacb0cea76cc232bbebb5e1ef6fa821841
6dd3fe0f60d397489cbd77c045bb5eea06ee41b74ecdd8e18fa7bd77539a8bac

HTTP Headers

GET /wp-content/uploads/2022/12/King-Cobra-Snake-Blocked-Road-2-1-1-348x215.jpeg HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:52 GMT
content-type: image/jpeg
content-length: 53060
last-modified: Mon, 05 Dec 2022 04:01:24 GMT
etag: "638d6d14-cf44"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 76
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/themes/hitmag/js/navigation.js?ver=20151215

63.250.43.138

200 OK

1.4 kB

URL HTTP/2
cnews6.com/wp-content/themes/hitmag/js/navigation.js?ver=20151215
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
1.4 kB (1356 bytes)
Hash
35fdb76fc8e506633f47811c1b230c24
ece4f110b59319275e869345a122db43be784e51
5082959004f8a45ee0f6093b9d7f86e00e328f120342c0f1455fef3278be8672

HTTP Headers

GET /wp-content/themes/hitmag/js/navigation.js?ver=20151215 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:33 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
vary: Accept-Encoding
etag: W/"638601f8-f05"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 95
x-cache: HIT
accept-ranges: bytes
content-length: 1356
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1

63.250.43.138

200 OK

5.0 kB

URL HTTP/2
cnews6.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (15660)
Size
5.0 kB (5004 bytes)
Hash
1b982d290af16dac5885f21a198aaa66
f847ca85d23c2f240938bbde0135f3de97925759
0b6e238cc0728a0bace390dfff472ff8bb5a5fd4714bcfcdac7c28621d67b8dc

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:33 GMT
content-type: application/javascript
last-modified: Wed, 15 Jun 2022 13:01:54 GMT
vary: Accept-Encoding
etag: W/"62a9d842-48b9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 95
x-cache: HIT
accept-ranges: bytes
content-length: 5004
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/themes/hitmag/js/scripts.js?ver=6.1.1

63.250.43.138

200 OK

579 B

URL HTTP/2
cnews6.com/wp-content/themes/hitmag/js/scripts.js?ver=6.1.1
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with CRLF line terminators
Size
579 B (579 bytes)
Hash
a36d4322ed87b11cd05a5fbf9d3135bc
bd8cca6629629708ec5054bd6c25fc2a9d2bb036
bb9a754b70d6ba81817318910d9af6a4d9efeffcd026388f9eec5a6822fd9d5f

HTTP Headers

GET /wp-content/themes/hitmag/js/scripts.js?ver=6.1.1 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: application/javascript
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
vary: Accept-Encoding
etag: W/"638601f8-549"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
content-length: 579
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ea9b6b94ec4246f881cb1c742294c0f9
36cd3e7fd45c60d35a85371845f43913e677f2ec
0a77f69ec7f0062a734228f232388597b8a48a027c412280fa4e1a91bb2af5c7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0A77F69EC7F0062A734228F232388597B8A48A027C412280FA4E1A91BB2AF5C7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1826
Expires: Mon, 05 Dec 2022 04:33:35 GMT
Date: Mon, 05 Dec 2022 04:03:09 GMT
Connection: keep-alive

cnews6.com/wp-content/themes/hitmag/fonts/ubuntu-bold-webfont.woff2

63.250.43.138

200 OK

29 kB

URL HTTP/2
cnews6.com/wp-content/themes/hitmag/fonts/ubuntu-bold-webfont.woff2
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
Web Open Font Format (Version 2), TrueType, length 29320, version 1.0\012- data
Size
29 kB (29320 bytes)
Hash
523215f3b621ae9406e84e39e7976e67
3ff9b171c3ccbd71c73121b803da01b62c033ed9
78cfcd698660fe6904cdccf493e82f639a1a08707c35df07be4566e511bb04cc

HTTP Headers

GET /wp-content/themes/hitmag/fonts/ubuntu-bold-webfont.woff2 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cnews6.com/wp-content/themes/hitmag/css/fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:39 GMT
content-type: font/woff2
content-length: 29320
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
etag: "638601f8-7288"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://cnews6.com
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 89
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/themes/hitmag/fonts/lato-regular-latin.woff2

63.250.43.138

200 OK

24 kB

URL HTTP/2
cnews6.com/wp-content/themes/hitmag/fonts/lato-regular-latin.woff2
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /wp-content/themes/hitmag/fonts/lato-regular-latin.woff2 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cnews6.com/wp-content/themes/hitmag/css/fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:39 GMT
content-type: font/woff2
content-length: 23580
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
etag: "638601f8-5c1c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://cnews6.com
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 89
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/JNJj-Xek6-M

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/JNJj-Xek6-M
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2c4b9a6ba0ca96d140a1c99eab66eae3
798c3e78e1289c4b7dc840b94675605b45abd0ba
93c046dff80a46cf3f82622a4206f902793589ac0865a0a0f72c59cc28e0d027

HTTP Headers

POST /s/gts1p5/JNJj-Xek6-M HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 04:03:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cnews6.com/wp-content/themes/hitmag/fonts/opensans-bold-webfont.woff2

63.250.43.138

200 OK

19 kB

URL HTTP/2
cnews6.com/wp-content/themes/hitmag/fonts/opensans-bold-webfont.woff2
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
Web Open Font Format (Version 2), TrueType, length 18992, version 1.0\012- data
Size
19 kB (18992 bytes)
Hash
8b1081927e10196dfa2642487a7b2e8c
b9b32eabae814e96e10c20e43d87a5cafc4dc0d4
c3980ea8f019855a578aef98e57530e78df585bce65b79b9f86a3356fa748bf3

HTTP Headers

GET /wp-content/themes/hitmag/fonts/opensans-bold-webfont.woff2 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cnews6.com/wp-content/themes/hitmag/css/fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:39 GMT
content-type: font/woff2
content-length: 18992
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
etag: "638601f8-4a30"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://cnews6.com
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 89
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/themes/hitmag/fonts/fontawesome-webfont.woff2?v=4.7.0

63.250.43.138

200 OK

77 kB

URL HTTP/2
cnews6.com/wp-content/themes/hitmag/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /wp-content/themes/hitmag/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cnews6.com/wp-content/themes/hitmag/css/font-awesome.min.css?ver=4.7.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:39 GMT
content-type: font/woff2
content-length: 77160
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
etag: "638601f8-12d68"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://cnews6.com
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 89
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/themes/hitmag/fonts/ubuntu-regular-webfont.woff2

63.250.43.138

200 OK

29 kB

URL HTTP/2
cnews6.com/wp-content/themes/hitmag/fonts/ubuntu-regular-webfont.woff2
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
Web Open Font Format (Version 2), TrueType, length 28592, version 1.0\012- data
Size
29 kB (28592 bytes)
Hash
a72bbb5a10e8ff13010604a1bb4a4037
4accf5cfaa94279c6cfdf8cda1c75270e8278761
c07bdac3cac751c087419fb7be13f75451845e648c0c67376ce388216693265c

HTTP Headers

GET /wp-content/themes/hitmag/fonts/ubuntu-regular-webfont.woff2 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cnews6.com/wp-content/themes/hitmag/css/fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:39 GMT
content-type: font/woff2
content-length: 28592
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
etag: "638601f8-6fb0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://cnews6.com
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 89
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/themes/hitmag/fonts/lato-bold-latin.woff2

63.250.43.138

200 OK

23 kB

URL HTTP/2
cnews6.com/wp-content/themes/hitmag/fonts/lato-bold-latin.woff2
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Size
23 kB (23040 bytes)
Hash
de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

HTTP Headers

GET /wp-content/themes/hitmag/fonts/lato-bold-latin.woff2 HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://cnews6.com/wp-content/themes/hitmag/css/fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:39 GMT
content-type: font/woff2
content-length: 23040
last-modified: Tue, 29 Nov 2022 12:58:32 GMT
etag: "638601f8-5a00"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://cnews6.com
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 89
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/uploads/2022/12/Screenshot_20220919_205005-1-1-3-1-2-1-2-1-348x215.jpg

63.250.43.138

200 OK

12 kB

URL HTTP/2
cnews6.com/wp-content/uploads/2022/12/Screenshot_20220919_205005-1-1-3-1-2-1-2-1-348x215.jpg
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 348x215, components 3\012- data
Size
12 kB (11969 bytes)
Hash
63728b8a78fb36cf52186b1bccda9ae3
e877fb0546bd028c0679e09b50e350567b850841
032cf8dfce1256da866345b071ee5c03af1d1b2ba43bc0448633a6adee650850

HTTP Headers

GET /wp-content/uploads/2022/12/Screenshot_20220919_205005-1-1-3-1-2-1-2-1-348x215.jpg HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:02:46 GMT
content-type: image/jpeg
content-length: 11969
last-modified: Mon, 05 Dec 2022 03:53:48 GMT
etag: "638d6b4c-2ec1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 22
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/uploads/2022/12/1-356-5-348x215.jpg

63.250.43.138

200 OK

18 kB

URL HTTP/2
cnews6.com/wp-content/uploads/2022/12/1-356-5-348x215.jpg
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 348x215, components 3\012- data
Size
18 kB (17696 bytes)
Hash
5e77c62299db264d144448dddcb6970e
63687c671c560fc0d5c6fde113a3d098cebea369
01648fd4936ee30abcdf5bec02b4f49930c2253d751020bc2c1673e1858a62f3

HTTP Headers

GET /wp-content/uploads/2022/12/1-356-5-348x215.jpg HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:34 GMT
content-type: image/jpeg
content-length: 17696
last-modified: Mon, 05 Dec 2022 04:00:09 GMT
etag: "638d6cc9-4520"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 94
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/uploads/2022/12/24244_65417_5649-735x400-1-735x400-1-2-348x215.jpg

63.250.43.138

200 OK

14 kB

URL HTTP/2
cnews6.com/wp-content/uploads/2022/12/24244_65417_5649-735x400-1-735x400-1-2-348x215.jpg
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 348x215, components 3\012- data
Size
14 kB (14122 bytes)
Hash
b58c512ebedfa99ae7c66746bb77c54a
692c172672b7129f45b1e6ac8a35500e72aa12d2
73fe18e62a1860cee944618ab68022740ba620f33f3fa2076605d260366841cb

HTTP Headers

GET /wp-content/uploads/2022/12/24244_65417_5649-735x400-1-735x400-1-2-348x215.jpg HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:40 GMT
content-type: image/jpeg
content-length: 14122
last-modified: Mon, 05 Dec 2022 03:52:01 GMT
etag: "638d6ae1-372a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 88
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

pl17952787.highperformancecpmgate.com/30dc7bb2294acae8ca6474105cb0544f/invoke.js

192.243.59.20

200 OK

9.3 kB

URL HTTP/1.1
pl17952787.highperformancecpmgate.com/30dc7bb2294acae8ca6474105cb0544f/invoke.js
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
Unicode text, UTF-8 text, with very long lines (25061), with no line terminators
Size
9.3 kB (9274 bytes)
Hash
04669ac8cf274bcc7269c1e414b9983b
ff4fbc46598774b05f710cdab448dc49992fb1c1
f11d8b8f18d1d9e72b6bfb437d3c068d846b283a2a770dbc4decaac20ad3f67f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /30dc7bb2294acae8ca6474105cb0544f/invoke.js HTTP/1.1
Host: pl17952787.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Mon, 05 Dec 2022 04:03:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 42508c9f8b649bf91c9f09c8bfeea01c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cnews6.com/wp-content/uploads/2022/12/King-Cobra-Snake-Blocked-Road-2-1-348x215.jpeg

63.250.43.138

200 OK

53 kB

URL HTTP/2
cnews6.com/wp-content/uploads/2022/12/King-Cobra-Snake-Blocked-Road-2-1-348x215.jpeg
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:05:01 09:03:29], baseline, precision 8, 348x215, components 3\012- data
Size
53 kB (53060 bytes)
Hash
4deaeec3b24772616a8291c902015eb5
e62b4efacb0cea76cc232bbebb5e1ef6fa821841
6dd3fe0f60d397489cbd77c045bb5eea06ee41b74ecdd8e18fa7bd77539a8bac

HTTP Headers

GET /wp-content/uploads/2022/12/King-Cobra-Snake-Blocked-Road-2-1-348x215.jpeg HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:35 GMT
content-type: image/jpeg
content-length: 53060
last-modified: Mon, 05 Dec 2022 03:53:05 GMT
etag: "638d6b21-cf44"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 93
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

cnews6.com/wp-content/uploads/2022/12/13-47-20-Screenshot_20221128_055325-720x400-1-1-1-1-348x215.jpg

63.250.43.138

200 OK

19 kB

URL HTTP/2
cnews6.com/wp-content/uploads/2022/12/13-47-20-Screenshot_20221128_055325-720x400-1-1-1-1-348x215.jpg
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 348x215, components 3\012- data
Size
19 kB (19011 bytes)
Hash
4741816fcf163b18f32c15d0f8f34b2e
395d301ab4ec08c103b68cd4544f02d317be8d9c
e573710504a001d91082cc927a343e08cee369da475f14f1712d231b0df1a5c1

HTTP Headers

GET /wp-content/uploads/2022/12/13-47-20-Screenshot_20221128_055325-720x400-1-1-1-1-348x215.jpg HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 04:01:35 GMT
content-type: image/jpeg
content-length: 19011
last-modified: Mon, 05 Dec 2022 03:50:34 GMT
etag: "638d6a8a-4a43"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 93
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

pl17957461.highperformancecpmgate.com/b6/f3/48/b6f348d0b4462aa756806e72ed310dfc.js

192.243.59.20

200 OK

13 kB

URL HTTP/1.1
pl17957461.highperformancecpmgate.com/b6/f3/48/b6f348d0b4462aa756806e72ed310dfc.js
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (37111), with no line terminators
Size
13 kB (13397 bytes)
Hash
99abada948eb4c8d61bab522b4fa35d5
5e71d0f6a85f13d627a2cbabf9107666d1310192
94abb15a7c7bfc4fb73a9d021a13b815076fb0f9dca3b3d8248a7d20184478c4

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /b6/f3/48/b6f348d0b4462aa756806e72ed310dfc.js HTTP/1.1
Host: pl17957461.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Mon, 05 Dec 2022 04:03:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 252c4a39cb8b333046039ae0ace35f8e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

e1.o.lencr.org/

23.36.77.32

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
4190c26f01184c51aed2d771ad1429ec
35e2db991eaca4dbe44e4158feb9eddbccba0a4c
4dfbbd61f47a45a39622f70938f29114fe41648e5f74c0aad269d4a0252de5e6

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "4DFBBD61F47A45A39622F70938F29114FE41648E5F74C0AAD269D4A0252DE5E6"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13242
Expires: Mon, 05 Dec 2022 07:43:51 GMT
Date: Mon, 05 Dec 2022 04:03:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9057
Expires: Mon, 05 Dec 2022 06:34:06 GMT
Date: Mon, 05 Dec 2022 04:03:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9057
Expires: Mon, 05 Dec 2022 06:34:06 GMT
Date: Mon, 05 Dec 2022 04:03:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9057
Expires: Mon, 05 Dec 2022 06:34:06 GMT
Date: Mon, 05 Dec 2022 04:03:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e81e29f-79a8-4af6-b0c7-7f49bfafb17e.jpeg

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e81e29f-79a8-4af6-b0c7-7f49bfafb17e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6886 bytes)
Hash
f71032604eecccf0a81f323a5f96a400
f8866d4f3185bcf7871581d75339998b34d6cf6d
d053eedc717d7fd86e621ba948680be16538396d1ba9854b6816626d149b1c57

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e81e29f-79a8-4af6-b0c7-7f49bfafb17e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6886
x-amzn-requestid: d721caf6-2252-4ede-9533-3d3fcd6cce0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpsw-FfRoAMFtOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d5b39-7644a195142f6c420ec7eac6;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 02:45:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RwhNdxS-EBTraqzS_TnCNXj3JXgz5NkO8oLyQaHOhHdtnvBbg4vsRQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 02:45:13 GMT
etag: "f8866d4f3185bcf7871581d75339998b34d6cf6d"
content-type: image/jpeg
age: 4676
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc619d7d-5f58-4402-a30a-fe05dd9e2922.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13647 bytes)
Hash
6079166a1ed5bac7373183f03f33b84e
b0c9391b87a4560598e43d5084dda41e267974a9
3e2faccbc3e14a10da4a433d789068cdc3fb2d3e2a04a7e2b7ea5f6f6313dcd4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc619d7d-5f58-4402-a30a-fe05dd9e2922.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13647
x-amzn-requestid: 36276b12-9e02-4d00-a100-9aa5c794fc79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_ueEWUoAMFj7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1329-7abb45a85c6bc2235c25d61e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oXeR8DTpEoK8E-BiI7gT4JEIdVBfiimfydNYIC62_rNLlTdem9Buig==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:45:46 GMT
age: 22643
etag: "b0c9391b87a4560598e43d5084dda41e267974a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10396 bytes)
Hash
24c69d7ef356b352956d6dcbc9f5df1d
2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:03:01 GMT
age: 21608
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9e8d044-2cda-4dba-9da8-c0a296845bca.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12348 bytes)
Hash
b8e6f84dff61fedd8ff9baa9bb648883
f8d5cc7b315879b66a11b403463da1330617d2fa
025c66a4a0e7927353e1733d7f8cfb6ec3c9c0228d34267cbff11f09cf112127

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9e8d044-2cda-4dba-9da8-c0a296845bca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12348
x-amzn-requestid: 72f681ef-9ae7-4fc5-8539-230e1d4277a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKa_HpTIAMFrcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abddf-43ef45165fd982997e5018c8;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:09:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ee7Rihwq-F-zcJWcnxZtfzfmhrn0w3mub_5F4j8u0r2Uc91oXrKPzA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 04:17:01 GMT
age: 85568
etag: "f8d5cc7b315879b66a11b403463da1330617d2fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f0f8b0d8806166791f6d6d9a9aa908ca
e30099fed67b541c022984b41b6de1e9ca8e01bb
c8d3589546edd372653dbcc6fe1bc48340d7bf5dc3b0f37324a9ff8014aa912b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 05 Dec 2022 04:03:09 GMT
Last-Modified: Mon, 05 Dec 2022 03:42:40 GMT
Server: ECS (nyb/1D34)
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jWKctYd0rwQzsUyu25KyIjq5Y8lj_9xM7SbwbHAxuqMSxo9gUGZz9Q==
Age: 1229

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47f316c5-1381-4b6e-9e8d-f1956258ef3e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6826 bytes)
Hash
a349d02cce160f72cc93f6fb6e45fa46
a6f82481ea0a820da0f199e8f9051a4aa4013c82
ab320118577a2dcb6ab7ad904d6350e187501a94b39b71fdd70b31cbc8853b24

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47f316c5-1381-4b6e-9e8d-f1956258ef3e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6826
x-amzn-requestid: f0abdba6-14c8-4aae-ba3b-37ba0af2ff08
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_t2FsLIAMFekA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1325-3452be066acddb554f528cc3;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GS4yLzXiIZt-eL9T7gjbf2-vMu8i30WKPDmc2EQDxv0CELjdW1gMVA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:46:51 GMT
age: 22578
etag: "a6f82481ea0a820da0f199e8f9051a4aa4013c82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1caf4c1-b9c0-4db1-a780-00b9a6198731.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5209 bytes)
Hash
8d76ec668361348eb17d54001fd2e6c6
534299a20a76ea6e3250f0fb35fe772cac04ef51
22676fae3909acf18e6cd4f505ec718fdac156990edb20926afdae2a359a2859

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1caf4c1-b9c0-4db1-a780-00b9a6198731.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5209
x-amzn-requestid: 682056d5-7815-4fd1-b05b-723619128d8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjKUXF5eoAMFRvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638abdb5-6df5d866267739212832ee66;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 03:08:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TUn27-HAzSq5FHhr2K7W377QRIQqOh9owE1xVL6BQetiK9U-jtwbsg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 03:45:47 GMT
age: 1042
etag: "534299a20a76ea6e3250f0fb35fe772cac04ef51"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f0f8b0d8806166791f6d6d9a9aa908ca
e30099fed67b541c022984b41b6de1e9ca8e01bb
c8d3589546edd372653dbcc6fe1bc48340d7bf5dc3b0f37324a9ff8014aa912b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=121579
Date: Mon, 05 Dec 2022 04:03:09 GMT
Etag: "638ca11c-1d7"
Expires: Tue, 06 Dec 2022 13:49:28 GMT
Last-Modified: Sun, 04 Dec 2022 13:31:08 GMT
Server: ECS (nyb/1D1D)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: o57GhJIOjMaKboB2mewbUOKZYrTT1hFWiAWH4ZBBDy5lUZdUC-RdlA==
Age: 1100

simplewebanalysis.com/stats

52.28.211.11

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
52.28.211.11:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
557ecc6ce424234f6d1b4f29173a15a0
0beab81c024e0751612d9b7ddfa810cd79c825d3
7376a295c56ef7a52473deb8dfa21fd7af564f2262eccbd167c9f7cadb9304ce

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://cnews6.com
access-control-allow-credentials: true
set-cookie: uid_id2=e0456fb7-646c-41e9-8513-14a258c1b8b6:2:1; expires=Thu, 02 Dec 2032 04:03:09 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

simplewebanalysis.com/stats

52.28.211.11

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
52.28.211.11:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
10107fccde381f9f7b689b03393b384b
07b4d1abb63f43eff64462bc0c55a214318a7946
707c7bfa890dd62db1cca2580f6c80b92ffc8fb6aa47ed64ccf7837c490fe3ad

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://cnews6.com
access-control-allow-credentials: true
set-cookie: uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; expires=Thu, 02 Dec 2032 04:03:09 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
4190c26f01184c51aed2d771ad1429ec
35e2db991eaca4dbe44e4158feb9eddbccba0a4c
4dfbbd61f47a45a39622f70938f29114fe41648e5f74c0aad269d4a0252de5e6

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "4DFBBD61F47A45A39622F70938F29114FE41648E5F74C0AAD269D4A0252DE5E6"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13242
Expires: Mon, 05 Dec 2022 07:43:51 GMT
Date: Mon, 05 Dec 2022 04:03:09 GMT
Connection: keep-alive

cnews6.com/favicon.ico

63.250.43.138

204 No Content

0 B

URL HTTP/2
cnews6.com/favicon.ico
IP
63.250.43.138:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cnews6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=78856ac7-c11a-4d58-86c2-646125bf5901%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Mon, 05 Dec 2022 04:01:37 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-type: image/png
age: 92
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
825a300d1eb0cc3ad3b7ac0c0499b946
5798cd7466b04d4ca41a415b31ea566fb5cd910d
94205b8ddbdc5fcbd36d52ebc36a56e14b7c0a207bb3db2ca1ea1a3bd25cebc1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 03 Dec 2022 05:29:15 GMT
Expires: Sat, 10 Dec 2022 05:29:14 GMT
Etag: "5798cd7466b04d4ca41a415b31ea566fb5cd910d"
Cache-Control: max-age=436564,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7749e3f279c0b524-OSL

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
096b5ad9a784e95445c60c6de61b849b
6b46e6c4c6322fb605aa670a7c94ac0f8e43de3e
d24724c785448125dfcc57405f3e43fd4739cacfb33465de727540ecfa80d971

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D24724C785448125DFCC57405F3E43FD4739CACFB33465DE727540ECFA80D971"
Last-Modified: Fri, 02 Dec 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2520
Expires: Mon, 05 Dec 2022 04:45:10 GMT
Date: Mon, 05 Dec 2022 04:03:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3aac4ea74b09f67f69a42aab55a610aa
60ba8c23151a5fc6e82f1254e68c5f695a0bd383
cb8d6383ebceedaf6c40d38ca57dde30df5c0881f79ce9efc625d07f33ec0854

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB8D6383EBCEEDAF6C40D38CA57DDE30DF5C0881F79CE9EFC625D07F33EC0854"
Last-Modified: Sun, 04 Dec 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11329
Expires: Mon, 05 Dec 2022 07:11:59 GMT
Date: Mon, 05 Dec 2022 04:03:10 GMT
Connection: keep-alive

errresound.com/ntv.json?key=30dc7bb2294acae8ca6474105cb0544f&vstc=4

192.243.59.13

200 OK

17 kB

URL HTTP/1.1
errresound.com/ntv.json?key=30dc7bb2294acae8ca6474105cb0544f&vstc=4
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (17216), with no line terminators
Size
17 kB (17218 bytes)
Hash
5780b3f9c41273207c7deb8b98abf164
550c89b3a39e0e5618f17d79a065547f48986e4f
356f9b1ab954db92a059bb7499545f0ae229296ed2880f2daa059f86edab13e1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ntv.json?key=30dc7bb2294acae8ca6474105cb0544f&vstc=4 HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: application/json
Content-Length: 17218
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://cnews6.com
Access-Control-Allow-Origin: https://cnews6.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17852288; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
uncs=1; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
pdhtkv49=true; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
uncs49=1; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
nlec30dc7bb2294acae8ca6474105cb0544f=[3254354,3254334,3254335,3254344]; expires=Mon, 05 Dec 2022 04:03:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3e8991c2c443269049b74b793da70ce7
Strict-Transport-Security: max-age=0; includeSubdomains

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
a4b2661f9faaf638f68d08191f11b9eb
93a120c099c114d90fd533168343641c6768e3fa
65fd78249b3277256ee56b23d213f0816412daa4c2028d2447a90bbc861af5ba

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 11:33:42 GMT
Expires: Sun, 11 Dec 2022 11:33:41 GMT
Etag: "93a120c099c114d90fd533168343641c6768e3fa"
Cache-Control: max-age=544830,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7749e3f5eba1b524-OSL

errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxRevTibw5etFJZecHG8KMts905PZMWAw5ofBuLtuInsTqquqZ8utrmqruqdnR9DFiOQizMGDeur9zG7WH2FJ%2FgBBZr2EBSGDIHtwQfwThJylJwOjD%2Frz3uvPO3w%2B79UXu%2Fkp8ZHTk7V3zVAqRZfaDb%2F%2ByobU3BSuvnKnHvgN%2F1J9Q%2BqL4aX6oALbfz3w2w3%2F1foNwbbMUtMPfD%2Fwg%2Fp1aUVsBkszFjJ90A0aXb8RNhtBO8TA%2Frd3uQdHPfD%2BKXkRkk%2FPbT5%2BBMkm0MnDq8JtZSZ97VqSK5oZiz4%2FeF9vaVNoJIsyth5ifTCfhnFTQr4%2BA6MP5g5g%2BnuVA0RySrzfA0T6YC4TUX%2F%2FmdJIQWhE%2FDkU%2FQmEmkDSCZi5C8mfEIBxrKxCJ%2FdXjC3o9jOWVuyU1J7%2BDVlMSe2P89DJ4RUlB%2FXbRuWZNNphEJeQgwlkb4I0P0I29CCLI7DsM0j%2BK1l6egs62Vt1ykDycuZeyglkPIESI1DnIa8%2B6SGPPeSph4Sf1Gm7G%2Ft%2BJ47iVms5ZIy1Woy1ly%2FyNm%2BFy7GPnFXyRsjSEZgagdkdpHYHW3IEm%2F8Mt1nCcQ8umxLvvR30eYlCEBSOoKAEhSQoMoKiX%2B5z5ZquvM%2BVy6Ngnpvz3CrHJuvt0n2T9YQmu%2BkpeaHai%2Fd8bwdb4qTe8jnrRFGz2Q0po2KZ0YthJwz8Nov8dhjGcLKEdGdmVodySl56%2BSFSOSXn%2FrqGiB7BqSMweRY0D0CLcafpg26Ow2UfQ32oReGanaHRosFMAm5KpFkN2ba3q07JhdmFgu%2FWIdjx5c%2BHf944PP8xmC2R2hIfyl8IeureeN0UZG%2FdFI48Wk0zmcghra53O6OZOPvDO2K7MJbfvOpG37%2FJKqIqH9wRLrtFNZe658iPVyTnwl43lgny0023IaK13G1eya3O01trb12%2FmaRWOCeNnoDKJx%2Fsg8kp%2Bd9Hv83e5YXhp5B2ApuXSPJjMg9IcwSW7sClC%2FXOEFi1mIlSD0Vejm0zWvxUkkCJRU%2BjEu5ffbSod9099GwNNLsLnZTo2xJ9VYKqEVz%2B%2F3GW2uPLj7%2Bp4ltEqjaOlK3tRcqqr2arreCNCi5X8DacPKmLduzHwm%2BKKO5GcYf6vBuH3Yh2A9GJ2jRA5qbsy%2BSTfwAAAP%2F%2FAQAA%2F%2F8lCH6zfgQAAA%3D%3D

192.243.59.13

200 OK

7 B

URL HTTP/1.1
errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxRevTibw5etFJZecHG8KMts905PZMWAw5ofBuLtuInsTqquqZ8utrmqruqdnR9DFiOQizMGDeur9zG7WH2FJ%2FgBBZr2EBSGDIHtwQfwThJylJwOjD%2Frz3uvPO3w%2B79UXu%2Fkp8ZHTk7V3zVAqRZfaDb%2F%2ByobU3BSuvnKnHvgN%2F1J9Q%2BqL4aX6oALbfz3w2w3%2F1foNwbbMUtMPfD%2Fwg%2Fp1aUVsBkszFjJ90A0aXb8RNhtBO8TA%2Frd3uQdHPfD%2BKXkRkk%2FPbT5%2BBMkm0MnDq8JtZSZ97VqSK5oZiz4%2FeF9vaVNoJIsyth5ifTCfhnFTQr4%2BA6MP5g5g%2BnuVA0RySrzfA0T6YC4TUX%2F%2FmdJIQWhE%2FDkU%2FQmEmkDSCZi5C8mfEIBxrKxCJ%2FdXjC3o9jOWVuyU1J7%2BDVlMSe2P89DJ4RUlB%2FXbRuWZNNphEJeQgwlkb4I0P0I29CCLI7DsM0j%2BK1l6egs62Vt1ykDycuZeyglkPIESI1DnIa8%2B6SGPPeSph4Sf1Gm7G%2Ft%2BJ47iVms5ZIy1Woy1ly%2FyNm%2BFy7GPnFXyRsjSEZgagdkdpHYHW3IEm%2F8Mt1nCcQ8umxLvvR30eYlCEBSOoKAEhSQoMoKiX%2B5z5ZquvM%2BVy6Ngnpvz3CrHJuvt0n2T9YQmu%2BkpeaHai%2Fd8bwdb4qTe8jnrRFGz2Q0po2KZ0YthJwz8Nov8dhjGcLKEdGdmVodySl56%2BSFSOSXn%2FrqGiB7BqSMweRY0D0CLcafpg26Ow2UfQ32oReGanaHRosFMAm5KpFkN2ba3q07JhdmFgu%2FWIdjx5c%2BHf944PP8xmC2R2hIfyl8IeureeN0UZG%2FdFI48Wk0zmcghra53O6OZOPvDO2K7MJbfvOpG37%2FJKqIqH9wRLrtFNZe658iPVyTnwl43lgny0023IaK13G1eya3O01trb12%2FmaRWOCeNnoDKJx%2Fsg8kp%2Bd9Hv83e5YXhp5B2ApuXSPJjMg9IcwSW7sClC%2FXOEFi1mIlSD0Vejm0zWvxUkkCJRU%2BjEu5ffbSod9099GwNNLsLnZTo2xJ9VYKqEVz%2B%2F3GW2uPLj7%2Bp4ltEqjaOlK3tRcqqr2arreCNCi5X8DacPKmLduzHwm%2BKKO5GcYf6vBuH3Yh2A9GJ2jRA5qbsy%2BSTfwAAAP%2F%2FAQAA%2F%2F8lCH6zfgQAAA%3D%3D
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxRevTibw5etFJZecHG8KMts905PZMWAw5ofBuLtuInsTqquqZ8utrmqruqdnR9DFiOQizMGDeur9zG7WH2FJ%2FgBBZr2EBSGDIHtwQfwThJylJwOjD%2Frz3uvPO3w%2B79UXu%2Fkp8ZHTk7V3zVAqRZfaDb%2F%2ByobU3BSuvnKnHvgN%2F1J9Q%2BqL4aX6oALbfz3w2w3%2F1foNwbbMUtMPfD%2Fwg%2Fp1aUVsBkszFjJ90A0aXb8RNhtBO8TA%2Frd3uQdHPfD%2BKXkRkk%2FPbT5%2BBMkm0MnDq8JtZSZ97VqSK5oZiz4%2FeF9vaVNoJIsyth5ifTCfhnFTQr4%2BA6MP5g5g%2BnuVA0RySrzfA0T6YC4TUX%2F%2FmdJIQWhE%2FDkU%2FQmEmkDSCZi5C8mfEIBxrKxCJ%2FdXjC3o9jOWVuyU1J7%2BDVlMSe2P89DJ4RUlB%2FXbRuWZNNphEJeQgwlkb4I0P0I29CCLI7DsM0j%2BK1l6egs62Vt1ykDycuZeyglkPIESI1DnIa8%2B6SGPPeSph4Sf1Gm7G%2Ft%2BJ47iVms5ZIy1Woy1ly%2FyNm%2BFy7GPnFXyRsjSEZgagdkdpHYHW3IEm%2F8Mt1nCcQ8umxLvvR30eYlCEBSOoKAEhSQoMoKiX%2B5z5ZquvM%2BVy6Ngnpvz3CrHJuvt0n2T9YQmu%2BkpeaHai%2Fd8bwdb4qTe8jnrRFGz2Q0po2KZ0YthJwz8Nov8dhjGcLKEdGdmVodySl56%2BSFSOSXn%2FrqGiB7BqSMweRY0D0CLcafpg26Ow2UfQ32oReGanaHRosFMAm5KpFkN2ba3q07JhdmFgu%2FWIdjx5c%2BHf944PP8xmC2R2hIfyl8IeureeN0UZG%2FdFI48Wk0zmcghra53O6OZOPvDO2K7MJbfvOpG37%2FJKqIqH9wRLrtFNZe658iPVyTnwl43lgny0023IaK13G1eya3O01trb12%2FmaRWOCeNnoDKJx%2Fsg8kp%2Bd9Hv83e5YXhp5B2ApuXSPJjMg9IcwSW7sClC%2FXOEFi1mIlSD0Vejm0zWvxUkkCJRU%2BjEu5ffbSod9099GwNNLsLnZTo2xJ9VYKqEVz%2B%2F3GW2uPLj7%2Bp4ltEqjaOlK3tRcqqr2arreCNCi5X8DacPKmLduzHwm%2BKKO5GcYf6vBuH3Yh2A9GJ2jRA5qbsy%2BSTfwAAAP%2F%2FAQAA%2F%2F8lCH6zfgQAAA%3D%3D HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17852288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec30dc7bb2294acae8ca6474105cb0544f=[3254354,3254334,3254335,3254344]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 40749dda141250963a62ab35f3f21253
Strict-Transport-Security: max-age=0; includeSubdomains

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
921edf4719d00fc9e787f0163dad9917
d174b6498bf23f64df69f917124059bec7a46b3e
ca7f94b946a5920f873661c61d48722c96c0e453363551045b3f788f35c9c885

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA7F94B946A5920F873661C61D48722C96C0E453363551045B3F788F35C9C885"
Last-Modified: Sat, 03 Dec 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12138
Expires: Mon, 05 Dec 2022 07:25:28 GMT
Date: Mon, 05 Dec 2022 04:03:10 GMT
Connection: keep-alive

cdn.tynt.com/tc.js

104.18.36.173

200 OK

7.2 kB

URL HTTP/2
cdn.tynt.com/tc.js
IP
104.18.36.173:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
7.2 kB (7207 bytes)
Hash
8fcc1d09d632061c71caa05da144eb83
f0f7904d495c5237d426f55863609a4c9d20c034
599436c25fd2ca5b89783baed39f6f36e63d190149fbfbdc927a8fcb89ea89dd

HTTP Headers

GET /tc.js HTTP/1.1
Host: cdn.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:10 GMT
content-type: application/javascript
last-modified: Thu, 21 Jul 2022 14:57:10 GMT
vary: Accept-Encoding
etag: W/"62d96946-4599"
content-encoding: gzip
cf-cache-status: HIT
age: 131827
expires: Thu, 08 Dec 2022 04:03:10 GMT
cache-control: public, max-age=259200
server: cloudflare
cf-ray: 7749e3f7388a1c02-OSL
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
921edf4719d00fc9e787f0163dad9917
d174b6498bf23f64df69f917124059bec7a46b3e
ca7f94b946a5920f873661c61d48722c96c0e453363551045b3f788f35c9c885

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA7F94B946A5920F873661C61D48722C96C0E453363551045B3F788F35C9C885"
Last-Modified: Sat, 03 Dec 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12138
Expires: Mon, 05 Dec 2022 07:25:28 GMT
Date: Mon, 05 Dec 2022 04:03:10 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
921edf4719d00fc9e787f0163dad9917
d174b6498bf23f64df69f917124059bec7a46b3e
ca7f94b946a5920f873661c61d48722c96c0e453363551045b3f788f35c9c885

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA7F94B946A5920F873661C61D48722C96C0E453363551045B3F788F35C9C885"
Last-Modified: Sat, 03 Dec 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12138
Expires: Mon, 05 Dec 2022 07:25:28 GMT
Date: Mon, 05 Dec 2022 04:03:10 GMT
Connection: keep-alive

cdn.cloudimagesb.com/si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg

45.133.44.9

200 OK

19 kB

URL HTTP/2
cdn.cloudimagesb.com/si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
19 kB (18886 bytes)
Hash
e3f84420ce3bd43532e3ddb8b22a465e
3d7ad384f893e1dbcd8d3bfb260bfc8c4848138a
428d48c9b4e20910da3a15d23ca23eee970be4c013a4cbf5f66355537a8ddd10

HTTP Headers

GET /si/e3/45/09/e34509c88d1762ac4c86147aabde5f02/1645978523.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:10 GMT
content-type: image/jpeg
content-length: 18886
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:15:36 GMT
etag: "621ba3a8-49c6"
expires: Wed, 07 Dec 2022 04:03:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

172.64.141.24

200 OK

49 kB

URL HTTP/2
friendshipmale.com/sfp.js
IP
172.64.141.24:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
49 kB (48665 bytes)
Hash
ceb859e7e7e591d502dbc4c08290a279
5da5cc81d55a52ec0e693bf65bb4b87748fe17f9
990efe99a614f993844acfa77cbe810d4ea240ad22d2f12f2beafd84b7059658

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:09 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 79ad5aa58d6526937e2986213f255bc0
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 05 Dec 2022 04:03:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kBBQ7s9fZnfq%2BQvD%2BJ7TUTBgMMEoBzhw9zjZVAGYEQiOSTeRs05fvCwxyTk0J8tS%2Bl8U9V%2FS02zv%2BKpmd7odCiAm5j9VNQ6KJlTb9M9IpGRb6fhWHofqECn9RU4Egn%2FHOXYbhi8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3f0eaff71b6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

habithate.com/sbar.json?key=b6f348d0b4462aa756806e72ed310dfc&uuid=78856ac7-c11a-4d58-86c2-646125bf5901%3A1%3A1

192.243.59.12

200 OK

4.0 kB

URL HTTP/1.1
habithate.com/sbar.json?key=b6f348d0b4462aa756806e72ed310dfc&uuid=78856ac7-c11a-4d58-86c2-646125bf5901%3A1%3A1
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with very long lines (5796), with no line terminators
Size
4.0 kB (3983 bytes)
Hash
398ded78efe0f1687d5727b36d3eafaa
a2aab0d10af5d40a5ba5546342113bb6de589e86
16e831eb5208192b995033c152f854f9706ffef638a5431322f43db38041b5cb

HTTP Headers

GET /sbar.json?key=b6f348d0b4462aa756806e72ed310dfc&uuid=78856ac7-c11a-4d58-86c2-646125bf5901%3A1%3A1 HTTP/1.1
Host: habithate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://cnews6.com
Access-Control-Allow-Origin: https://cnews6.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17856962; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; expires=Mon, 12 Dec 2022 04:03:10 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
uncs=1; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 06 Dec 2022 04:03:10 GMT; secure; SameSite=None
slecb6f348d0b4462aa756806e72ed310dfc=[3760946]; expires=Mon, 05 Dec 2022 04:03:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1ab5f635f18269b432a17d15c0b0b23c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg

45.133.44.9

200 OK

25 kB

URL HTTP/2
cdn.cloudimagesb.com/si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
25 kB (25012 bytes)
Hash
f1a49a7d784361bbce9f7ed99c6fc6ec
bb1a5732dc954a89c85089d16d71a00ade1fe682
deb5daa6fcbf7a78b9361e5ac56f09b27986953f03977adbaf32d04a93996bdd

HTTP Headers

GET /si/5d/19/5d/5d195d7de14d8e7d59a9c7b1330750de/1645978440.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:10 GMT
content-type: image/jpeg
content-length: 25012
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:14:05 GMT
etag: "621ba34d-61b4"
expires: Wed, 07 Dec 2022 04:03:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/75/c9/28/75c92834ede96f2f4d3581e4d43e6e4f/1645978427.jpg

45.133.44.9

200 OK

22 kB

URL HTTP/2
cdn.cloudimagesb.com/si/75/c9/28/75c92834ede96f2f4d3581e4d43e6e4f/1645978427.jpg
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
22 kB (22212 bytes)
Hash
796d425c7dcd3be5c1cdc6cdd56c1dab
e8cc1589c53cccdd638d3a732fef9e97aa4a45bc
f73ea8486409b59615869827f5c1b1f322ee1374d506e7789019bb4967348437

HTTP Headers

GET /si/75/c9/28/75c92834ede96f2f4d3581e4d43e6e4f/1645978427.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:10 GMT
content-type: image/jpeg
content-length: 22212
server: nginx/1.17.6
last-modified: Sun, 27 Feb 2022 16:14:00 GMT
etag: "621ba348-56c4"
expires: Wed, 07 Dec 2022 04:03:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTiYgelHJJSfHm4LMds%2F0ZHYMGIz5YTDurpvI3oTqqurZcqur2qru6dkRZDEiuQhz8KCeet%2FsZv0RluQPEGTWS1wQMhfZgwvinyDkLD0ZGP2gvx%2F9vsN776svd%2FNT4iOnJ2vvm6FUii61G379tQ2puSlcfeVOPfAb%2FqX6htQXw0v1QZVs%2F83Abzf81%2Bs3BNsyS00%2F8P3AD%2BrXpRWxGSzNUMj0QTdodP1G2GwE7RAD%2B%2F%2FZ5R4c9cD7p%2BRlSD49t%2Fn4ESSbQCcPrwq3lZn0jWtJrmhmLPr84EO9pU2hkSza2HqI9cF8G8ZNCfnmDIw%2BmCuA6e9VChDJKfH%2BCBDpgzlNRP39Z0wjBaER8RdQ9CcQagJJJ2DmLiR%2FQgDGsbIKndxfMbag289QWqFTUnv6D2QxJbU%2Fz0Mnh1eUHNRvG5Vn0miHQVxCDiaQvQnS%2FAjZ0IMsjsCyzyH572Tp6S3oZG%2FVKQPJy5l6KSeQ8QRKjECdh7z6pIc89pCnHhJ%2BUqftbuz7nTiKW63lkDHWajHWXr7I27wVLsc%2BclbRGyFLR2BqBGZ3kNodbMkRbP4L3GYJxz24bEq8D3bQ5yUKQVA4goISFJKgyAiKfrnPlWu68j5XLo%2BCeW3Oa6scm6y3S%2FdN1hOa7Kan5KXKF%2B%2FF3g62xEm95XPWiaJmsxtSRsUyoxfDThj4bRb57TCM4WQJ6c7MpA7llLzy6kOkckrO%2FX0NET2CU0dg8ixoHoAW407TB90ch8s%2BhvpQi8I1O0OjRYOZBNyUSLMasm1vV52SC7MLBd9fhmDHl78Y%2FnXj8PynYLZEakt8LH8l6Kl743VTkL11UzjyaDXNZCKHtLre7Yxm4uyP74ntwlh%2B86ob%2FfA2q4CqfXBHuOwW1VzqniM%2FXZGcC3vdWCbIzzfdhojWcrd5Jbc6T2%2BtvXP9ZpJa4Zw0egIqn3y0Dyan5LlPfpu9ywtDBWknsHmJJD8m84A0R2DpDly6YO8MgVWLnSg9iyIvx7YZLX4qSaDEYqZRCfefOVr0u%2B4eerYGmt2FTkr0bYm%2BKkHVCC5%2Ffpyl9vjy42%2Br%2BA6Rqo0jZWt7kbLq68ra9Sq9NTO5Su%2FCyZO6aMd%2BLPymiOJuFHeoz7tx2I1oNxCdqE0DZG7Kvko%2B%2BxcAAP%2F%2FAQAA%2F%2F9i3WxrfgQAAA%3D%3D

192.243.59.13

200 OK

7 B

URL HTTP/1.1
errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTiYgelHJJSfHm4LMds%2F0ZHYMGIz5YTDurpvI3oTqqurZcqur2qru6dkRZDEiuQhz8KCeet%2FsZv0RluQPEGTWS1wQMhfZgwvinyDkLD0ZGP2gvx%2F9vsN776svd%2FNT4iOnJ2vvm6FUii61G379tQ2puSlcfeVOPfAb%2FqX6htQXw0v1QZVs%2F83Abzf81%2Bs3BNsyS00%2F8P3AD%2BrXpRWxGSzNUMj0QTdodP1G2GwE7RAD%2B%2F%2FZ5R4c9cD7p%2BRlSD49t%2Fn4ESSbQCcPrwq3lZn0jWtJrmhmLPr84EO9pU2hkSza2HqI9cF8G8ZNCfnmDIw%2BmCuA6e9VChDJKfH%2BCBDpgzlNRP39Z0wjBaER8RdQ9CcQagJJJ2DmLiR%2FQgDGsbIKndxfMbag289QWqFTUnv6D2QxJbU%2Fz0Mnh1eUHNRvG5Vn0miHQVxCDiaQvQnS%2FAjZ0IMsjsCyzyH572Tp6S3oZG%2FVKQPJy5l6KSeQ8QRKjECdh7z6pIc89pCnHhJ%2BUqftbuz7nTiKW63lkDHWajHWXr7I27wVLsc%2BclbRGyFLR2BqBGZ3kNodbMkRbP4L3GYJxz24bEq8D3bQ5yUKQVA4goISFJKgyAiKfrnPlWu68j5XLo%2BCeW3Oa6scm6y3S%2FdN1hOa7Kan5KXKF%2B%2FF3g62xEm95XPWiaJmsxtSRsUyoxfDThj4bRb57TCM4WQJ6c7MpA7llLzy6kOkckrO%2FX0NET2CU0dg8ixoHoAW407TB90ch8s%2BhvpQi8I1O0OjRYOZBNyUSLMasm1vV52SC7MLBd9fhmDHl78Y%2FnXj8PynYLZEakt8LH8l6Kl743VTkL11UzjyaDXNZCKHtLre7Yxm4uyP74ntwlh%2B86ob%2FfA2q4CqfXBHuOwW1VzqniM%2FXZGcC3vdWCbIzzfdhojWcrd5Jbc6T2%2BtvXP9ZpJa4Zw0egIqn3y0Dyan5LlPfpu9ywtDBWknsHmJJD8m84A0R2DpDly6YO8MgVWLnSg9iyIvx7YZLX4qSaDEYqZRCfefOVr0u%2B4eerYGmt2FTkr0bYm%2BKkHVCC5%2Ffpyl9vjy42%2Br%2BA6Rqo0jZWt7kbLq68ra9Sq9NTO5Su%2FCyZO6aMd%2BLPymiOJuFHeoz7tx2I1oNxCdqE0DZG7Kvko%2B%2BxcAAP%2F%2FAQAA%2F%2F9i3WxrfgQAAA%3D%3D
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTiYgelHJJSfHm4LMds%2F0ZHYMGIz5YTDurpvI3oTqqurZcqur2qru6dkRZDEiuQhz8KCeet%2FsZv0RluQPEGTWS1wQMhfZgwvinyDkLD0ZGP2gvx%2F9vsN776svd%2FNT4iOnJ2vvm6FUii61G379tQ2puSlcfeVOPfAb%2FqX6htQXw0v1QZVs%2F83Abzf81%2Bs3BNsyS00%2F8P3AD%2BrXpRWxGSzNUMj0QTdodP1G2GwE7RAD%2B%2F%2FZ5R4c9cD7p%2BRlSD49t%2Fn4ESSbQCcPrwq3lZn0jWtJrmhmLPr84EO9pU2hkSza2HqI9cF8G8ZNCfnmDIw%2BmCuA6e9VChDJKfH%2BCBDpgzlNRP39Z0wjBaER8RdQ9CcQagJJJ2DmLiR%2FQgDGsbIKndxfMbag289QWqFTUnv6D2QxJbU%2Fz0Mnh1eUHNRvG5Vn0miHQVxCDiaQvQnS%2FAjZ0IMsjsCyzyH572Tp6S3oZG%2FVKQPJy5l6KSeQ8QRKjECdh7z6pIc89pCnHhJ%2BUqftbuz7nTiKW63lkDHWajHWXr7I27wVLsc%2BclbRGyFLR2BqBGZ3kNodbMkRbP4L3GYJxz24bEq8D3bQ5yUKQVA4goISFJKgyAiKfrnPlWu68j5XLo%2BCeW3Oa6scm6y3S%2FdN1hOa7Kan5KXKF%2B%2FF3g62xEm95XPWiaJmsxtSRsUyoxfDThj4bRb57TCM4WQJ6c7MpA7llLzy6kOkckrO%2FX0NET2CU0dg8ixoHoAW407TB90ch8s%2BhvpQi8I1O0OjRYOZBNyUSLMasm1vV52SC7MLBd9fhmDHl78Y%2FnXj8PynYLZEakt8LH8l6Kl743VTkL11UzjyaDXNZCKHtLre7Yxm4uyP74ntwlh%2B86ob%2FfA2q4CqfXBHuOwW1VzqniM%2FXZGcC3vdWCbIzzfdhojWcrd5Jbc6T2%2BtvXP9ZpJa4Zw0egIqn3y0Dyan5LlPfpu9ywtDBWknsHmJJD8m84A0R2DpDly6YO8MgVWLnSg9iyIvx7YZLX4qSaDEYqZRCfefOVr0u%2B4eerYGmt2FTkr0bYm%2BKkHVCC5%2Ffpyl9vjy42%2Br%2BA6Rqo0jZWt7kbLq68ra9Sq9NTO5Su%2FCyZO6aMd%2BLPymiOJuFHeoz7tx2I1oNxCdqE0DZG7Kvko%2B%2BxcAAP%2F%2FAQAA%2F%2F9i3WxrfgQAAA%3D%3D HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17852288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec30dc7bb2294acae8ca6474105cb0544f=[3254354,3254334,3254335,3254344]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: affdc53714f0d4340a6b117c03c5706d
Strict-Transport-Security: max-age=0; includeSubdomains

errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3p0F0YvKXvbkeFOQSfdMTybjgsG4mzUYk5hdyU2orq6elFNd1VZ1T09GkOCK7EWYgwf11HmTbPyxhN0%2FQJCJlzUg7FwkBwPinyDsWXp2YPSD%2Fn70%2Bw7vva%2B%2BPMguiIuMnm%2B9rwdCSrrQrLnV13aECnVuqxt3qp5bc69Xd4Ra9K9X%2B2UyvTc9t1lzX6%2Fe4qyrF%2Bqu57qe61VXheGR7i9MUYjkQdurtd2aX695TR998%2F%2FZZg4sdRD2LsjLEOHkyu7jRxBsDBU%2FvMFtN9XJGzfjTNJUG%2FTC4w9VV%2BlcIZ63kXEQqePZNrSdEPLNJWh1PFMA3TssFSAQE%2BL84SFQxzOaCHpHz5gGElwhCF9A3huDyzEEHYPpuxDhEwKwEBubUPH9DW1yuvcMpSU6IZWn%2F0DkE1L58ypUfLIiRb96W8ssFVpZ9KMCoj%2BG6IyRZKdIBw5EfgqWfg4R%2Fk4Wnq5DxYebVmqIsJiqF2IMEY0h%2BRDUOsjKTzjIIgdZ4iAOz6u02Y5ctxUFUaOx5DPGGg3GmkuLYTNs%2BEuRi4yV9IZIkyGYHIKZfSRmH10xhMl%2Bgd0tYEMHNp0Q54N99MICOSfILUFOCXJBkKcEea84CqWt2%2BJ%2BKG0WeLNan9VGMdJp54Ae6bTDFTlILshLpS%2FOi519dPl5teGGrBUE9Xrbp4zyJUYX%2FZbvuU0WuE3fj2BFAWEvTaUOxIS88upDJGJCrvx9EwE9hZWnYOIyaOaB5qNW3QXdHflLLgbqRPHc1lsDrXiN6RihLpCkFaR7zoG8INemF%2FK%2BfwucnS1%2FMfjr1snVT8FMgcQU%2BFj8StCR90bbOieH2zq35NFmkopYDGh5vdspTfnlH9%2Fje7k24doNO%2FzhbVYCZfvgDrfpOlWhUB1LfloRYcjNqjaMk5%2FX7A4PtjK7u5IZlSXrW%2B%2BsrsWJ4dYKrcag4slHR2BiQp775Lfpu7w26EKYMUxWIM7OyCwg9ClYsg%2BbzNlbTWDkfCdILiHPipGpB%2FOfUhBIPp9pUMD%2BZw7m%2FYG9h46pgKZ3oeICPVOgJwtQOYTNnh%2BliTlbfvxtGd8hkJVRIE3lMJBGfl1auz31t0zLZXoXVpxXeTNyI%2B7WeRC1g6hF3bAd%2Be2Atj3eCprUQ2on7Kv4s38BAAD%2F%2FwEAAP%2F%2FNRz5KH4EAAA%3D

192.243.59.13

200 OK

7 B

URL HTTP/1.1
errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3p0F0YvKXvbkeFOQSfdMTybjgsG4mzUYk5hdyU2orq6elFNd1VZ1T09GkOCK7EWYgwf11HmTbPyxhN0%2FQJCJlzUg7FwkBwPinyDsWXp2YPSD%2Fn70%2Bw7vva%2B%2BPMguiIuMnm%2B9rwdCSrrQrLnV13aECnVuqxt3qp5bc69Xd4Ra9K9X%2B2UyvTc9t1lzX6%2Fe4qyrF%2Bqu57qe61VXheGR7i9MUYjkQdurtd2aX695TR998%2F%2FZZg4sdRD2LsjLEOHkyu7jRxBsDBU%2FvMFtN9XJGzfjTNJUG%2FTC4w9VV%2BlcIZ63kXEQqePZNrSdEPLNJWh1PFMA3TssFSAQE%2BL84SFQxzOaCHpHz5gGElwhCF9A3huDyzEEHYPpuxDhEwKwEBubUPH9DW1yuvcMpSU6IZWn%2F0DkE1L58ypUfLIiRb96W8ssFVpZ9KMCoj%2BG6IyRZKdIBw5EfgqWfg4R%2Fk4Wnq5DxYebVmqIsJiqF2IMEY0h%2BRDUOsjKTzjIIgdZ4iAOz6u02Y5ctxUFUaOx5DPGGg3GmkuLYTNs%2BEuRi4yV9IZIkyGYHIKZfSRmH10xhMl%2Bgd0tYEMHNp0Q54N99MICOSfILUFOCXJBkKcEea84CqWt2%2BJ%2BKG0WeLNan9VGMdJp54Ae6bTDFTlILshLpS%2FOi519dPl5teGGrBUE9Xrbp4zyJUYX%2FZbvuU0WuE3fj2BFAWEvTaUOxIS88upDJGJCrvx9EwE9hZWnYOIyaOaB5qNW3QXdHflLLgbqRPHc1lsDrXiN6RihLpCkFaR7zoG8INemF%2FK%2BfwucnS1%2FMfjr1snVT8FMgcQU%2BFj8StCR90bbOieH2zq35NFmkopYDGh5vdspTfnlH9%2Fje7k24doNO%2FzhbVYCZfvgDrfpOlWhUB1LfloRYcjNqjaMk5%2FX7A4PtjK7u5IZlSXrW%2B%2BsrsWJ4dYKrcag4slHR2BiQp775Lfpu7w26EKYMUxWIM7OyCwg9ClYsg%2BbzNlbTWDkfCdILiHPipGpB%2FOfUhBIPp9pUMD%2BZw7m%2FYG9h46pgKZ3oeICPVOgJwtQOYTNnh%2BliTlbfvxtGd8hkJVRIE3lMJBGfl1auz31t0zLZXoXVpxXeTNyI%2B7WeRC1g6hF3bAd%2Be2Atj3eCprUQ2on7Kv4s38BAAD%2F%2FwEAAP%2F%2FNRz5KH4EAAA%3D
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRit3p0F0YvKXvbkeFOQSfdMTybjgsG4mzUYk5hdyU2orq6elFNd1VZ1T09GkOCK7EWYgwf11HmTbPyxhN0%2FQJCJlzUg7FwkBwPinyDsWXp2YPSD%2Fn70%2Bw7vva%2B%2BPMguiIuMnm%2B9rwdCSrrQrLnV13aECnVuqxt3qp5bc69Xd4Ra9K9X%2B2UyvTc9t1lzX6%2Fe4qyrF%2Bqu57qe61VXheGR7i9MUYjkQdurtd2aX695TR998%2F%2FZZg4sdRD2LsjLEOHkyu7jRxBsDBU%2FvMFtN9XJGzfjTNJUG%2FTC4w9VV%2BlcIZ63kXEQqePZNrSdEPLNJWh1PFMA3TssFSAQE%2BL84SFQxzOaCHpHz5gGElwhCF9A3huDyzEEHYPpuxDhEwKwEBubUPH9DW1yuvcMpSU6IZWn%2F0DkE1L58ypUfLIiRb96W8ssFVpZ9KMCoj%2BG6IyRZKdIBw5EfgqWfg4R%2Fk4Wnq5DxYebVmqIsJiqF2IMEY0h%2BRDUOsjKTzjIIgdZ4iAOz6u02Y5ctxUFUaOx5DPGGg3GmkuLYTNs%2BEuRi4yV9IZIkyGYHIKZfSRmH10xhMl%2Bgd0tYEMHNp0Q54N99MICOSfILUFOCXJBkKcEea84CqWt2%2BJ%2BKG0WeLNan9VGMdJp54Ae6bTDFTlILshLpS%2FOi519dPl5teGGrBUE9Xrbp4zyJUYX%2FZbvuU0WuE3fj2BFAWEvTaUOxIS88upDJGJCrvx9EwE9hZWnYOIyaOaB5qNW3QXdHflLLgbqRPHc1lsDrXiN6RihLpCkFaR7zoG8INemF%2FK%2BfwucnS1%2FMfjr1snVT8FMgcQU%2BFj8StCR90bbOieH2zq35NFmkopYDGh5vdspTfnlH9%2Fje7k24doNO%2FzhbVYCZfvgDrfpOlWhUB1LfloRYcjNqjaMk5%2FX7A4PtjK7u5IZlSXrW%2B%2BsrsWJ4dYKrcag4slHR2BiQp775Lfpu7w26EKYMUxWIM7OyCwg9ClYsg%2BbzNlbTWDkfCdILiHPipGpB%2FOfUhBIPp9pUMD%2BZw7m%2FYG9h46pgKZ3oeICPVOgJwtQOYTNnh%2BliTlbfvxtGd8hkJVRIE3lMJBGfl1auz31t0zLZXoXVpxXeTNyI%2B7WeRC1g6hF3bAd%2Be2Atj3eCprUQ2on7Kv4s38BAAD%2F%2FwEAAP%2F%2FNRz5KH4EAAA%3D HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17852288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec30dc7bb2294acae8ca6474105cb0544f=[3254354,3254334,3254335,3254344]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2523433907aaf0a65de4fd29682a3115
Strict-Transport-Security: max-age=0; includeSubdomains

errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTiYgelHJJSfHm4LMds%2F0ZHYMGIz5YXDdXTeRvQnVVdWz5VZXtVXd07MjyGJEchHm4EE99b7ZzfojLMkfIMisl7AQyFxkDy6If4KQs%2FTuwOgH%2Ff3o9x3ee199vZOfEB85PV790AylUnSh3fDrb6xLzU3h6st364Hf8K%2FU16W%2BHF6pD6pk%2B28Hfrvhv1m%2FJdimWWj6ge8HflC%2FKa2IzWDhFIVMH3aDRtdvhM1G0A4xsP%2BfXe7BUQ%2B8f0JeheTTCxtPHkOyCXTy6Lpwm5lJ37qR5IpmxqLP9z%2FWm9oUGsm8ja2HWO%2FPtmHclJDvzsHo%2FZkCmP5upQCRnBLvjwCR3p%2FRRNTfO2MaKQiNiL%2BEoj%2BBUBNIOgEz9yD5MwIwjuUV6OTBsrEF3TpDaYVOSe35P5DFlNT%2BvAidHFxTclC%2FY1SeSaMdBnEJOZhA9iZI80NkQw%2ByOATLvoTkT8nC8yXoZHfFKQPJy1P1Uk4g4wmUGIE6D3n1SQ957CFPPST8uE7b3dj3O3EUt1qLIWOs1WKsvXiZt3krXIx95KyiN0KWjsDUCMxuI7Xb2JQj2Pw3uI0Sjntw2ZR4H22jz0sUgqBwBAUlKCRBkREU%2FXKPK9d05QOuXB4Fs9qc1VY5Nllvh%2B6ZrCc02UlPyCuVL97LvW1siuN6y%2BesE0XNZjekjIpFRi%2BHnTDw2yzy22EYw8kS0p07lTqUU%2FLa64%2BQyim58PcNRPQQTh2CyfOgeQBajDtNH3RjHC76GOoDLQrX7AyNFg1mEnBTIs1qyLa8HXVCLp1eKPjxfQh2dPWr4V%2B3Di5%2BDmZLpLbEp%2FJ3gp66P14zBdldM4Ujj1fSTCZySKvr3cloJs7%2F%2FIHYKozlt6%2B70U%2Fvsgqo2od3hcuWqOZS9xz55ZrkXNibxjJBfr3t1kW0mruNa7nVebq0%2Bt7N20lqhXPS6AmofPbJHpickhc%2Be3r6Li8Nc0g7gc1LJPkRmQWkOQRLt%2BHSOXtnCKya70RpDUVejm0zmv9UkkCJ%2BUyjEu4%2FczTvd9x99GwNNLsHnZTo2xJ9VYKqEVz%2B4jhL7dHVJ99X8QMiVRtHytZ2I2XVt5W1a1V6p0pXz5x28rgu2rEfC78porgbxR3q824cdiPaDUQnatMAmZuyb5Iv%2FgUAAP%2F%2FAQAA%2F%2F%2BYL8S1fgQAAA%3D%3D

192.243.59.13

200 OK

7 B

URL HTTP/1.1
errresound.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTiYgelHJJSfHm4LMds%2F0ZHYMGIz5YXDdXTeRvQnVVdWz5VZXtVXd07MjyGJEchHm4EE99b7ZzfojLMkfIMisl7AQyFxkDy6If4KQs%2FTuwOgH%2Ff3o9x3ee199vZOfEB85PV790AylUnSh3fDrb6xLzU3h6st364Hf8K%2FU16W%2BHF6pD6pk%2B28Hfrvhv1m%2FJdimWWj6ge8HflC%2FKa2IzWDhFIVMH3aDRtdvhM1G0A4xsP%2BfXe7BUQ%2B8f0JeheTTCxtPHkOyCXTy6Lpwm5lJ37qR5IpmxqLP9z%2FWm9oUGsm8ja2HWO%2FPtmHclJDvzsHo%2FZkCmP5upQCRnBLvjwCR3p%2FRRNTfO2MaKQiNiL%2BEoj%2BBUBNIOgEz9yD5MwIwjuUV6OTBsrEF3TpDaYVOSe35P5DFlNT%2BvAidHFxTclC%2FY1SeSaMdBnEJOZhA9iZI80NkQw%2ByOATLvoTkT8nC8yXoZHfFKQPJy1P1Uk4g4wmUGIE6D3n1SQ957CFPPST8uE7b3dj3O3EUt1qLIWOs1WKsvXiZt3krXIx95KyiN0KWjsDUCMxuI7Xb2JQj2Pw3uI0Sjntw2ZR4H22jz0sUgqBwBAUlKCRBkREU%2FXKPK9d05QOuXB4Fs9qc1VY5Nllvh%2B6ZrCc02UlPyCuVL97LvW1siuN6y%2BesE0XNZjekjIpFRi%2BHnTDw2yzy22EYw8kS0p07lTqUU%2FLa64%2BQyim58PcNRPQQTh2CyfOgeQBajDtNH3RjHC76GOoDLQrX7AyNFg1mEnBTIs1qyLa8HXVCLp1eKPjxfQh2dPWr4V%2B3Di5%2BDmZLpLbEp%2FJ3gp66P14zBdldM4Ujj1fSTCZySKvr3cloJs7%2F%2FIHYKozlt6%2B70U%2Fvsgqo2od3hcuWqOZS9xz55ZrkXNibxjJBfr3t1kW0mruNa7nVebq0%2Bt7N20lqhXPS6AmofPbJHpickhc%2Be3r6Li8Nc0g7gc1LJPkRmQWkOQRLt%2BHSOXtnCKya70RpDUVejm0zmv9UkkCJ%2BUyjEu4%2FczTvd9x99GwNNLsHnZTo2xJ9VYKqEVz%2B4jhL7dHVJ99X8QMiVRtHytZ2I2XVt5W1a1V6p0pXz5x28rgu2rEfC78porgbxR3q824cdiPaDUQnatMAmZuyb5Iv%2FgUAAP%2F%2FAQAA%2F%2F%2BYL8S1fgQAAA%3D%3D
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTiYgelHJJSfHm4LMds%2F0ZHYMGIz5YXDdXTeRvQnVVdWz5VZXtVXd07MjyGJEchHm4EE99b7ZzfojLMkfIMisl7AQyFxkDy6If4KQs%2FTuwOgH%2Ff3o9x3ee199vZOfEB85PV790AylUnSh3fDrb6xLzU3h6st364Hf8K%2FU16W%2BHF6pD6pk%2B28Hfrvhv1m%2FJdimWWj6ge8HflC%2FKa2IzWDhFIVMH3aDRtdvhM1G0A4xsP%2BfXe7BUQ%2B8f0JeheTTCxtPHkOyCXTy6Lpwm5lJ37qR5IpmxqLP9z%2FWm9oUGsm8ja2HWO%2FPtmHclJDvzsHo%2FZkCmP5upQCRnBLvjwCR3p%2FRRNTfO2MaKQiNiL%2BEoj%2BBUBNIOgEz9yD5MwIwjuUV6OTBsrEF3TpDaYVOSe35P5DFlNT%2BvAidHFxTclC%2FY1SeSaMdBnEJOZhA9iZI80NkQw%2ByOATLvoTkT8nC8yXoZHfFKQPJy1P1Uk4g4wmUGIE6D3n1SQ957CFPPST8uE7b3dj3O3EUt1qLIWOs1WKsvXiZt3krXIx95KyiN0KWjsDUCMxuI7Xb2JQj2Pw3uI0Sjntw2ZR4H22jz0sUgqBwBAUlKCRBkREU%2FXKPK9d05QOuXB4Fs9qc1VY5Nllvh%2B6ZrCc02UlPyCuVL97LvW1siuN6y%2BesE0XNZjekjIpFRi%2BHnTDw2yzy22EYw8kS0p07lTqUU%2FLa64%2BQyim58PcNRPQQTh2CyfOgeQBajDtNH3RjHC76GOoDLQrX7AyNFg1mEnBTIs1qyLa8HXVCLp1eKPjxfQh2dPWr4V%2B3Di5%2BDmZLpLbEp%2FJ3gp66P14zBdldM4Ujj1fSTCZySKvr3cloJs7%2F%2FIHYKozlt6%2B70U%2Fvsgqo2od3hcuWqOZS9xz55ZrkXNibxjJBfr3t1kW0mruNa7nVebq0%2Bt7N20lqhXPS6AmofPbJHpickhc%2Be3r6Li8Nc0g7gc1LJPkRmQWkOQRLt%2BHSOXtnCKya70RpDUVejm0zmv9UkkCJ%2BUyjEu4%2FczTvd9x99GwNNLsHnZTo2xJ9VYKqEVz%2B4jhL7dHVJ99X8QMiVRtHytZ2I2XVt5W1a1V6p0pXz5x28rgu2rEfC78porgbxR3q824cdiPaDUQnatMAmZuyb5Iv%2FgUAAP%2F%2FAQAA%2F%2F%2BYL8S1fgQAAA%3D%3D HTTP/1.1
Host: errresound.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17852288; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec30dc7bb2294acae8ca6474105cb0544f=[3254354,3254334,3254335,3254344]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3b93c9b2001704784154132aea34801d
Strict-Transport-Security: max-age=0; includeSubdomains

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
91cf1caf5d662df9de8d658cac5b6513
5fc2a66b8681bb1e2ae29aa106a4f101ad31d4ca
5f51b547c0c938514c9ff19953f33c5d88091906b603564f632431d375bfd20e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F51B547C0C938514C9FF19953F33C5D88091906B603564F632431D375BFD20E"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8802
Expires: Mon, 05 Dec 2022 06:29:52 GMT
Date: Mon, 05 Dec 2022 04:03:10 GMT
Connection: keep-alive

habithate.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTjaX3%2B%2Bi4sWDOqKHBNzZ7p7u%2BTCHYEwiwXyRRHLxUl1VPVvZ6q6mqnt6dg5hMSA5KI548dj7zG4WNYTkrii9uciCkPEgi7oI%2FgOCGPAmMzuw%2BELV%2B771vIf3eZ76aLM4IC4Kun%2Ftsh5JpehK2HQbJ2%2FJlOvSNq7cbHhu0z3duCXTdnC6MZxdZvCW54ZN91TjXcHW9Irveq7ruV7jgjQi1sOVOQqZPeh5zZ7bDPymFwYYmv%2F2tnBgqQM%2BOCAvQPLpidUfHkOyGmny6Jywa7nO3jyfFIrm2mDAd95P11JdpkiOytg4iNOdxTS0nRLyxTHodGfBAHqwNWOASE6J87OHKN1ZrIlosH24aaQgUkT8%2FygHNYSqIWkNpu9C8qcEYBxXriJN7l%2FRpqTrhyidoVOy9OwvyHJKln57EWny8KySw8YNrYpc6tRiGFeQwxqyXyMrdpGPHMhyFyz%2FEJL%2FSFaeXUKabF21SkPy%2FTc63W7YpqyzzDyPLgc87C5328xfbgdtzw%2BjOOy53lwiKWvIuIYSY1DroJgd6aCIHRSZg4TvN2jYi123E0dxq9UNGGOtFmNht81D3gq6sYuCzTiMkWdjMDUGMxvIzAbW5Bim%2BB52tYLlDmxOMOAVSkFQWoKSEpSSoMwJykG1zZX1bXWfK1tE3iL7i9yqJjrvb9JtnfdFSjazA%2FL8TDjnufUaa2K%2FEbXjVtDlbhQEbZ%2FSTtjuum3R8QVveS6PGaysIO2xOc2RnJJXX3uETE7JiT%2FOI6K7sGoXTB4HLV4GLScd3wVdnQRdF6P0YSpK63dGOhVNphNwXSHLl5CvO5vqgLw0t7DHfAi2d%2Bb3b27f%2BeeX18FMhcxUuC2fEPTVvcl1XZKt67q05PHVLJeJHNGZvTdymoulr94T66U2%2FOI5O%2F7ybTYDZuWDm8Lml2jKZdq35OuzknNhLmjDBPn2or0lomuFXT1bmLTILl1758LFJDPCWqnTGlQ%2B7XwOJqfkf5c35h%2F3lY%2BfQJoapqiQFHtkEZB6FyzbgM32zvx68u%2F60w9OwWoCo45mosxBWVQT40dHj0oSKHHU06iCFUcSRGLvuz8PsU17D33jgOZ3kSYVBqbCQFWgagxbHJ%2Fkmdk781NrHoiUM4mUcbYiZdRnh9Jaud8QYezGwvVFFPeiuENd3ouDXkR7nuhEIfWQ2yn7JLnzLwAAAP%2F%2FAQAA%2F%2F%2FloVB0kAQAAA%3D%3D

192.243.59.12

200 OK

7 B

URL HTTP/1.1
habithate.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTjaX3%2B%2Bi4sWDOqKHBNzZ7p7u%2BTCHYEwiwXyRRHLxUl1VPVvZ6q6mqnt6dg5hMSA5KI548dj7zG4WNYTkrii9uciCkPEgi7oI%2FgOCGPAmMzuw%2BELV%2B771vIf3eZ76aLM4IC4Kun%2Ftsh5JpehK2HQbJ2%2FJlOvSNq7cbHhu0z3duCXTdnC6MZxdZvCW54ZN91TjXcHW9Irveq7ruV7jgjQi1sOVOQqZPeh5zZ7bDPymFwYYmv%2F2tnBgqQM%2BOCAvQPLpidUfHkOyGmny6Jywa7nO3jyfFIrm2mDAd95P11JdpkiOytg4iNOdxTS0nRLyxTHodGfBAHqwNWOASE6J87OHKN1ZrIlosH24aaQgUkT8%2FygHNYSqIWkNpu9C8qcEYBxXriJN7l%2FRpqTrhyidoVOy9OwvyHJKln57EWny8KySw8YNrYpc6tRiGFeQwxqyXyMrdpGPHMhyFyz%2FEJL%2FSFaeXUKabF21SkPy%2FTc63W7YpqyzzDyPLgc87C5328xfbgdtzw%2BjOOy53lwiKWvIuIYSY1DroJgd6aCIHRSZg4TvN2jYi123E0dxq9UNGGOtFmNht81D3gq6sYuCzTiMkWdjMDUGMxvIzAbW5Bim%2BB52tYLlDmxOMOAVSkFQWoKSEpSSoMwJykG1zZX1bXWfK1tE3iL7i9yqJjrvb9JtnfdFSjazA%2FL8TDjnufUaa2K%2FEbXjVtDlbhQEbZ%2FSTtjuum3R8QVveS6PGaysIO2xOc2RnJJXX3uETE7JiT%2FOI6K7sGoXTB4HLV4GLScd3wVdnQRdF6P0YSpK63dGOhVNphNwXSHLl5CvO5vqgLw0t7DHfAi2d%2Bb3b27f%2BeeX18FMhcxUuC2fEPTVvcl1XZKt67q05PHVLJeJHNGZvTdymoulr94T66U2%2FOI5O%2F7ybTYDZuWDm8Lml2jKZdq35OuzknNhLmjDBPn2or0lomuFXT1bmLTILl1758LFJDPCWqnTGlQ%2B7XwOJqfkf5c35h%2F3lY%2BfQJoapqiQFHtkEZB6FyzbgM32zvx68u%2F60w9OwWoCo45mosxBWVQT40dHj0oSKHHU06iCFUcSRGLvuz8PsU17D33jgOZ3kSYVBqbCQFWgagxbHJ%2Fkmdk781NrHoiUM4mUcbYiZdRnh9Jaud8QYezGwvVFFPeiuENd3ouDXkR7nuhEIfWQ2yn7JLnzLwAAAP%2F%2FAQAA%2F%2F%2FloVB0kAQAAA%3D%3D
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzYscxRuuTjaX3%2B%2Bi4sWDOqKHBNzZ7p7u%2BTCHYEwiwXyRRHLxUl1VPVvZ6q6mqnt6dg5hMSA5KI548dj7zG4WNYTkrii9uciCkPEgi7oI%2FgOCGPAmMzuw%2BELV%2B771vIf3eZ76aLM4IC4Kun%2Ftsh5JpehK2HQbJ2%2FJlOvSNq7cbHhu0z3duCXTdnC6MZxdZvCW54ZN91TjXcHW9Irveq7ruV7jgjQi1sOVOQqZPeh5zZ7bDPymFwYYmv%2F2tnBgqQM%2BOCAvQPLpidUfHkOyGmny6Jywa7nO3jyfFIrm2mDAd95P11JdpkiOytg4iNOdxTS0nRLyxTHodGfBAHqwNWOASE6J87OHKN1ZrIlosH24aaQgUkT8%2FygHNYSqIWkNpu9C8qcEYBxXriJN7l%2FRpqTrhyidoVOy9OwvyHJKln57EWny8KySw8YNrYpc6tRiGFeQwxqyXyMrdpGPHMhyFyz%2FEJL%2FSFaeXUKabF21SkPy%2FTc63W7YpqyzzDyPLgc87C5328xfbgdtzw%2BjOOy53lwiKWvIuIYSY1DroJgd6aCIHRSZg4TvN2jYi123E0dxq9UNGGOtFmNht81D3gq6sYuCzTiMkWdjMDUGMxvIzAbW5Bim%2BB52tYLlDmxOMOAVSkFQWoKSEpSSoMwJykG1zZX1bXWfK1tE3iL7i9yqJjrvb9JtnfdFSjazA%2FL8TDjnufUaa2K%2FEbXjVtDlbhQEbZ%2FSTtjuum3R8QVveS6PGaysIO2xOc2RnJJXX3uETE7JiT%2FOI6K7sGoXTB4HLV4GLScd3wVdnQRdF6P0YSpK63dGOhVNphNwXSHLl5CvO5vqgLw0t7DHfAi2d%2Bb3b27f%2BeeX18FMhcxUuC2fEPTVvcl1XZKt67q05PHVLJeJHNGZvTdymoulr94T66U2%2FOI5O%2F7ybTYDZuWDm8Lml2jKZdq35OuzknNhLmjDBPn2or0lomuFXT1bmLTILl1758LFJDPCWqnTGlQ%2B7XwOJqfkf5c35h%2F3lY%2BfQJoapqiQFHtkEZB6FyzbgM32zvx68u%2F60w9OwWoCo45mosxBWVQT40dHj0oSKHHU06iCFUcSRGLvuz8PsU17D33jgOZ3kSYVBqbCQFWgagxbHJ%2Fkmdk781NrHoiUM4mUcbYiZdRnh9Jaud8QYezGwvVFFPeiuENd3ouDXkR7nuhEIfWQ2yn7JLnzLwAAAP%2F%2FAQAA%2F%2F%2FloVB0kAQAAA%3D%3D HTTP/1.1
Host: habithate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17856962; uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecb6f348d0b4462aa756806e72ed310dfc=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8d625ec74989b5431f940764269b8c8d
Strict-Transport-Security: max-age=0; includeSubdomains

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
8017f571df5727fe6f3e8c58e931076b
e09e55a3c306f2cb715e4ce1e2f0738ddf202c93
6478758dd37e708534996b23f8189e79637690d22edff70d5183a19ec66854db

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6478758DD37E708534996B23F8189E79637690D22EDFF70D5183A19EC66854DB"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6200
Expires: Mon, 05 Dec 2022 05:46:31 GMT
Date: Mon, 05 Dec 2022 04:03:11 GMT
Connection: keep-alive

habithate.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=110

192.243.59.12

200 OK

0 B

URL HTTP/1.1
habithate.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=110
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=110 HTTP/1.1
Host: habithate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17856962; uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecb6f348d0b4462aa756806e72ed310dfc=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 04:03:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png

172.64.109.13

200 OK

9.4 kB

URL HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 240 x 240, 8-bit colormap, non-interlaced\012- data
Size
9.4 kB (9360 bytes)
Hash
910542c04f8bf2f90ee33d17d538a006
18d5943e5d51539038f7988c34bccef2937c5545
5969cb3c5c4f573f5c05035ddf9748ee17d5c71df6fca4e484f65d30e2694e57

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:11 GMT
content-type: image/png
content-length: 9360
last-modified: Wed, 01 Sep 2021 12:22:39 GMT
etag: "612f708f-2490"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1692515
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OCn7lJueeBpYaDXg4jvUt%2BhCC0STBYlBVSpCcnKQbF7PPdzihq2t0CLcuzdycEUeJu3DrG%2Fkt2HyzgVxUd4hbEnBStt6fwcK72Lg9fykDS6Qv5BJAMrvvdaiYn7zjdb3VzkoDNr31COv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3fa596071c8-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

1.1 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
1.1 kB (1132 bytes)
Hash
0e8337e0b856b0d1a929b06e9f22f1b4
2515ca3c7f80267c02ae1e9d81503f4173e520b6
af0aeffac32f16897d9eb90740ab735e4517fc38be87362abd939f1b9dec1724

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Dec 2022 04:03:11 GMT
date: Mon, 05 Dec 2022 04:03:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
8017f571df5727fe6f3e8c58e931076b
e09e55a3c306f2cb715e4ce1e2f0738ddf202c93
6478758dd37e708534996b23f8189e79637690d22edff70d5183a19ec66854db

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6478758DD37E708534996B23F8189E79637690D22EDFF70D5183A19EC66854DB"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6200
Expires: Mon, 05 Dec 2022 05:46:31 GMT
Date: Mon, 05 Dec 2022 04:03:11 GMT
Connection: keep-alive

habithate.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fanimate.css&l=79249&fd=352

192.243.59.12

200 OK

0 B

URL HTTP/1.1
habithate.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fanimate.css&l=79249&fd=352
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fanimate.css&l=79249&fd=352 HTTP/1.1
Host: habithate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17856962; uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecb6f348d0b4462aa756806e72ed310dfc=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css

172.64.109.13

200 OK

1.3 kB

URL HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.3 kB (1341 bytes)
Hash
b0b362d133eb4904706bb0622229b74f
22d89f78efb4c1cf967ac7e28821f4f39df8baf7
79b0f34463059aaa97b3b2f0f3319f64e893a595ce9e300d86fb031cc7fa28c0

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:11 GMT
content-type: text/css
last-modified: Wed, 01 Sep 2021 12:22:34 GMT
etag: W/"612f708a-11aa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pZK8yimm69hCu9GIev790QFI4%2B6q7k3OYF%2BDeHzsMCWABMSpmrjIIFaTblaDRslxQmZzS2o1tgirlThIVEGKjhzRz01DXiI4vrYWXEydSELHxnVVdPBWWNBlCgtzI%2Fxqek9zZSrK8W8o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3f9fcb97521-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

habithate.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fjs%2Fscript.js&l=23003&fd=375

192.243.59.12

200 OK

0 B

URL HTTP/1.1
habithate.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fjs%2Fscript.js&l=23003&fd=375
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fjs%2Fscript.js&l=23003&fd=375 HTTP/1.1
Host: habithate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17856962; uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecb6f348d0b4462aa756806e72ed310dfc=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

de.tynt.com/deb/v2?id=w!euf8d9kp70&dn=TC&cc=1&r=

67.202.105.32

200 OK

4 B

URL HTTP/2
de.tynt.com/deb/v2?id=w!euf8d9kp70&dn=TC&cc=1&r=
IP
67.202.105.32:0
ASN
#32748 STEADFAST

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
350fd6ef6446635f7a8f608434a405ec
a4b6c275ac2c80ec925b5c0c5c6abb79ba897356
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

HTTP Headers

GET /deb/v2?id=w!euf8d9kp70&dn=TC&cc=1&r= HTTP/1.1
Host: de.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: max-age=86400
expires: Tue, 06 Dec 2022 04:03:11 GMT
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: application/javascript
content-length: 4
date: Mon, 05 Dec 2022 04:03:11 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site

67.202.105.32

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site
IP
67.202.105.32:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:11 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site

67.202.105.32

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site
IP
67.202.105.32:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:11 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

habithate.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTjaX77uoePGgjughAXe2u6d7psccgjGJBPOLJJKLl%2Bqq6t3KVnc1Vd3Tu3MIiwHJQXHEi8feZ3azqCEkd0XpzUUWhIwHWdRF8B8QxIA3mdmBxReq3vet5z28z%2FPUR5vlAXFR0v1rl%2FVQKkWXwrbbOnlLZlxXtnXlZstz2%2B7p1i2ZdYPTrbXpZQZveW7Ydk%2B13hVsVS%2F5rue6nuu1LkgjEr22NEMh8wd9r91324Hf9sIAa%2Ba%2FvS0dWOqADw7IC5B8cmLlh8eQrEGWPjon7Gqh8zfPp6WihTYY8J33s9VMVxnSozIxDpJsZz4NbSeEfHEMOtuZM4AebE0ZIJYT4vzsIc525msiHmwfbhoriAwx%2Fz%2BqQQOhGkjagOm7kPwpARjHlavI0vtXtKno%2BiFKp%2BiELDz7C7KakIXfXkSWPjyr5FrrhlZlIXVmsZbUkGsN5HKDvNxFMXQgq12w4kNI%2FiNZenYJWbp11SoNyfff6EVR2KWst8g8jy4GPIwWoy7zF7tB1%2FPDOAn7rjeTSMoGMmmgxAjUOiinRzooEwdl7iDl%2By0a9hPX7SVx0ulEAWOs02EsjLo85J0gSlyUbMphhCIfgakRmNlAbjawKkcw5fewKzUsd2ALggGvUQmCyhJUlKCSBFVBUA3qba6sb%2Bv7XNky9ubZn%2BdOPdbF8ibd1sWyyMhmfkCenwrnPLfeYFXst%2BJu0gki7sZB0PUp7YXdyO2Kni94x3N5wmBlDWmPzWgO5YS8%2Btoj5HJCTvxxHjHdhVW7YPI4aPkyaDXu%2BS7oyjiIXAyzh5morN8b6ky0mU7BdY28WECx7myqA%2FLSzMI%2B8yHY3pnfv7l9559fXgczNXJT47Z8QrCs7o2v64psXdeVJY%2Bv5oVM5ZBO7b1R0EIsfPWeWK%2B04RfP2dGXb7MpMC0f3BS2uEQzLrNlS74%2BKzkX5oI2TJBvL9pbIr5W2pWzpcnK%2FNK1dy5cTHMjrJU6a0Dl097nYHJC%2Fnd5Y%2FZxX%2Fn4CaRpYMoaablH5gGpd8HyDdh878yvJ%2F9uPv3gFKwmMOpoJs4dVGU9Nn589KgkgRJHPY1rWHEkQSz2vvvzENu097BsHNDiLrK0xsDUGKgaVI1gy%2BPjIjd7Z37qzAKxcsaxMs5WrIz67FBaK%2FdboReIKI56jPNYMO71%2FE7UcV2f86DXF14fhZ2wT9I7%2FwIAAP%2F%2FAQAA%2F%2F%2Fxqd6SkAQAAA%3D%3D

192.243.59.12

200 OK

7 B

URL HTTP/1.1
habithate.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTjaX77uoePGgjughAXe2u6d7psccgjGJBPOLJJKLl%2Bqq6t3KVnc1Vd3Tu3MIiwHJQXHEi8feZ3azqCEkd0XpzUUWhIwHWdRF8B8QxIA3mdmBxReq3vet5z28z%2FPUR5vlAXFR0v1rl%2FVQKkWXwrbbOnlLZlxXtnXlZstz2%2B7p1i2ZdYPTrbXpZQZveW7Ydk%2B13hVsVS%2F5rue6nuu1LkgjEr22NEMh8wd9r91324Hf9sIAa%2Ba%2FvS0dWOqADw7IC5B8cmLlh8eQrEGWPjon7Gqh8zfPp6WihTYY8J33s9VMVxnSozIxDpJsZz4NbSeEfHEMOtuZM4AebE0ZIJYT4vzsIc525msiHmwfbhoriAwx%2Fz%2BqQQOhGkjagOm7kPwpARjHlavI0vtXtKno%2BiFKp%2BiELDz7C7KakIXfXkSWPjyr5FrrhlZlIXVmsZbUkGsN5HKDvNxFMXQgq12w4kNI%2FiNZenYJWbp11SoNyfff6EVR2KWst8g8jy4GPIwWoy7zF7tB1%2FPDOAn7rjeTSMoGMmmgxAjUOiinRzooEwdl7iDl%2By0a9hPX7SVx0ulEAWOs02EsjLo85J0gSlyUbMphhCIfgakRmNlAbjawKkcw5fewKzUsd2ALggGvUQmCyhJUlKCSBFVBUA3qba6sb%2Bv7XNky9ubZn%2BdOPdbF8ibd1sWyyMhmfkCenwrnPLfeYFXst%2BJu0gki7sZB0PUp7YXdyO2Kni94x3N5wmBlDWmPzWgO5YS8%2Btoj5HJCTvxxHjHdhVW7YPI4aPkyaDXu%2BS7oyjiIXAyzh5morN8b6ky0mU7BdY28WECx7myqA%2FLSzMI%2B8yHY3pnfv7l9559fXgczNXJT47Z8QrCs7o2v64psXdeVJY%2Bv5oVM5ZBO7b1R0EIsfPWeWK%2B04RfP2dGXb7MpMC0f3BS2uEQzLrNlS74%2BKzkX5oI2TJBvL9pbIr5W2pWzpcnK%2FNK1dy5cTHMjrJU6a0Dl097nYHJC%2Fnd5Y%2FZxX%2Fn4CaRpYMoaablH5gGpd8HyDdh878yvJ%2F9uPv3gFKwmMOpoJs4dVGU9Nn589KgkgRJHPY1rWHEkQSz2vvvzENu097BsHNDiLrK0xsDUGKgaVI1gy%2BPjIjd7Z37qzAKxcsaxMs5WrIz67FBaK%2FdboReIKI56jPNYMO71%2FE7UcV2f86DXF14fhZ2wT9I7%2FwIAAP%2F%2FAQAA%2F%2F%2Fxqd6SkAQAAA%3D%3D
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRuuTjaX77uoePGgjughAXe2u6d7psccgjGJBPOLJJKLl%2Bqq6t3KVnc1Vd3Tu3MIiwHJQXHEi8feZ3azqCEkd0XpzUUWhIwHWdRF8B8QxIA3mdmBxReq3vet5z28z%2FPUR5vlAXFR0v1rl%2FVQKkWXwrbbOnlLZlxXtnXlZstz2%2B7p1i2ZdYPTrbXpZQZveW7Ydk%2B13hVsVS%2F5rue6nuu1LkgjEr22NEMh8wd9r91324Hf9sIAa%2Ba%2FvS0dWOqADw7IC5B8cmLlh8eQrEGWPjon7Gqh8zfPp6WihTYY8J33s9VMVxnSozIxDpJsZz4NbSeEfHEMOtuZM4AebE0ZIJYT4vzsIc525msiHmwfbhoriAwx%2Fz%2BqQQOhGkjagOm7kPwpARjHlavI0vtXtKno%2BiFKp%2BiELDz7C7KakIXfXkSWPjyr5FrrhlZlIXVmsZbUkGsN5HKDvNxFMXQgq12w4kNI%2FiNZenYJWbp11SoNyfff6EVR2KWst8g8jy4GPIwWoy7zF7tB1%2FPDOAn7rjeTSMoGMmmgxAjUOiinRzooEwdl7iDl%2By0a9hPX7SVx0ulEAWOs02EsjLo85J0gSlyUbMphhCIfgakRmNlAbjawKkcw5fewKzUsd2ALggGvUQmCyhJUlKCSBFVBUA3qba6sb%2Bv7XNky9ubZn%2BdOPdbF8ibd1sWyyMhmfkCenwrnPLfeYFXst%2BJu0gki7sZB0PUp7YXdyO2Kni94x3N5wmBlDWmPzWgO5YS8%2Btoj5HJCTvxxHjHdhVW7YPI4aPkyaDXu%2BS7oyjiIXAyzh5morN8b6ky0mU7BdY28WECx7myqA%2FLSzMI%2B8yHY3pnfv7l9559fXgczNXJT47Z8QrCs7o2v64psXdeVJY%2Bv5oVM5ZBO7b1R0EIsfPWeWK%2B04RfP2dGXb7MpMC0f3BS2uEQzLrNlS74%2BKzkX5oI2TJBvL9pbIr5W2pWzpcnK%2FNK1dy5cTHMjrJU6a0Dl097nYHJC%2Fnd5Y%2FZxX%2Fn4CaRpYMoaablH5gGpd8HyDdh878yvJ%2F9uPv3gFKwmMOpoJs4dVGU9Nn589KgkgRJHPY1rWHEkQSz2vvvzENu097BsHNDiLrK0xsDUGKgaVI1gy%2BPjIjd7Z37qzAKxcsaxMs5WrIz67FBaK%2FdboReIKI56jPNYMO71%2FE7UcV2f86DXF14fhZ2wT9I7%2FwIAAP%2F%2FAQAA%2F%2F%2Fxqd6SkAQAAA%3D%3D HTTP/1.1
Host: habithate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: u_pl=17856962; uid_id2=78856ac7-c11a-4d58-86c2-646125bf5901:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecb6f348d0b4462aa756806e72ed310dfc=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 05 Dec 2022 04:03:11 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c72708abeddcdd9372aa206dfa539d8e
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg

172.64.109.13

200 OK

576 B

URL HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
576 B (576 bytes)
Hash
18f3547b5335a975f204deab07ab753a
5cf6d0d1749a2a97986c71071e87303b16267b2b
837d0d7cee53ef4b76f755260e9ac1b5d798ecc4671c82b57a40514590170791

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:11 GMT
content-type: image/svg+xml
last-modified: Wed, 01 Sep 2021 12:22:39 GMT
etag: W/"612f708f-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1692415
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=62KROxK%2BUpnu3yS%2BzsIroybkMuIpRzr22KfdYzp%2F8FprIZWLWQ5PC%2FlVEX9Q9vp5R%2B4Mlwgu99yUVd4rfNf%2Fnhi4kQoOmO3YgyPZVCBsqdTfuy0K%2F7zL2wh6D4AYLHAj1zo23sYG37Jb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3fa596271c8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site

67.202.105.32

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site
IP
67.202.105.32:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0

67.202.105.32

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0
IP
67.202.105.32:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0 HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0

67.202.105.32

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0
IP
67.202.105.32:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0 HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0

67.202.105.32

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0
IP
67.202.105.32:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0 HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0

67.202.105.32

204 No Content

0 B

URL HTTP/2
ic.tynt.com/b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0
IP
67.202.105.32:0
ASN
#32748 STEADFAST

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b/p?id=w!euf8d9kp70&lm=0&ts=1670212988080&dn=TC&iso=0 HTTP/1.1
Host: ic.tynt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cnews6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx/1.16.1
date: Mon, 05 Dec 2022 04:03:12 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
X-Firefox-Spdy: h2

t.dtscout.com/pv/?_a=v&_h=cnews6.com&_ss=5iz9txrr8a&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=594x&_cb=_dtspv.c

141.101.120.10

200 OK

557 B

URL HTTP/2
t.dtscout.com/pv/?_a=v&_h=cnews6.com&_ss=5iz9txrr8a&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=594x&_cb=_dtspv.c
IP
141.101.120.10:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
557 B (557 bytes)
Hash
42f5bdac72b55a1468d9292f8c7fc626
a22050665ee14b8b66a496ca2fbfbc2544cd34cc
1620d38ac314a5c0321ac46125e295793185b37c6ed3d2a1c096ad8bbda58b73

HTTP Headers

GET /pv/?_a=v&_h=cnews6.com&_ss=5iz9txrr8a&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=594x&_cb=_dtspv.c HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Cookie: m=1; oa=1; df=1670212989
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:09 GMT
content-type: application/javascript
x-t: 0.162
x-c: 0
expires: Mon, 05 Dec 2022 04:03:08 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7sNDOlH3c8VDbsJ9ChOAaZ3jg6DNqva1XsvjMfk73I9UM6tZCivN7Z2XabfL%2BBOpcCCb1TtIFRVHhFDPOrALzhaCJ1cdMg3RB9CF7%2BM3cJ4ew6ojNmsfZEQhlpUgUe8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7749e3ef8812990f-ARN
content-encoding: br
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=78856ac7-c11a-4d58-86c2-646125bf5901&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=b6f348d0b4462aa756806e72ed310dfc&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4

192.243.61.227

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=78856ac7-c11a-4d58-86c2-646125bf5901&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=b6f348d0b4462aa756806e72ed310dfc&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=78856ac7-c11a-4d58-86c2-646125bf5901&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=b6f348d0b4462aa756806e72ed310dfc&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=4 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 05 Dec 2022 04:03:13 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c2e73ade907b222b5e65f478fc079d43
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js

172.64.109.13

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:11 GMT
content-type: application/javascript
last-modified: Wed, 01 Sep 2021 12:22:37 GMT
etag: W/"612f708d-149a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1692515
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n6trYmz0omKS%2BJVUuAv4RcOanf5YgJ17L6HzNLA0pWVVx0mxoOE9o%2FPnJcCvUNl1K0R8CpmDdT%2BT84RHTYWhqm7Wi8G67QCFRx9hn%2FZt0sZORWoMHBMqKi0d%2BSgg4HwJ6yaFkAwLTMyv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3fa595d71c8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/animate.css

172.64.109.13

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/animate.css
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:11 GMT
content-type: text/css
last-modified: Wed, 01 Sep 2021 12:22:34 GMT
etag: W/"612f708a-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JEw0BiV4BcGktSKzS2Rha6G%2BIVWdTbCMCLFsKNxqhn%2BQMeNKFS9t8B0tIKHPm9B8IIswdZjyBUzRa3kqpp30rkbMP45MX2VTMTryJgmqUz%2FImn3GcTuq1Ntpyu3yWiuWogsQotG2dXnX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3f9ecb57521-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/script.js

172.64.109.13

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/script.js
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:11 GMT
content-type: application/javascript
last-modified: Wed, 01 Sep 2021 12:22:36 GMT
etag: W/"612f708c-7082"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HNVeDL%2FijhHHl%2BS58UkTma9iVOhx9%2Fm%2Fsfu0hvjCV3TYO%2BaZDm1thrlzxQQH7PDnjNVJQliyCfc6FMxVVJm5QmecBw%2FUVGN6poJncbzUyas%2BJfJZ%2BVIPI5PZO0jpOgEaGqIhmK1ycFqu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3fabd237521-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

waust.at/d.js

104.26.4.7

200 OK

0 B

URL HTTP/2
waust.at/d.js
IP
104.26.4.7:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /d.js HTTP/1.1
Host: waust.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:08 GMT
content-type: application/x-javascript
last-modified: Thu, 01 Dec 2022 21:21:19 GMT
etag: W/"63891acf-3972"
expires: Tue, 06 Dec 2022 03:13:56 GMT
cache-control: max-age=86400
access-control-allow-origin: *
cf-cache-status: HIT
age: 2952
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pb5RvqHUL6H%2BOjQxwDWSqXK62CNZ2fuB8xDXOsnpcE6Cai%2BGvvMB0WaEOVnwBHWVa9M1OzWVEqsO5UTaWDqaItH%2BhwO5Q%2BxwmzOi3uT5aeGHy9XHZUiGUh9v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7749e3ea8fcf0b02-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/interstitial/software/flashPlayer/mac/multi/1/index.html

45.133.44.3

200 OK

0 B

URL HTTP/2
cdn.barscreative1.com/sb/interstitial/software/flashPlayer/mac/multi/1/index.html
IP
45.133.44.3:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Origin: https://cnews6.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:10 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 01 Sep 2021 12:22:33 GMT
etag: W/"612f7089-cfb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Mon, 05 Dec 2022 05:03:10 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

t.dtscout.com/i/?l=https%3A%2F%2Fcnews6.com%2F&j=

141.101.120.10

200 OK

0 B

URL HTTP/2
t.dtscout.com/i/?l=https%3A%2F%2Fcnews6.com%2F&j=
IP
141.101.120.10:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /i/?l=https%3A%2F%2Fcnews6.com%2F&j= HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:09 GMT
content-type: application/javascript
x-s: mtl3
set-cookie: m=1; Domain=dtscout.com; Expires=Mon, 05-Dec-2022 05:26:29 GMT; Max-Age=5000; Path=/; SameSite=None; Secure
oa=1; Domain=dtscout.com; Expires=Mon, 05-Dec-2022 08:03:09 GMT; Max-Age=14400; Path=/; SameSite=None; Secure
df=1670212989; Domain=dtscout.com; Expires=Wed, 15-Mar-2023 04:03:09 GMT; Max-Age=8640000; Path=/; SameSite=None; Secure
x-t: 0.781
expires: Mon, 05 Dec 2022 04:03:08 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r93fQ%2BBivJRojnJwbGT2foY%2BR4x7xhdudwasPPC63giesCoJ89Binsjnf%2BqcTthh4O1Uh07EMyGrcwXB80qTgehKFWkyjv%2BTWhE2Kmiv0n6P6vWx6Q2nEqPuLnaZ040%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7749e3edff6b990f-ARN
content-encoding: br
X-Firefox-Spdy: h2

whos.amung.us/pingjs/?k=euf8d9kp70&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site&c=d&x=https%3A%2F%2Fcnews6.com%2F&y=&a=0&v=27&r=6759

104.22.74.171

200 OK

0 B

URL HTTP/2
whos.amung.us/pingjs/?k=euf8d9kp70&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site&c=d&x=https%3A%2F%2Fcnews6.com%2F&y=&a=0&v=27&r=6759
IP
104.22.74.171:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pingjs/?k=euf8d9kp70&t=cnews6%20%E2%80%93%20Just%20another%20WordPress%20site&c=d&x=https%3A%2F%2Fcnews6.com%2F&y=&a=0&v=27&r=6759 HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cnews6.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 04:03:10 GMT
content-type: text/javascript;charset=UTF-8
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7749e3f3c9100a2d-ARN
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations