Report - www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique

Report Overview

Submitted URL
www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
IP
66.29.146.22
ASN
#22612 NAMECHEAP-NET
Submitted
2022-11-28 22:53:02
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.7 kB	12 kB	23.36.77.32
www.officialnd.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.8 kB	39 kB	66.29.146.22
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.6 kB	23.36.76.226
pl16977271.highperformancecpmgate.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	420 B	14 kB	192.243.61.225
cdn.cloudimagesb.com	23099	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	157 kB	45.133.44.10
lightssyrupdecree.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	454 B	467 B	173.233.137.44
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
www.newpakweb.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	418 B	26 kB	172.67.74.52
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	506 B	46 kB	216.58.207.195
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	1.0 kB	143.204.42.156
stats.wp.com	2711	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	362 B	356 B	192.0.76.3
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	4.9 kB	142.250.74.35
phoosi.com	125731	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	405 B	7.1 kB	191.96.56.201
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	836 B	13 kB	142.250.74.10
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	100.20.30.105
wastedinvaluable.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.7 kB	9.1 kB	192.243.59.13
unseenreport.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	846 B	192.243.59.12
cdn.barscreative1.com	25648	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	451 B	386 B	45.133.44.3
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	964 B	104.18.32.68
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	40 kB	34.120.237.76
www.withinnigeria.com	524884	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	498 B	114 kB	104.26.15.210
www.the-sun.com	21787	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	492 B	2.6 MB	143.204.55.92
tallysaturatesnare.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.5 kB	36 kB	192.243.59.13
friendshipmale.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	363 B	954 B	172.64.141.24
c0.wp.com	6988	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	54 kB	192.0.77.37
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	386 B	80 kB	142.250.74.168
pixel.wp.com	2545	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	527 B	239 B	192.0.76.3
hydnews.in	300360	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	465 B	54 kB	104.21.77.222
cdn.creative-bars1.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	45 kB	172.64.109.13
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.3 kB	93.184.220.29
maxcdn.bootstrapcdn.com	724	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	429 B	6.3 kB	104.18.11.207
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	896 B	565 B	216.239.32.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-28	medium	tallysaturatesnare.com/fe/3b/32/fe3b3290f0918b728d00df3a681dc665.js	Malware
2022-11-28	medium	cdn.barscreative1.com/sb/interstitial/software/flashPlayer/mac/multi/1/index.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-28	medium	highperformancecpmgate.com	Sinkholed
2022-11-28	medium	tallysaturatesnare.com	Sinkholed
2022-11-28	medium	wastedinvaluable.com	Sinkholed
2022-11-28	medium	tallysaturatesnare.com	Sinkholed
2022-11-28	medium	wastedinvaluable.com	Sinkholed
2022-11-28	medium	tallysaturatesnare.com	Sinkholed
2022-11-28	medium	wastedinvaluable.com	Sinkholed
2022-11-28	medium	lightssyrupdecree.com	Sinkholed
2022-11-28	medium	wastedinvaluable.com	Sinkholed
2022-11-28	medium	wastedinvaluable.com	Sinkholed
2022-11-28	medium	wastedinvaluable.com	Sinkholed
2022-11-28	medium	unseenreport.com	Sinkholed
2022-11-28	medium	unseenreport.com	Sinkholed
2022-11-28	medium	wastedinvaluable.com	Sinkholed
2022-11-28	medium	wastedinvaluable.com	Sinkholed

JavaScript (23)

	URL	Size	First Seen	Last Seen
	www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f	2.2 kB	2023-03-11	2023-03-11
Pretty URL www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f IP 66.29.146.22 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-11 22:05:30 Times Seen1 Hash 7c6550fa57b16c2324005ec0df2df94f ad7c15ea0740709597f05d39d3445c41e26d9953 cf87aea4a6d3a1162afd12f81694a6805950c0e6c2d60867db6ddb5e9cdddd99 Loading...

	c0.wp.com/c/6.1.1/wp-includes/js/jquery/jquery-migrate.min.js	11 kB	2023-03-07	2024-04-25
Pretty URL c0.wp.com/c/6.1.1/wp-includes/js/jquery/jquery-migrate.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-25 10:34:46 Times Seen68619 Hash 79b4956b7ec478ec10244b5e2d33ac7d a46025b9d05e3df30d610a8aef14f392c7058dc9 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Loading...

	www.officialnd.com/wp-content/themes/mh-magazine-lite/js/scripts.js?ver=2.9.2	37 kB	2023-03-07	2024-04-05
Pretty URL www.officialnd.com/wp-content/themes/mh-magazine-lite/js/scripts.js?ver=2.9.2 IP 66.29.146.22 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:25:46 Last Seen2024-04-05 21:22:00 Times Seen370 Hash e6dc1776b411890b7c8d91a0f64573df 9a62d6beef54462c393b94140a9320858121508e 07a442bcbe2faa41bf1f585c7c772be2a8918f9afd0f5526eb4956562d5e6f8c Loading...

	pl16977271.highperformancecpmgate.com/83/ae/aa/83aeaa6b3377a47861dd648f772d716c.js	37 kB	2023-03-11	2023-03-11
Pretty URL pl16977271.highperformancecpmgate.com/83/ae/aa/83aeaa6b3377a47861dd648f772d716c.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-11 22:05:30 Times Seen1 Hash b9fe5b891ad7538c53739c2d9f8e3721 f65b9c20f434f90778cb3c816187160acbddf0f8 b51208cddcdeaba2d12098768b89beefc1cfc53277c4a7caa1658818f7e3ce60 Loading...

	tallysaturatesnare.com/fe/3b/32/fe3b3290f0918b728d00df3a681dc665.js	86 kB	2023-03-11	2023-03-11
Pretty URL tallysaturatesnare.com/fe/3b/32/fe3b3290f0918b728d00df3a681dc665.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-11 22:05:30 Times Seen1 Hash 44d1fc497b9fb4793a58b1ed2cd79f48 909f7de2167fe7850854e1caebed9866bc1a3021 d09f883aaa09cd4444a699b999019a3dd4205533870c7419a885e3ed71419c89 Loading...

	http:blank	10 kB	2023-03-11	2023-03-11
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-11 22:05:30 Times Seen1 Hash cf6282cbfeba768046abd8bd19dbfa9e 43caabf586d7d6a6d24063cfdbebf8201816b7f9 85a262cb1ed269d77d3c9f4884d59e1ea0d3e52cae54e50745ea98c81097aefd Loading...

	stats.wp.com/e-202248.js	9.0 kB	2023-03-07	2024-01-05
Pretty URL stats.wp.com/e-202248.js IP 192.0.76.3 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:19 Last Seen2024-01-05 09:08:33 Times Seen3233 Hash 9152c169155daa333287728cb8e4ae93 1e45a9ea1464acf983f022567cb9f669f4c77f65 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302 Loading...

	www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f	153 B	2023-03-11	2023-03-11
Pretty URL www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f IP 66.29.146.22 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-11 22:05:30 Times Seen1 Hash 5c43cb1630d2ea2425a6efdc0d01f1ae 774d11eb584afe8f08cc46169742789ad689833c 57ec2dce2f7a9fbbb574eb9225ff145897554fc04ab37afb65e20ace08ce8a59 Loading...

	www.googletagmanager.com/gtag/js?id=G-Y0TGQ6KH7Q	231 kB	2023-03-11	2023-03-11
Pretty URL www.googletagmanager.com/gtag/js?id=G-Y0TGQ6KH7Q IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-11 22:05:30 Times Seen1 Hash 0caf9930d14e99e388b57a152f12442e f0d83d2ce52746f4ca5f93c3280f0b4f45591bb2 5955a3fcba6d7ef49b1fe76a48ac09b53dc37b3c299349773da4b505ea58aa37 Loading...

	www.profitabledisplayformat.com/bd98676cadeb63e4d1975be98f431a6a/invoke.js	27 kB	2023-03-11	2023-03-11
Pretty URL www.profitabledisplayformat.com/bd98676cadeb63e4d1975be98f431a6a/invoke.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-11 22:05:30 Times Seen1 Hash b1d5f1d96d4427a64172128182d0a233 b9e00a6ea902530e46b4b423aee613b6ec907e3e 93eeb8a126283acb1858f8f7dab1bd2be4006c3547475026e5d3184a4cdfa436 Loading...

	c0.wp.com/c/6.1.1/wp-includes/js/comment-reply.min.js	3.0 kB	2023-03-07	2024-04-25
Pretty URL c0.wp.com/c/6.1.1/wp-includes/js/comment-reply.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-25 11:53:55 Times Seen29282 Hash 492f2c1a7ea7eb83fe42e0ff7cb51aa2 db36a77f6aaa2063bfbec02c2c0e967438c5a245 e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789 Loading...

	http:blank	145 B	2023-03-11	2023-03-25
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-25 23:00:06 Times Seen2 Hash 87b5c98626d04dc5f137914e34ecc3d7 0cf2250b7a3d1c01732c51482af2bbd4c5465f05 135e3a6c486c83fc76eb2139f1b804732374f181de2dfff8a8d529bd45e10757 Loading...

	cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js	84 kB	2023-03-07	2024-04-25
Pretty URL cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js IP 172.64.109.13 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:11 Last Seen2024-04-25 01:55:06 Times Seen552 Hash 6326c600df01e3bfb9b40e1aa08176f8 6b4fb754d29b297b539bf62ba9b4eaf0f33f314a df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3 Loading...

	c0.wp.com/c/6.1.1/wp-includes/js/jquery/jquery.min.js	90 kB	2023-03-08	2024-04-25
Pretty URL c0.wp.com/c/6.1.1/wp-includes/js/jquery/jquery.min.js IP 192.0.77.37 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:46 Last Seen2024-04-25 10:08:32 Times Seen31807 Hash 17738318d61d394f1de8890d589afaec f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3 cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981 Loading...

	www.officialnd.com/wp-content/plugins/wp-automatic/js/main-front.js?ver=6.1.1	1.0 kB	2023-03-07	2024-04-18
Pretty URL www.officialnd.com/wp-content/plugins/wp-automatic/js/main-front.js?ver=6.1.1 IP 66.29.146.22 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:21 Last Seen2024-04-18 11:49:27 Times Seen768 Hash 110e06930c2043d5439adeb9999f07f5 1294fd7195b1c2652c3627fe7a57f71d447313b3 d503937452e40c21fce10346b29287ad23b221a372547f248da87ca5efb55767 Loading...

	www.officialnd.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1	19 kB	2023-03-07	2024-04-25
Pretty URL www.officialnd.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 IP 66.29.146.22 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-25 04:27:26 Times Seen38041 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f	350 B	2023-03-11	2023-03-11
Pretty URL www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f IP 66.29.146.22 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-11 22:05:30 Times Seen1 Hash 0cb97d2e12411534e7f2ebbecde08108 a40edd0347bb1b380d08313f10ef8bc5f3a7bf10 b94df63c3852e97ef23333e03dbdbacfea07afdb0316f380568637cf2b5fbfa5 Loading...

	www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f	200 B	2023-03-11	2023-03-11
Pretty URL www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f IP 66.29.146.22 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-11 22:05:30 Times Seen1 Hash 5bff6325b50403791587385c29d04180 be45dc8793ecbe5b6a2262c0631b480b64bc0c08 89172b75206121f970085b095f118a493e7fbda863427c7ec6dbd84f6e28daa4 Loading...

	http:blank	3.4 kB	2023-03-11	2023-03-11
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-11 22:05:30 Times Seen1 Hash 48d2fc3ef1d51f06600eee2f0008ebcc 3fac194572c40f2fb8c0ce8fa57b9a6e28dd9a45 3ec71f13d891f32b8996b9a870e371b314387b784e8946862a0995a24ca6b47b Loading...

	www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f	252 B	2023-03-11	2023-03-11
Pretty URL www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f IP 66.29.146.22 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-11 22:05:30 Times Seen1 Hash b5687dec1139222990023e7fa4d87e82 90011b9197536c2616fc4f21d2d11183c2c9de70 58cec5dd3241ef264d26a2aeb428fa77edc9182cb97fcfbb78645afc5412a933 Loading...

	www.officialnd.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.2.1	3.8 kB	2023-03-07	2024-04-17
Pretty URL www.officialnd.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.2.1 IP 66.29.146.22 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:59 Last Seen2024-04-17 04:46:33 Times Seen250 Hash b27718aff74affd83d576672659ea188 06fb5d122016c11a5e404cdf878147dee60560c5 0891804a56327bacae315d5e5281bee36c729cabfe22697a28083eeb39eb8608 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 6c388f2a115add3d6950f7d500e79fec	2.1 kB	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-11 22:05:30 Times Seen1 Hash 6c388f2a115add3d6950f7d500e79fec ac748143468cdb563f480dc32da9eea63bee5285 98586e88d4cbf1b9bfd3f8c0d3c7fb0388eeb7c900da52af74e65ea6850f0cb9 Loading...

		Size	First Seen	Last Seen
	#1 Write - 6264ed7826b508b1fd8062ae0b12a3f9	129 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 22:05:30 Last Seen2023-03-11 22:05:30 Times Seen1 Hash 6264ed7826b508b1fd8062ae0b12a3f9 a1f7f593e4272ff33c605848e0e13147b522dbdf 3ef95d7c9d7eeefff68c94a1b5e29af49d3f3b70eb8baebd3915b9a016ad23df Loading...

HTTP Transactions (98)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8728
Expires: Tue, 29 Nov 2022 01:18:18 GMT
Date: Mon, 28 Nov 2022 22:52:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b56944f0e5716fd4fad2ec18994d4be
61cafa4de31ba960d1145ec37272f6f6b6944e0c
4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9414
Expires: Tue, 29 Nov 2022 01:29:44 GMT
Date: Mon, 28 Nov 2022 22:52:50 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2206
Cache-Control: max-age=130517
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:52:50 GMT
Etag: "63848df9-1d7"
Expires: Wed, 30 Nov 2022 11:08:07 GMT
Last-Modified: Mon, 28 Nov 2022 10:31:21 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: O6Ewuu70NHCxUTWrJBJwEAqJBfCuuTcBXLV8SAWUl3Q08iTOp9GJJm9cQblJLsYoV/1RgspW/sM=
x-amz-request-id: MAGMRM4MH5MX9N3J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 22:42:15 GMT
age: 635
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 22:19:33 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1997
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
a16aa3a13442abaff371333f4bc50a4e
858530df75d4e580546f61b01f90590633924d2d
8e86271564cfb475d858dec66077879101cc2e253b6f6912a35547ec05f94aad

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:52:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 27 Nov 2022 11:41:48 GMT
Expires: Sun, 04 Dec 2022 11:41:47 GMT
Etag: "858530df75d4e580546f61b01f90590633924d2d"
Cache-Control: max-age=477536,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7716ad225da8b4f9-OSL

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:52:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 22:08:55 GMT
cache-control: public,max-age=3600
age: 2636
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2261
Cache-Control: max-age=125505
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:52:51 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 09:44:36 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
6b4620c230107c4a41a550936ae73d30
41c55d76d7fec5f9e9b6b41c63be76039ab51d7b
84323dcb2bf41d37624d351e7102832e267b2af6772e06575f52012d510ebacb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4946
Cache-Control: max-age=120652
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:52:51 GMT
Etag: "63845cbd-116"
Expires: Wed, 30 Nov 2022 08:23:43 GMT
Last-Modified: Mon, 28 Nov 2022 07:01:17 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 278

c0.wp.com/c/6.1.1/wp-includes/css/classic-themes.min.css

192.0.77.37

200 OK

217 B

URL HTTP/2
c0.wp.com/c/6.1.1/wp-includes/css/classic-themes.min.css
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type
ASCII text
Size
217 B (217 bytes)
Hash
95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

HTTP Headers

GET /c/6.1.1/wp-includes/css/classic-themes.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
content-type: text/css
content-length: 217
last-modified: Tue, 25 Oct 2022 13:45:16 GMT
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:52:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:52:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:52:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.officialnd.com/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0

66.29.146.22

200 OK

537 B

URL HTTP/2
www.officialnd.com/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0
IP
66.29.146.22:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
537 B (537 bytes)
Hash
912417e2f1dc528315cd897c614a4728
b1a691de86c05ef439850bf18cc5747b1c777d0a
ff745eec876a0fe33c5b164e90a1196970ee2c5ce79a269002d6b928b993f469

HTTP Headers

GET /wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0 HTTP/1.1
Host: www.officialnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:08 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 15:37:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 537
date: Mon, 28 Nov 2022 22:52:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

www.officialnd.com/wp-content/themes/mh-magazine-lite/style.css?ver=2.9.2

66.29.146.22

200 OK

8.8 kB

URL HTTP/2
www.officialnd.com/wp-content/themes/mh-magazine-lite/style.css?ver=2.9.2
IP
66.29.146.22:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (739)
Size
8.8 kB (8842 bytes)
Hash
b4588be584fdfc6f3c8997ce49940a0f
f1b50682d29aa349889fea0469a12ed31deb25cb
c609f96251492512f62d975430d7d977a812b78031dad2797d12dbdf34d562db

HTTP Headers

GET /wp-content/themes/mh-magazine-lite/style.css?ver=2.9.2 HTTP/1.1
Host: www.officialnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:08 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 14:08:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8842
date: Mon, 28 Nov 2022 22:52:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

www.officialnd.com/wp-content/themes/mh-magazine-lite/includes/font-awesome.min.css

66.29.146.22

200 OK

6.7 kB

URL HTTP/2
www.officialnd.com/wp-content/themes/mh-magazine-lite/includes/font-awesome.min.css
IP
66.29.146.22:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (30837)
Size
6.7 kB (6658 bytes)
Hash
97c6ce9b4936f66aa388ad33c39aba2d
3f14a7e78fbb4935cf35c20779dc2035531849a9
1eea453c424793fc56ef14093c10b373e3ca8388a70e847394e8084048c5ce38

HTTP Headers

GET /wp-content/themes/mh-magazine-lite/includes/font-awesome.min.css HTTP/1.1
Host: www.officialnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:08 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 14:08:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6658
date: Mon, 28 Nov 2022 22:52:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

www.officialnd.com/wp-content/plugins/mango-buttons/public/style/mb-button.css?ver=1.2.9

66.29.146.22

200 OK

1.2 kB

URL HTTP/2
www.officialnd.com/wp-content/plugins/mango-buttons/public/style/mb-button.css?ver=1.2.9
IP
66.29.146.22:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
1.2 kB (1162 bytes)
Hash
41ea2be1c36e1072c97749245b63af65
364780ea2ef694eac94d8956878f37ac3254e018
fb57074e16a397f4dbd4f15a5e5350fdd9f209ba432cbe737362cdc5a649a4ac

HTTP Headers

GET /wp-content/plugins/mango-buttons/public/style/mb-button.css?ver=1.2.9 HTTP/1.1
Host: www.officialnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:08 GMT
content-type: text/css
last-modified: Sun, 13 Nov 2022 03:12:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1162
date: Mon, 28 Nov 2022 22:52:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

c0.wp.com/c/6.1.1/wp-includes/js/jquery/jquery.min.js

192.0.77.37

200 OK

31 kB

URL HTTP/2
c0.wp.com/c/6.1.1/wp-includes/js/jquery/jquery.min.js
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type
ASCII text, with very long lines (65447)
Size
31 kB (30628 bytes)
Hash
516b8eeec753644c36caed02fa772f64
f649469b7076d28d98012226b67c6784c83774d4
e25632c803fb07736dfe1fcbb1f85f90811e6cee465edaa237b5b2d33d73ca8d

HTTP Headers

GET /c/6.1.1/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 19 Sep 2022 14:16:24 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-Y0TGQ6KH7Q

142.250.74.168

200 OK

80 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-Y0TGQ6KH7Q
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (25492)
Size
80 kB (79605 bytes)
Hash
036b2320d6f0229d4f7fc3e8eb5f3d3e
24c5ee87324303b6fbee75ace87713cad5de9019
2e4e1d0d0051defd148144d2ca9d0765518a4a086e921d733c361e4127f46b5e

HTTP Headers

GET /gtag/js?id=G-Y0TGQ6KH7Q HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 28 Nov 2022 22:52:51 GMT
expires: Mon, 28 Nov 2022 22:52:51 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79605
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:52:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:52:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.officialnd.com/wp-content/plugins/wp-automatic/js/main-front.js?ver=6.1.1

66.29.146.22

200 OK

316 B

URL HTTP/2
www.officialnd.com/wp-content/plugins/wp-automatic/js/main-front.js?ver=6.1.1
IP
66.29.146.22:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
316 B (316 bytes)
Hash
98562a00d396f4e497bd060365515379
b6e09dd87b22b6a7293551423b3e318d4a504ada
da6c3b5ec1baea8dfefe9a30abfa3ee6ba64464cb5ff44856d0704fb45323d40

HTTP Headers

GET /wp-content/plugins/wp-automatic/js/main-front.js?ver=6.1.1 HTTP/1.1
Host: www.officialnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:08 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 15:37:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 316
date: Mon, 28 Nov 2022 22:52:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

www.officialnd.com/wp-content/themes/mh-magazine-lite/js/scripts.js?ver=2.9.2

66.29.146.22

200 OK

11 kB

URL HTTP/2
www.officialnd.com/wp-content/themes/mh-magazine-lite/js/scripts.js?ver=2.9.2
IP
66.29.146.22:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (21960)
Size
11 kB (11268 bytes)
Hash
2eadad08e686f6256300f68abbc9e781
79d828e10925973c9d60cc8465971233e0abdbba
11bc9f9824f106fcd705a41ffad0ec8ab8d6515ee403b9b0e4de85545acbcea7

HTTP Headers

GET /wp-content/themes/mh-magazine-lite/js/scripts.js?ver=2.9.2 HTTP/1.1
Host: www.officialnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:08 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 14:08:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11268
date: Mon, 28 Nov 2022 22:52:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

www.officialnd.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.2.1

66.29.146.22

200 OK

918 B

URL HTTP/2
www.officialnd.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.2.1
IP
66.29.146.22:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
918 B (918 bytes)
Hash
ff98a2d5f2f2ad26eb5e4ac74aa9702b
83bf52f910c78babbe737914acc7e36a8b0f35df
9158326d8570a2ac4ecf0d34c7befd54bb857a0c139a3e19dd19bf894642ec89

HTTP Headers

GET /wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.2.1 HTTP/1.1
Host: www.officialnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:07 GMT
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 18:48:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 918
date: Mon, 28 Nov 2022 22:52:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

www.officialnd.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1

66.29.146.22

200 OK

4.6 kB

URL HTTP/2
www.officialnd.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP
66.29.146.22:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (15660)
Size
4.6 kB (4619 bytes)
Hash
0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: www.officialnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 05 Dec 2022 22:52:07 GMT
content-type: application/javascript
last-modified: Tue, 12 Apr 2022 15:26:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4619
date: Mon, 28 Nov 2022 22:52:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

push.services.mozilla.com/

100.20.30.105

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
100.20.30.105:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qRFKtJ2Ob5Hb613QOB7OGA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XS0F/IFJdki0MCvXGTOb8GDipiU=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
417026ffcf017bb63ec97c8422595242
db286af6e87434de4a8201c7ad609903844c61d9
8f233b2cfb7372dbc20740aca75a14a438fbd608989f7aa51aab13dbad874938

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F233B2CFB7372DBC20740ACA75A14A438FBD608989F7AA51AAB13DBAD874938"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3373
Expires: Mon, 28 Nov 2022 23:49:05 GMT
Date: Mon, 28 Nov 2022 22:52:52 GMT
Connection: keep-alive

phoosi.com/wp-content/uploads/2022/06/2-44.jpg

191.96.56.201

200 OK

6.6 kB

URL HTTP/2
phoosi.com/wp-content/uploads/2022/06/2-44.jpg
IP
191.96.56.201:0
ASN
#61317 Ipxo Uk Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 612x350, components 3\012- data
Size
6.6 kB (6551 bytes)
Hash
8e6bcc971d1d779dbcdb68c722ca72a9
a36915d3c5656427ab5f6bc113a180160016e41c
30cbfe30d1fb4ed11d8dce1d9beae05e1c904ab7ea512f4281ef270ad9bb2a6b

HTTP Headers

GET /wp-content/uploads/2022/06/2-44.jpg HTTP/1.1
Host: phoosi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 28 Nov 2023 22:52:52 GMT
content-type: image/jpeg
last-modified: Sat, 25 Jun 2022 09:36:14 GMT
accept-ranges: bytes
content-length: 6551
date: Mon, 28 Nov 2022 22:52:52 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

pl16977271.highperformancecpmgate.com/83/ae/aa/83aeaa6b3377a47861dd648f772d716c.js

192.243.61.225

200 OK

13 kB

URL HTTP/1.1
pl16977271.highperformancecpmgate.com/83/ae/aa/83aeaa6b3377a47861dd648f772d716c.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (37131), with no line terminators
Size
13 kB (13400 bytes)
Hash
a8e398dd6db96339a041e31b2dc8c4fc
8a69c8f0ae66f2d6ac58e00f091cd196c4c31d90
4fffa7d4bb401235614d1d078984def32d72adc50d542564c5c401d44c0d38be

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /83/ae/aa/83aeaa6b3377a47861dd648f772d716c.js HTTP/1.1
Host: pl16977271.highperformancecpmgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 28 Nov 2022 22:52:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a050172fa9d803afd8ef86c9ada31fc5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

c0.wp.com/c/6.1.1/wp-includes/js/comment-reply.min.js

192.0.77.37

200 OK

1.7 kB

URL HTTP/2
c0.wp.com/c/6.1.1/wp-includes/js/comment-reply.min.js
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type
ASCII text, with very long lines (2946)
Size
1.7 kB (1701 bytes)
Hash
a61d5ee76218981b21353bf83f7624c7
4df8502f1e93e98db466c466b3fa295a643d0d36
7a480796b9c459bacfea4951ef3d2bace7c99d442498f97430f1475e841d6066

HTTP Headers

GET /c/6.1.1/wp-includes/js/comment-reply.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:52:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
55703d3bfe2eb684148ed6c064f04955
7ebd83b433d0f21d992c54c5cb686fac8031a0cf
ace43109e30792780c3b526994d017abac37d7bedec0382de7b0fb3a10d62041

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "ACE43109E30792780C3B526994D017ABAC37D7BEDEC0382DE7B0FB3A10D62041"
Last-Modified: Sun, 27 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8323
Expires: Tue, 29 Nov 2022 01:11:35 GMT
Date: Mon, 28 Nov 2022 22:52:52 GMT
Connection: keep-alive

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.195

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 05:42:51 GMT
expires: Fri, 24 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 407401
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:52:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

143.204.42.156

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
94d394d6beaad25971b7f1e02d93b841
07359fac8e3e5c10dee86bdb0d2a468ab90d8f9a
06c4f25efd09668ee6bc8cc7b4d278841c5abb5d31c0e029cda8b43c4ee4a489

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=140137
Date: Mon, 28 Nov 2022 22:52:52 GMT
Etag: "6384b816-1d7"
Expires: Wed, 30 Nov 2022 13:48:29 GMT
Last-Modified: Mon, 28 Nov 2022 13:31:02 GMT
Server: ECS (nyb/1D06)
X-Cache: Miss from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jDb3QUXzbSaF2r1SHtHpAwtWWRD21vV1GglMn7RJnUvuwZkcEXv85Q==
Age: 1047

maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=4.3.0

104.18.11.207

200 OK

5.4 kB

URL HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=4.3.0
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (23577)
Size
5.4 kB (5410 bytes)
Hash
3d4c8902bff0f20c09d0a1588ce59aca
a7694b2fd88668acdb744d12da74498e6d7bedca
cdbe6432f74adc6f8c98d0d827771b46d2b6803a4e176b3e8e5f51af34049b91

HTTP Headers

GET /font-awesome/4.3.0/css/font-awesome.min.css?ver=4.3.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:52:51 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 21:08:57
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: f4e260a1f051a51bf706bf42d8bf3299
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 5297118
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7716ad270836b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
55703d3bfe2eb684148ed6c064f04955
7ebd83b433d0f21d992c54c5cb686fac8031a0cf
ace43109e30792780c3b526994d017abac37d7bedec0382de7b0fb3a10d62041

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "ACE43109E30792780C3B526994D017ABAC37D7BEDEC0382DE7B0FB3A10D62041"
Last-Modified: Sun, 27 Nov 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8323
Expires: Tue, 29 Nov 2022 01:11:35 GMT
Date: Mon, 28 Nov 2022 22:52:52 GMT
Connection: keep-alive

region1.google-analytics.com/g/collect?v=2&tid=G-Y0TGQ6KH7Q&gtm=2oeb90&_p=1923557931&cid=1411466859.1669675971&ul=en-us&sr=1280x1024&_s=1&sid=1669675971&sct=1&seg=0&dl=https%3A%2F%2Fwww.officialnd.com%2Fcole-van-note-announces-johnson-county-data-breach-investigation-officialnd%2F%3Ffeed_id%3D42740%26_unique_id%3D6385136460c1f&dt=Cole%20%26%20Van%20Note%20Announces%20Johnson%20County%20Data%20Breach%20Investigation%20%C2%BB%20officialnd%20%E2%80%93%20OfficialND&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-Y0TGQ6KH7Q&gtm=2oeb90&_p=1923557931&cid=1411466859.1669675971&ul=en-us&sr=1280x1024&_s=1&sid=1669675971&sct=1&seg=0&dl=https%3A%2F%2Fwww.officialnd.com%2Fcole-van-note-announces-johnson-county-data-breach-investigation-officialnd%2F%3Ffeed_id%3D42740%26_unique_id%3D6385136460c1f&dt=Cole%20%26%20Van%20Note%20Announces%20Johnson%20County%20Data%20Breach%20Investigation%20%C2%BB%20officialnd%20%E2%80%93%20OfficialND&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-Y0TGQ6KH7Q&gtm=2oeb90&_p=1923557931&cid=1411466859.1669675971&ul=en-us&sr=1280x1024&_s=1&sid=1669675971&sct=1&seg=0&dl=https%3A%2F%2Fwww.officialnd.com%2Fcole-van-note-announces-johnson-county-data-breach-investigation-officialnd%2F%3Ffeed_id%3D42740%26_unique_id%3D6385136460c1f&dt=Cole%20%26%20Van%20Note%20Announces%20Johnson%20County%20Data%20Breach%20Investigation%20%C2%BB%20officialnd%20%E2%80%93%20OfficialND&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.officialnd.com
date: Mon, 28 Nov 2022 22:52:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ecf9d0f97eecb3d4bf9d89c6470ca33
c44c7b8f173243a226f6b747c73d16c7880c82f3
bcf459d144029c2f585741de7d15019a4622856bc34feeffa76615ed59db6c4e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BCF459D144029C2F585741DE7D15019A4622856BC34FEEFFA76615ED59DB6C4E"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17030
Expires: Tue, 29 Nov 2022 03:36:42 GMT
Date: Mon, 28 Nov 2022 22:52:52 GMT
Connection: keep-alive

fonts.googleapis.com/css?family=Open+Sans:400,400italic,700,600

142.250.74.10

200 OK

11 kB

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:400,400italic,700,600
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (26984)
Size
11 kB (10611 bytes)
Hash
404e22f4c5fb17ba201dece040f140d6
cd51e214f1c8d56507a2c205bba1708e9f41d6bd
28dd026296e80cdbc9bed03c958f71575c3393426d8ea2067d926b58976abef4

HTTP Headers

GET /css?family=Open+Sans:400,400italic,700,600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 22:52:51 GMT
date: Mon, 28 Nov 2022 22:52:51 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

pixel.wp.com/g.gif?v=ext&blog=211968167&post=37705&tz=5&srv=www.officialnd.com&j=1%3A11.5.1&host=www.officialnd.com&ref=&fcp=1931&rand=0.16967945628137548

192.0.76.3

200 OK

50 B

URL HTTP/2
pixel.wp.com/g.gif?v=ext&blog=211968167&post=37705&tz=5&srv=www.officialnd.com&j=1%3A11.5.1&host=www.officialnd.com&ref=&fcp=1931&rand=0.16967945628137548
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type
GIF image data, version 89a, 6 x 5\012- data
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?v=ext&blog=211968167&post=37705&tz=5&srv=www.officialnd.com&j=1%3A11.5.1&host=www.officialnd.com&ref=&fcp=1931&rand=0.16967945628137548 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:52:53 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
f6cfc2d928d16436d2d2ba14743e7f72
8a0b8be6b23cba807fd44351fe683d51c49256da
080b151b35f2301d20d54eb684426139a6c97bb950a0441875559c151b81d74c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=91935
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:52:53 GMT
Etag: "6383ffe4-117"
Expires: Wed, 30 Nov 2022 00:25:08 GMT
Last-Modified: Mon, 28 Nov 2022 00:25:08 GMT
Server: nginx
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
5e8c2d94ac5837e396de5c60fa58e2bd
6ad5f0c7312230ca7eb2cd4d61e0a4c5565bc97e
fb8583076a68608096bb19db1931a1fd12e4863206cf2fa55599f251c3d27a6a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=159244
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:52:53 GMT
Etag: "638506d1-117"
Expires: Wed, 30 Nov 2022 19:06:57 GMT
Last-Modified: Mon, 28 Nov 2022 19:06:57 GMT
Server: nginx
Content-Length: 279

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8755
Expires: Tue, 29 Nov 2022 01:18:48 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8755
Expires: Tue, 29 Nov 2022 01:18:48 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

fonts.googleapis.com/css?family=Open+Sans%3A400%2C300%2C700&ver=6.1.1

142.250.74.10

200 OK

1.2 kB

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans%3A400%2C300%2C700&ver=6.1.1
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
1.2 kB (1187 bytes)
Hash
1340360b5af853930919056fef3f6913
eff51fab4b450a47ea1eda66ebfadb69110e5381
c5d803f9ed9dda7676a07420e4634a7691b3bb593f38e13077f085a61057dd2a

HTTP Headers

GET /css?family=Open+Sans%3A400%2C300%2C700&ver=6.1.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 22:52:51 GMT
date: Mon, 28 Nov 2022 22:52:51 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4871 bytes)
Hash
a4058fd62595d15c58b3d3266de9865a
d0dff35eb78f129b5da407043037bcf9c27e55c0
ab996c23d58871a2ad53f0c34688c87f0d7c0eac5d0c1d8265b86951248449fe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4871
x-amzn-requestid: e2dfa7b8-ded7-4104-a913-1b84746a3c6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLDUUEy_oAMFgSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638118e8-0b229e0f60ff019d26800dd9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 19:35:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9BUuT9WFwAQMnl8JiTDKo-zHgDL0AdjAAAIh0Mx405zbGwhvRouebQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 12:30:42 GMT
age: 37331
etag: "d0dff35eb78f129b5da407043037bcf9c27e55c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.withinnigeria.com/entertainment/wp-content/uploads/sites/6/2022/11/ifeoluwaunusual/2022/11/28/3E158536-0C81-4132-9A09-1A480A7832D8.jpeg

104.26.15.210

200 OK

114 kB

URL HTTP/2
www.withinnigeria.com/entertainment/wp-content/uploads/sites/6/2022/11/ifeoluwaunusual/2022/11/28/3E158536-0C81-4132-9A09-1A480A7832D8.jpeg
IP
104.26.15.210:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 850x460, components 3\012- data
Size
114 kB (113575 bytes)
Hash
0996e999f0e5057ecfbb6fb4bc4ee965
43e789c9d51c26e5edff229d4f3d188ce6a6011e
9210f64eb7974cc2022e6131a21110a892f0a714eff1088bb6d9711720337a7a

HTTP Headers

GET /entertainment/wp-content/uploads/sites/6/2022/11/ifeoluwaunusual/2022/11/28/3E158536-0C81-4132-9A09-1A480A7832D8.jpeg HTTP/1.1
Host: www.withinnigeria.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:52:53 GMT
content-type: image/jpeg
content-length: 113575
cache-control: max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=122262, status=webp_bigger
access-control-allow-origin: *
etag: "63850ccf-1dd96"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 28 Nov 2022 19:32:31 GMT
referrer-policy: strict-origin-when-cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WordOps
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w6MKevLFj0X9owlYyeFTHbZ3MQAVXlGOEIiWyiu7mylLoBtQZnS9AWvcgtXia6%2BoiVXiIP4fWTimARULXw98Rx3LKbOPagoL4%2B9SxNj1SecdZUK2HptaB6t5fUmc8WTy6tFQ3i5HLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7716ad313d101c06-OSL
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee65fe0-e370-42e3-be13-065dcb4d76e1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4862 bytes)
Hash
748366131b496e41f92e15ce7d1cd0e0
a6c7a59a6599ece2cf0e76c778c920dea94ff469
b9ea2d419742c67e2b14536379e7383524f22645b1af988d5bd72154647fc602

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faee65fe0-e370-42e3-be13-065dcb4d76e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4862
x-amzn-requestid: 17c6fb35-2dc8-45e4-a226-a74ba94323b3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYlHXxIAMFcpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5d0-5a0f4f667a3747166eb2b338;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XDdox2fz8xWMEWiTlHtpk_EeS6NUmzBRyWO3fTe47FfJOOvIehST1Q==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 09:08:40 GMT
age: 49453
etag: "a6c7a59a6599ece2cf0e76c778c920dea94ff469"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

c0.wp.com/c/6.1.1/wp-includes/css/dist/block-library/style.min.css

192.0.77.37

200 OK

18 kB

URL HTTP/2
c0.wp.com/c/6.1.1/wp-includes/css/dist/block-library/style.min.css
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type
ASCII text, with very long lines (47826)
Size
18 kB (17628 bytes)
Hash
aee9ae1c0757e6ee9e15c6c718d45950
d94902108164a559b28fcbbfb57da968ca03d59d
6f416d70b3d8de0e8d35b2f47dfe9dbbaee0ee7ffbf6634885b470f7d49d1b53

HTTP Headers

GET /c/6.1.1/wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 11 Nov 2022 14:56:45 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
3b1321c5f0e4b56276253fe7bc64c254
b2bf33a94e8d06d3dbca14821ce8a79083e54216
97ddae71f18ac3b849e6904eca94ad70896eb734bf8a43b1ed49706a26707f84

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "97DDAE71F18AC3B849E6904ECA94AD70896EB734BF8A43B1ED49706A26707F84"
Last-Modified: Mon, 28 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4491
Expires: Tue, 29 Nov 2022 00:07:44 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad01b94-5d16-49b9-bf3e-5742e02ae8b6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8796 bytes)
Hash
7e44c46db2ac9917110dc47aa38fdc85
b5b245c90705ad80c31d457c0d7c96709ca31e96
5024225a583b188860eaf21f7196c06cef8b2e89389ae4b1df6e314399f3b2ae

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad01b94-5d16-49b9-bf3e-5742e02ae8b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8796
x-amzn-requestid: 2eed036c-fcda-425b-8c5d-0b0ff31214a0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEEWMIAMFwKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-5cb071a2098d43d909eb8d5c;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uWzs8gOBoczTeYXB7-FfJemWbh-hYHwNcR3b9BM5VtJ55NRUzCZeTQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 09:53:45 GMT
age: 46748
etag: "b5b245c90705ad80c31d457c0d7c96709ca31e96"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5cb3e8f86da8f2a7e63b018579b5773e
e6d5b49298e968f11242152d33c12f34fab53759
d6f98e2943d76b0ea5438c702d5694853b6967f5b6b51a80461cae9dae6fec4b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D6F98E2943D76B0EA5438C702D5694853B6967F5B6B51A80461CAE9DAE6FEC4B"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4290
Expires: Tue, 29 Nov 2022 00:04:23 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F306bb762-e2a8-4771-9a39-086c46f94b11.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7549 bytes)
Hash
415b1b1d5a29fc17b4114bb3df1d1c22
600859401c885cc2cdd1f199cccc198eb41d6a04
abfbf4ecf2423736a29686859f6a8f2b77204b48f3f60d208f6d491e80611e7f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F306bb762-e2a8-4771-9a39-086c46f94b11.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7549
x-amzn-requestid: bb37235a-8c7d-47fe-abb6-6cc633560165
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP-7lHmsoAMF9lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638311e3-1f2a4abc40119f3e026dc393;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:29:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -aUqAfyrtMO0hkr2J2lm5SNNFdtaJj-F2dpBULvXjfOV205Ksm0iHw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:42:03 GMT
age: 4250
etag: "600859401c885cc2cdd1f199cccc198eb41d6a04"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f14d18e0fbcae5ddd2d6dfcdf01e7c59
e38da905debd44205ebc6abb628d381c8ec3d3d6
21c884064648ce280ecbff448fe69a9e9b25e605d408ff26a0bd1630191e4617

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "21C884064648CE280ECBFF448FE69A9E9B25E605D408FF26A0BD1630191E4617"
Last-Modified: Mon, 28 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4039
Expires: Tue, 29 Nov 2022 00:00:12 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8460 bytes)
Hash
516776052e5e906ea9f42d25bae5cc85
be4c4d01fc67218e26a3e9d27a2f708e639c9d4b
28e70e38cfad65ad8a7a68ab1dc78747c7013a87b854fc35b163cc5765cd0570

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8460
x-amzn-requestid: 51416479-3854-4f1a-9d86-35e104c57f6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnkHuZIAMF-_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852963-180b323d4a45fa2f29f9b1fc;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3MKambAjrBl64HI6hBuOtNJi3Tj6gxtwH_lOfk0WNX15UnCrAJbNig==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:48:54 GMT
age: 3839
etag: "be4c4d01fc67218e26a3e9d27a2f708e639c9d4b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.the-sun.com/wp-content/uploads/sites/6/2022/11/2022-group-h-soccer-match-779014041.jpg?strip=all&quality=100&w=1920&h=1080&crop=1

143.204.55.92

200 OK

2.6 MB

URL HTTP/2
www.the-sun.com/wp-content/uploads/sites/6/2022/11/2022-group-h-soccer-match-779014041.jpg?strip=all&quality=100&w=1920&h=1080&crop=1
IP
143.204.55.92:0
ASN
#16509 AMAZON-02

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.6 MB (2633290 bytes)
Hash
a7e10bb70474b2fc65085377c61a2997
4e88f227f659fa02878c4265e6aae15ef89a2cc8
776479779ba63bf83760e363308c2aff0a615ffe0c8ffb747e4402efeca3af06

HTTP Headers

GET /wp-content/uploads/sites/6/2022/11/2022-group-h-soccer-match-779014041.jpg?strip=all&quality=100&w=1920&h=1080&crop=1 HTTP/1.1
Host: www.the-sun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/webp
content-length: 2633290
server: nginx
date: Mon, 28 Nov 2022 22:52:53 GMT
last-modified: Mon, 28 Nov 2022 19:59:57 GMT
expires: Tue, 28 Nov 2023 19:59:57 GMT
etag: "ad535aa754662a70"
strict-transport-security: max-age=31536000
cache-control: max-age=2592000
x-rq: lhr2 109 200 443
accept-ranges: bytes
set-cookie: nuk_customer_country_code=NO; Path=/; Secure; SameSite=None
nuk_customer_region_code=03; Path=/; Secure; SameSite=None
x-cache: Miss from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ys1-isPwC-eseFJfTTJZCvFYtSXtnoqnFVzJ0I0klFZGtip4ulARuQ==
X-Firefox-Spdy: h2

www.newpakweb.com/wp-content/uploads/2022/11/images-31.jpeg

172.67.74.52

200 OK

25 kB

URL HTTP/2
www.newpakweb.com/wp-content/uploads/2022/11/images-31.jpeg
IP
172.67.74.52:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 512x288, components 3\012- data
Size
25 kB (25437 bytes)
Hash
3d1473105c25356e422a1b2e7f7026fb
789488450341eaf3090352a4794ae01e1dd1b0b4
6ac0a5066069bd2314aa1d1e95d3605a2b63ba60d883fd75d1e0ad444f8c6b1f

HTTP Headers

GET /wp-content/uploads/2022/11/images-31.jpeg HTTP/1.1
Host: www.newpakweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:52:53 GMT
content-type: image/jpeg
content-length: 25437
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=26167, status=webp_bigger
etag: "6384e182-6637"
last-modified: Mon, 28 Nov 2022 16:27:46 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RDUo6wBXTm0CLVx5E81HkkDiDoQfoNSloET6rO%2Fa84%2FcHcXqno9aJpbqF5Gy8Y8FHWXx4DFWd%2FPaB51M77Y9Qt34tGwUNoHaI8J2eNm7RUhNBUQ6FCJRSl%2BdheXTgq2EJZCF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad316a18b4ed-OSL
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8a8b4f8e30f5a5b06dad47294c569e8
ad85deb8880913bac87caaa90f68bd72e847f5ae
d3e70b7f28dfd3bf61205ab67a77b8ab61ceb27d0654c4f9c81e80ab5f12045a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3E70B7F28DFD3BF61205AB67A77B8AB61CEB27D0654C4F9C81E80AB5F12045A"
Last-Modified: Sun, 27 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12485
Expires: Tue, 29 Nov 2022 02:20:58 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

hydnews.in/wp-content/uploads/2022/11/Lions-Expected-to-Get-Key-Offensive-Defensive-Starters-Back-Week.jpg

104.21.77.222

200 OK

53 kB

URL HTTP/2
hydnews.in/wp-content/uploads/2022/11/Lions-Expected-to-Get-Key-Offensive-Defensive-Starters-Back-Week.jpg
IP
104.21.77.222:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 780x438, components 3\012- data
Size
53 kB (53212 bytes)
Hash
290319b1ee896bc4f4cc5c9db991cc1f
21486b80225a899ec57971be3e9406a719fdab65
66e513573dc3ec3f702d4acb5fd3ede36ea3020c4e9234cca0eb54e14bedd411

HTTP Headers

GET /wp-content/uploads/2022/11/Lions-Expected-to-Get-Key-Offensive-Defensive-Starters-Back-Week.jpg HTTP/1.1
Host: hydnews.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:52:53 GMT
content-type: image/jpeg
content-length: 53212
cache-control: public, max-age=10368000
expires: Tue, 28 Mar 2023 22:52:53 GMT
last-modified: Mon, 28 Nov 2022 19:53:29 GMT
vary: User-Agent,Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BfHtEZTLU76bb4ripXGSiFbBaBMjaa88T6zH0yMd3VtQJp5SFE%2FwMSt%2BJAYYTFhZiTOJl%2BRqXpdugtxmpEeGLUNvVTLmBgjFatt6etoltYkn%2BnxxLBiQCKk0SkJ2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7716ad31c9d8b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
3b1321c5f0e4b56276253fe7bc64c254
b2bf33a94e8d06d3dbca14821ce8a79083e54216
97ddae71f18ac3b849e6904eca94ad70896eb734bf8a43b1ed49706a26707f84

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "97DDAE71F18AC3B849E6904ECA94AD70896EB734BF8A43B1ED49706A26707F84"
Last-Modified: Mon, 28 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4491
Expires: Tue, 29 Nov 2022 00:07:44 GMT
Date: Mon, 28 Nov 2022 22:52:53 GMT
Connection: keep-alive

tallysaturatesnare.com/watch.1502918346394.js?key=bd98676cadeb63e4d1975be98f431a6a&kw=%5B%22cole%22%2C%22van%22%2C%22note%22%2C%22announces%22%2C%22johnson%22%2C%22county%22%2C%22data%22%2C%22breach%22%2C%22investigation%22%2C%22%C2%BB%22%2C%22officialnd%22%2C%22%E2%80%93%22%2C%22officialnd%22%5D&refer=https%3A%2F%2Fwww.officialnd.com%2Fcole-van-note-announces-johnson-county-data-breach-investigation-officialnd%2F%3Ffeed_id%3D42740%26_unique_id%3D6385136460c1f&tz=0&dev=e&res=12.1055&uuid=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1

192.243.59.13

307 Temporary Redirect

0 B

URL HTTP/1.1
tallysaturatesnare.com/watch.1502918346394.js?key=bd98676cadeb63e4d1975be98f431a6a&kw=%5B%22cole%22%2C%22van%22%2C%22note%22%2C%22announces%22%2C%22johnson%22%2C%22county%22%2C%22data%22%2C%22breach%22%2C%22investigation%22%2C%22%C2%BB%22%2C%22officialnd%22%2C%22%E2%80%93%22%2C%22officialnd%22%5D&refer=https%3A%2F%2Fwww.officialnd.com%2Fcole-van-note-announces-johnson-county-data-breach-investigation-officialnd%2F%3Ffeed_id%3D42740%26_unique_id%3D6385136460c1f&tz=0&dev=e&res=12.1055&uuid=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.1502918346394.js?key=bd98676cadeb63e4d1975be98f431a6a&kw=%5B%22cole%22%2C%22van%22%2C%22note%22%2C%22announces%22%2C%22johnson%22%2C%22county%22%2C%22data%22%2C%22breach%22%2C%22investigation%22%2C%22%C2%BB%22%2C%22officialnd%22%2C%22%E2%80%93%22%2C%22officialnd%22%5D&refer=https%3A%2F%2Fwww.officialnd.com%2Fcole-van-note-announces-johnson-county-data-breach-investigation-officialnd%2F%3Ffeed_id%3D42740%26_unique_id%3D6385136460c1f&tz=0&dev=e&res=12.1055&uuid=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:53 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.officialnd.com
Access-Control-Allow-Origin: https://www.officialnd.com
Access-Control-Allow-Credentials: true
Location: https://tallysaturatesnare.com/watch.1502918346394.js?key=bd98676cadeb63e4d1975be98f431a6a&kw=%5B%22cole%22%2C%22van%22%2C%22note%22%2C%22announces%22%2C%22johnson%22%2C%22county%22%2C%22data%22%2C%22breach%22%2C%22investigation%22%2C%22%C2%BB%22%2C%22officialnd%22%2C%22%E2%80%93%22%2C%22officialnd%22%5D&refer=https%3A%2F%2Fwww.officialnd.com%2Fcole-van-note-announces-johnson-county-data-breach-investigation-officialnd%2F%3Ffeed_id%3D42740%26_unique_id%3D6385136460c1f&tz=0&dev=e&res=12.1055&uuid=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1&shu=c6bc41276d6d7aa24fd6c7a29fdb6c32d1f1aecd3933f96e3deead93998a525512410b8d561dcf3cb5b1cfcaeff82a3635e681fb557b5d3f87a3af5c10d120bff2fc0b54df6192450700dc539fd37eea51a37575&pst=1669676033&rmtc=t
Set-Cookie: u_pl=16876768; expires=Tue, 29 Nov 2022 22:52:53 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjg3Njc2OCwiayI6ImJkOTg2NzZjYWRlYjYzZTRkMTk3NWJlOThmNDMxYTZhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzQ2MjIyLCJwaWQiOjM1NzkyMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJoZWRpNWMyNzMiLCJjcGtzIjp7ICIyOCI6ImZlM2IzMjkwZjA5MThiNzI4ZDAwZGYzYTY4MWRjNjY1In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5vZmZpY2lhbG5kLmNvbS9jb2xlLXZhbi1ub3RlLWFubm91bmNlcy1qb2huc29uLWNvdW50eS1kYXRhLWJyZWFjaC1pbnZlc3RpZ2F0aW9uLW9mZmljaWFsbmQvP2ZlZWRfaWQ9NDI3NDBcdTAwMjZfdW5pcXVlX2lkPTYzODUxMzY0NjBjMWYifX0.OdgTco6DrZUOmB3hMWeTjAWwOJW9ZDEfTpVcjJgOjj8; expires=Mon, 28 Nov 2022 22:53:53 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9f29cda41ecdf80dee259e06c772e157
Strict-Transport-Security: max-age=0; includeSubdomains

wastedinvaluable.com/sbar.json?key=83aeaa6b3377a47861dd648f772d716c&uuid=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1

192.243.59.13

200 OK

4.1 kB

URL HTTP/1.1
wastedinvaluable.com/sbar.json?key=83aeaa6b3377a47861dd648f772d716c&uuid=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with very long lines (5880), with no line terminators
Size
4.1 kB (4082 bytes)
Hash
85f9b2bf1d49cd6d2ac06c20ff6a8e7c
93a6fc0315c31897bfe091b08f4cc359a956ee50
5624c4f2f54b8e28a3e6f26f746e64af2a500e2238c08f09e7a86d738e10c128

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sbar.json?key=83aeaa6b3377a47861dd648f772d716c&uuid=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:54 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.officialnd.com
Access-Control-Allow-Origin: https://www.officialnd.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16876772; expires=Tue, 29 Nov 2022 22:52:53 GMT; secure; SameSite=None
uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; expires=Mon, 05 Dec 2022 22:52:53 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None
uncs=1; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None
slec83aeaa6b3377a47861dd648f772d716c=[3760946]; expires=Mon, 28 Nov 2022 22:52:59 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6bda2ed5febc4c7f93d87cbaa9aafa4e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

192.243.59.13

200 OK

2.0 kB

URL HTTP/1.1
tallysaturatesnare.com/watch.1502918346394.js?key=bd98676cadeb63e4d1975be98f431a6a&kw=%5B%22cole%22%2C%22van%22%2C%22note%22%2C%22announces%22%2C%22johnson%22%2C%22county%22%2C%22data%22%2C%22breach%22%2C%22investigation%22%2C%22%C2%BB%22%2C%22officialnd%22%2C%22%E2%80%93%22%2C%22officialnd%22%5D&refer=https%3A%2F%2Fwww.officialnd.com%2Fcole-van-note-announces-johnson-county-data-breach-investigation-officialnd%2F%3Ffeed_id%3D42740%26_unique_id%3D6385136460c1f&tz=0&dev=e&res=12.1055&uuid=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1&shu=c6bc41276d6d7aa24fd6c7a29fdb6c32d1f1aecd3933f96e3deead93998a525512410b8d561dcf3cb5b1cfcaeff82a3635e681fb557b5d3f87a3af5c10d120bff2fc0b54df6192450700dc539fd37eea51a37575&pst=1669676033&rmtc=t
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (2518)
Size
2.0 kB (2037 bytes)
Hash
2aaf1ce45f3f3c95e34370ac35f4323f
b9801332c3c580108c53b97a4d0970ba450080a2
5cbc28dfd7ce12d4f32ed6e7891f803f7e4f2c68f0e6c2e6460cfdf833801038

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.1502918346394.js?key=bd98676cadeb63e4d1975be98f431a6a&kw=%5B%22cole%22%2C%22van%22%2C%22note%22%2C%22announces%22%2C%22johnson%22%2C%22county%22%2C%22data%22%2C%22breach%22%2C%22investigation%22%2C%22%C2%BB%22%2C%22officialnd%22%2C%22%E2%80%93%22%2C%22officialnd%22%5D&refer=https%3A%2F%2Fwww.officialnd.com%2Fcole-van-note-announces-johnson-county-data-breach-investigation-officialnd%2F%3Ffeed_id%3D42740%26_unique_id%3D6385136460c1f&tz=0&dev=e&res=12.1055&uuid=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1&shu=c6bc41276d6d7aa24fd6c7a29fdb6c32d1f1aecd3933f96e3deead93998a525512410b8d561dcf3cb5b1cfcaeff82a3635e681fb557b5d3f87a3af5c10d120bff2fc0b54df6192450700dc539fd37eea51a37575&pst=1669676033&rmtc=t HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Referer: https://www.officialnd.com/
Connection: keep-alive
Cookie: u_pl=16876768; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjg3Njc2OCwiayI6ImJkOTg2NzZjYWRlYjYzZTRkMTk3NWJlOThmNDMxYTZhIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNzQ2MjIyLCJwaWQiOjM1NzkyMSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJoZWRpNWMyNzMiLCJjcGtzIjp7ICIyOCI6ImZlM2IzMjkwZjA5MThiNzI4ZDAwZGYzYTY4MWRjNjY1In0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5vZmZpY2lhbG5kLmNvbS9jb2xlLXZhbi1ub3RlLWFubm91bmNlcy1qb2huc29uLWNvdW50eS1kYXRhLWJyZWFjaC1pbnZlc3RpZ2F0aW9uLW9mZmljaWFsbmQvP2ZlZWRfaWQ9NDI3NDBcdTAwMjZfdW5pcXVlX2lkPTYzODUxMzY0NjBjMWYifX0.OdgTco6DrZUOmB3hMWeTjAWwOJW9ZDEfTpVcjJgOjj8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.officialnd.com
Access-Control-Allow-Origin: https://www.officialnd.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; expires=Mon, 05 Dec 2022 22:52:54 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None
uncs=1; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None
pdhtkv5=true; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None
uncs5=1; expires=Tue, 29 Nov 2022 22:52:54 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cf08590726e4eeae115d5817927a7e22
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

wastedinvaluable.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSujhsQPRkEUVRGEIngzvbPzPSMOSzGGAnmjySSi5f6691yq7uaqu7p3cXDYlRyENzgxWPvN7tZ1BCSu6LMBkEGhIwH2YN78uJBFII5y8wOLD6oeq%2Fq%2Bw7v%2B977bKs8ID5Kun%2F5gllXWtOFdtNvnLyuMmEq17h4rRH4Tf9U47rKOq1TjdXJZftvBn676b%2FeeFfyFbMQ%2BoHvB37QOKusTMzqwhSFyu%2F0gmbPb7bCZtBuYdX%2B%2F%2B1KD456EP0DcgJKjI8v%2F3wfig%2BRpffOSLdSmPyNd9JS08JY9MXu%2B9lKZqoM6VGZWA9Jtjtjw7gxIV8dg8l2Zwpg%2BtsTBWBqTLzfArBsd9YmWH%2FnsFOmITMw8TSq%2FhBSD6HoENzcgBIPCcAFLl5Clt6%2BaGxF1w5ROkHHZO7xI6hqTOZ%2BfxZZeve0VquNq0aXhTKZw2pSQ60OoZaGyMs9FOseVLUHXnwMJX4hC4%2FPI0u3LzltoMT%2Bq4J24o7gbL4dJdF8i3XofLcdh%2FMhC6NuROMwjjtTi5QaQiVDaLkJ6jyUk6M8lImHMveQiv0GbfcS348TlkRRt8U5jyLO292OaIuo1U18lHyiYRNFvgmuN8HtBnK7gRV162H7BGz5I9xyDSc8uIKgL2pUkqByBBUlqBRBVRBU%2FXpHaBe6%2BrbQrmTBLIezHNUDUyxt0R1TLMmMbOUH5JmJd573yR9YkfuNbkQlpR0WRXFMW3G3EwjRaXWTOA5FHHQ4nKqh3LGp0nU1Ji%2FsNJGrMTnefwWM7sHpPXD1Imj5Emg1iEMfdHnQ6vpYz%2B5msnJUU1u4JjcphKmRF3Mo1rwtfUCen06xx0NIPlp8NPzig5P%2F7oHbGrmt8aF6QLCkbw6umIpsXzGVI%2Fcv5YVK1TqdTPhqQQs59817cq0yVpw74za%2FfotPgEl555p0xXmaCZUtOfLtaSWEtGeN5ZJ8f85dl%2Bxy6ZZPlzYr8%2FOX3z57Ls2tdE6ZbAiqHsZfgqsxeerCxnR3X%2F78AZQdwpY10nJEZgFl9sDzDbh8tPj3R3%2FdWrb34AyB1UcclnuoynpgQ3b0qdWYhI%2Beg5ajxe%2FuPBm89ucaKKvh5JENTI5%2B%2BOeQv%2BVuYsl6oMUNZGmNvq3R1zWo3oQrnxgUuR0t%2FhpNA0x7A6att8201bcO7XVqvyHbiZ9IP5Qs6bEkpr7oJa0eo71AxqxNAxRuzD899dN%2FAAAA%2F%2F8BAAD%2F%2F86u29iXBAAA

192.243.59.13

200 OK

7 B

URL HTTP/1.1
wastedinvaluable.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSujhsQPRkEUVRGEIngzvbPzPSMOSzGGAnmjySSi5f6691yq7uaqu7p3cXDYlRyENzgxWPvN7tZ1BCSu6LMBkEGhIwH2YN78uJBFII5y8wOLD6oeq%2Fq%2Bw7v%2B977bKs8ID5Kun%2F5gllXWtOFdtNvnLyuMmEq17h4rRH4Tf9U47rKOq1TjdXJZftvBn676b%2FeeFfyFbMQ%2BoHvB37QOKusTMzqwhSFyu%2F0gmbPb7bCZtBuYdX%2B%2F%2B1KD456EP0DcgJKjI8v%2F3wfig%2BRpffOSLdSmPyNd9JS08JY9MXu%2B9lKZqoM6VGZWA9Jtjtjw7gxIV8dg8l2Zwpg%2BtsTBWBqTLzfArBsd9YmWH%2FnsFOmITMw8TSq%2FhBSD6HoENzcgBIPCcAFLl5Clt6%2BaGxF1w5ROkHHZO7xI6hqTOZ%2BfxZZeve0VquNq0aXhTKZw2pSQ60OoZaGyMs9FOseVLUHXnwMJX4hC4%2FPI0u3LzltoMT%2Bq4J24o7gbL4dJdF8i3XofLcdh%2FMhC6NuROMwjjtTi5QaQiVDaLkJ6jyUk6M8lImHMveQiv0GbfcS348TlkRRt8U5jyLO292OaIuo1U18lHyiYRNFvgmuN8HtBnK7gRV162H7BGz5I9xyDSc8uIKgL2pUkqByBBUlqBRBVRBU%2FXpHaBe6%2BrbQrmTBLIezHNUDUyxt0R1TLMmMbOUH5JmJd573yR9YkfuNbkQlpR0WRXFMW3G3EwjRaXWTOA5FHHQ4nKqh3LGp0nU1Ji%2FsNJGrMTnefwWM7sHpPXD1Imj5Emg1iEMfdHnQ6vpYz%2B5msnJUU1u4JjcphKmRF3Mo1rwtfUCen06xx0NIPlp8NPzig5P%2F7oHbGrmt8aF6QLCkbw6umIpsXzGVI%2Fcv5YVK1TqdTPhqQQs59817cq0yVpw74za%2FfotPgEl555p0xXmaCZUtOfLtaSWEtGeN5ZJ8f85dl%2Bxy6ZZPlzYr8%2FOX3z57Ls2tdE6ZbAiqHsZfgqsxeerCxnR3X%2F78AZQdwpY10nJEZgFl9sDzDbh8tPj3R3%2FdWrb34AyB1UcclnuoynpgQ3b0qdWYhI%2Beg5ajxe%2FuPBm89ucaKKvh5JENTI5%2B%2BOeQv%2BVuYsl6oMUNZGmNvq3R1zWo3oQrnxgUuR0t%2FhpNA0x7A6att8201bcO7XVqvyHbiZ9IP5Qs6bEkpr7oJa0eo71AxqxNAxRuzD899dN%2FAAAA%2F%2F8BAAD%2F%2F86u29iXBAAA
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSujhsQPRkEUVRGEIngzvbPzPSMOSzGGAnmjySSi5f6691yq7uaqu7p3cXDYlRyENzgxWPvN7tZ1BCSu6LMBkEGhIwH2YN78uJBFII5y8wOLD6oeq%2Fq%2Bw7v%2B977bKs8ID5Kun%2F5gllXWtOFdtNvnLyuMmEq17h4rRH4Tf9U47rKOq1TjdXJZftvBn676b%2FeeFfyFbMQ%2BoHvB37QOKusTMzqwhSFyu%2F0gmbPb7bCZtBuYdX%2B%2F%2B1KD456EP0DcgJKjI8v%2F3wfig%2BRpffOSLdSmPyNd9JS08JY9MXu%2B9lKZqoM6VGZWA9Jtjtjw7gxIV8dg8l2Zwpg%2BtsTBWBqTLzfArBsd9YmWH%2FnsFOmITMw8TSq%2FhBSD6HoENzcgBIPCcAFLl5Clt6%2BaGxF1w5ROkHHZO7xI6hqTOZ%2BfxZZeve0VquNq0aXhTKZw2pSQ60OoZaGyMs9FOseVLUHXnwMJX4hC4%2FPI0u3LzltoMT%2Bq4J24o7gbL4dJdF8i3XofLcdh%2FMhC6NuROMwjjtTi5QaQiVDaLkJ6jyUk6M8lImHMveQiv0GbfcS348TlkRRt8U5jyLO292OaIuo1U18lHyiYRNFvgmuN8HtBnK7gRV162H7BGz5I9xyDSc8uIKgL2pUkqByBBUlqBRBVRBU%2FXpHaBe6%2BrbQrmTBLIezHNUDUyxt0R1TLMmMbOUH5JmJd573yR9YkfuNbkQlpR0WRXFMW3G3EwjRaXWTOA5FHHQ4nKqh3LGp0nU1Ji%2FsNJGrMTnefwWM7sHpPXD1Imj5Emg1iEMfdHnQ6vpYz%2B5msnJUU1u4JjcphKmRF3Mo1rwtfUCen06xx0NIPlp8NPzig5P%2F7oHbGrmt8aF6QLCkbw6umIpsXzGVI%2Fcv5YVK1TqdTPhqQQs59817cq0yVpw74za%2FfotPgEl555p0xXmaCZUtOfLtaSWEtGeN5ZJ8f85dl%2Bxy6ZZPlzYr8%2FOX3z57Ls2tdE6ZbAiqHsZfgqsxeerCxnR3X%2F78AZQdwpY10nJEZgFl9sDzDbh8tPj3R3%2FdWrb34AyB1UcclnuoynpgQ3b0qdWYhI%2Beg5ajxe%2FuPBm89ucaKKvh5JENTI5%2B%2BOeQv%2BVuYsl6oMUNZGmNvq3R1zWo3oQrnxgUuR0t%2FhpNA0x7A6att8201bcO7XVqvyHbiZ9IP5Qs6bEkpr7oJa0eo71AxqxNAxRuzD899dN%2FAAAA%2F%2F8BAAD%2F%2F86u29iXBAAA HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:54 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1ddc49fbaea6f4f56969242191a60ac0
Strict-Transport-Security: max-age=0; includeSubdomains

tallysaturatesnare.com/fe/3b/32/fe3b3290f0918b728d00df3a681dc665.js

192.243.59.13

200 OK

29 kB

URL HTTP/1.1
tallysaturatesnare.com/fe/3b/32/fe3b3290f0918b728d00df3a681dc665.js
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
29 kB (28770 bytes)
Hash
541720d2daa10cf9b51ee4e5de71bb69
b6b9a1695e59bce9e0abaaac9d2f6cac7d9b832d
e615dfc488e2219d5565ace862baf4b76cc81495b03168a3f81ad2bbeac7ba5d

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /fe/3b/32/fe3b3290f0918b728d00df3a681dc665.js HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 84c9658079f5ded2c8f8da3176cbad53
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d02308d366e622aa26e632ea017600cc
c16673d53c20ac70efbda483ca12b4374a76105c
ad8ccb9b049120b7e44a79dcbc9caab326567933cfce70608bc812237319a0ec

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD8CCB9B049120B7E44A79DCBC9CAAB326567933CFCE70608BC812237319A0EC"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13102
Expires: Tue, 29 Nov 2022 02:31:16 GMT
Date: Mon, 28 Nov 2022 22:52:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c7afa63a2e765a5889feedb036228204
546d048429118d6ff49049b948a6d39c3706b4e1
ce33ebbd5115ffaac9721eacc50f458d369b30dbc875379c5602fe846d078207

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE33EBBD5115FFAAC9721EACC50F458D369B30DBC875379C5602FE846D078207"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4693
Expires: Tue, 29 Nov 2022 00:11:07 GMT
Date: Mon, 28 Nov 2022 22:52:54 GMT
Connection: keep-alive

cdn.cloudimagesb.com/bi/21/36/8c/21368cfd3bd87429f35209612ffb15ef/1668177353.gif

45.133.44.10

200 OK

156 kB

URL HTTP/2
cdn.cloudimagesb.com/bi/21/36/8c/21368cfd3bd87429f35209612ffb15ef/1668177353.gif
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
GIF image data, version 89a, 300 x 250\012- data
Size
156 kB (156304 bytes)
Hash
d699eae0d8e7df3c924ffc8f52b04e9e
10607ae43cb8975304e65d5eb45dcebdfc505836
b6ec5d7c75f1abe4005e7c1e66a1345a97e44c5a14d2662e9594acc53e3f9e4c

HTTP Headers

GET /bi/21/36/8c/21368cfd3bd87429f35209612ffb15ef/1668177353.gif HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:52:54 GMT
content-type: image/gif
content-length: 156304
server: nginx/1.17.6
last-modified: Fri, 11 Nov 2022 14:36:01 GMT
etag: "636e5dd1-26290"
expires: Wed, 30 Nov 2022 22:52:54 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
3c6c713a6e569b6be734df3c5442f6d4
43dcd58bac78d858d9803004bb155b3828b96768
dd4366f4e239f7d5d0f9cc61a611dd994ac8b25ec0faa273f2c85c19b41dfa87

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "DD4366F4E239F7D5D0F9CC61A611DD994AC8B25EC0FAA273F2C85C19B41DFA87"
Last-Modified: Mon, 28 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7948
Expires: Tue, 29 Nov 2022 01:05:22 GMT
Date: Mon, 28 Nov 2022 22:52:54 GMT
Connection: keep-alive

www.officialnd.com/favicon.ico

66.29.146.22

404 Not Found

1.2 kB

URL HTTP/2
www.officialnd.com/favicon.ico
IP
66.29.146.22:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.officialnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
Cookie: _ga_Y0TGQ6KH7Q=GS1.1.1669675971.1.0.1669675971.0.0.0; _ga=GA1.1.1411466859.1669675971; dom3ic8zudi28v8lr6fgphwffqoz0j6c=da676dcb-53f3-4b6a-8572-2b2383a72776%3A1%3A1; sb_main_83aeaa6b3377a47861dd648f772d716c=1; sb_count_83aeaa6b3377a47861dd648f772d716c=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=wastedinvaluable.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Mon, 28 Nov 2022 22:52:54 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=413

192.243.59.13

200 OK

0 B

URL HTTP/1.1
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=413
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Findex.html&l=3323&fd=413 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
627775c3a804fa2b204735ad46d1de68
71155acfaa5212049108b355b07665432467cc1a
937e883cae16f19760094e80022ae925e2723678dfde030638ebd64e72523820

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "937E883CAE16F19760094E80022AE925E2723678DFDE030638EBD64E72523820"
Last-Modified: Sun, 27 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11135
Expires: Tue, 29 Nov 2022 01:58:29 GMT
Date: Mon, 28 Nov 2022 22:52:54 GMT
Connection: keep-alive

cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png

172.64.109.13

200 OK

9.4 kB

URL HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 240 x 240, 8-bit colormap, non-interlaced\012- data
Size
9.4 kB (9360 bytes)
Hash
910542c04f8bf2f90ee33d17d538a006
18d5943e5d51539038f7988c34bccef2937c5545
5969cb3c5c4f573f5c05035ddf9748ee17d5c71df6fca4e484f65d30e2694e57

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/img/flash-logo.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:52:54 GMT
content-type: image/png
content-length: 9360
last-modified: Wed, 01 Sep 2021 12:22:39 GMT
etag: "612f708f-2490"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1155524
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHj1LZ5Wzb4s%2BqeT2ZKxXhdpeUd7b%2Bf5E1TIVD8dRKOiEpLk%2BUU%2FkAMaX%2FR1q2mcUhgTI6ysPq9WrECG1O5dsNcLfET7DqMFGJPvunYkoDM6OtviTAP6iuxw52jwGaLkKf2NBUEbO%2F7%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad39bd247737-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js

172.64.109.13

200 OK

31 kB

URL HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32025), with CRLF line terminators
Size
31 kB (31006 bytes)
Hash
43699024b9d409a0e5b1bf8f521f0642
92fbb1a5522d50c9d58fb051e6d0c0a5c2f82348
33ca494d91c9a984cf2d8dd0d9daec822933233ecb9a244a65836c9f82a9b91f

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:52:54 GMT
content-type: application/javascript
last-modified: Wed, 01 Sep 2021 12:22:37 GMT
etag: W/"612f708d-149a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1155524
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XlaB9XairJ5JXwME%2FECWjnxDlV9aUTWynGAJ0ekLIaNdGjjMD8DMdhBOwNhXNZweQvSgh3JhYjUqxS9YoLu%2FmOXy75vnPJq02Pm0Qo1uY36V%2F3lSBmf4%2BQNtssKUCcY0YmDK%2BkZdbCbd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad39bd267737-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

lightssyrupdecree.com/pixel/purst?dl=0&th=0&sc=0&rs=3727&rd=3727&fd=1058&bv=22.10.v.10&tmpl=136

173.233.137.44

200 OK

0 B

URL HTTP/1.1
lightssyrupdecree.com/pixel/purst?dl=0&th=0&sc=0&rs=3727&rd=3727&fd=1058&bv=22.10.v.10&tmpl=136
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=3727&rd=3727&fd=1058&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: lightssyrupdecree.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 28 Nov 2022 22:52:54 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fanimate.css&l=79249&fd=322

192.243.59.13

200 OK

0 B

URL HTTP/1.1
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fanimate.css&l=79249&fd=322
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fanimate.css&l=79249&fd=322 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fstyle.css&l=4522&fd=325

192.243.59.13

200 OK

0 B

URL HTTP/1.1
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fstyle.css&l=4522&fd=325
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fcss%2Fstyle.css&l=4522&fd=325 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fjs%2Fscript.js&l=23003&fd=379

192.243.59.13

200 OK

0 B

URL HTTP/1.1
wastedinvaluable.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fjs%2Fscript.js&l=23003&fd=379
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2FflashPlayer%2Fmac%2Fmulti%2F1%2Fjs%2Fscript.js&l=23003&fd=379 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c1e0e890fa0d9f79c9d31d7e51050c45
7c8320ddaac9a281a8e991a370e7f04f56b52667
952ea85225c5754b61c1b640ca341fadec09162769ff53870d86ac578839feea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "952EA85225C5754B61C1B640CA341FADEC09162769FF53870D86AC578839FEEA"
Last-Modified: Sun, 27 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1042
Expires: Mon, 28 Nov 2022 23:10:17 GMT
Date: Mon, 28 Nov 2022 22:52:55 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c1e0e890fa0d9f79c9d31d7e51050c45
7c8320ddaac9a281a8e991a370e7f04f56b52667
952ea85225c5754b61c1b640ca341fadec09162769ff53870d86ac578839feea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "952EA85225C5754B61C1B640CA341FADEC09162769FF53870D86AC578839FEEA"
Last-Modified: Sun, 27 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1042
Expires: Mon, 28 Nov 2022 23:10:17 GMT
Date: Mon, 28 Nov 2022 22:52:55 GMT
Connection: keep-alive

unseenreport.com/pxf.gif?uuid=da676dcb-53f3-4b6a-8572-2b2383a72776&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=fe3b3290f0918b728d00df3a681dc665&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22

192.243.59.12

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=da676dcb-53f3-4b6a-8572-2b2383a72776&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=fe3b3290f0918b728d00df3a681dc665&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=da676dcb-53f3-4b6a-8572-2b2383a72776&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=fe3b3290f0918b728d00df3a681dc665&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 68dee5253fd5aa68fb69472c3822ba28
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=da676dcb-53f3-4b6a-8572-2b2383a72776&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=83aeaa6b3377a47861dd648f772d716c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22

192.243.59.12

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=da676dcb-53f3-4b6a-8572-2b2383a72776&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=83aeaa6b3377a47861dd648f772d716c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=da676dcb-53f3-4b6a-8572-2b2383a72776&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=83aeaa6b3377a47861dd648f772d716c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0e4b1f12dee53ef40c36d177d92127c8
Strict-Transport-Security: max-age=0; includeSubdomains

wastedinvaluable.com/pixel/sbs?c=1

192.243.59.13

200 OK

0 B

URL HTTP/1.1
wastedinvaluable.com/pixel/sbs?c=1
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

wastedinvaluable.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSujhsQPRkEUVRGEIngzvbPzPSMOSzGGAnmjySSi5fqqurZcqu7mqru6dnFw2JUchCc4MVj7ze7WdQQkruizARBBoSMB9mDe%2FLiQRSCOcvMDiw%2BqHqv6vsO7%2Fve%2B2y7OCAuCrp%2F%2BYLelErRlWbdrZ28LlOuS1u7eK3muXX3VO26TFuNU7X%2B7DK9Nz23WXdfr70r2Lpe8V3PdT3Xq52VRsS6vzJHIbM7Ha%2FecesNv%2B41G%2Bib%2F79t4cBSB7x3QE5A8unxtZ%2FvQ7IR0uTeGWHXc5298U5SKJprgx7fez9dT3WZIjkqY%2BMgTvcWbGg7JeSrY9Dp3kIBdG9npgCRnBLnNw9RurdoE1Fv97DTSEGkiPjTKHsjCDWCpCMwfQOSPyQA47h4CWly%2B6I2Jd04ROkMnZKlx48gyylZ%2Bv1ZpMnd00r2a1e1KnKpU4t%2BXEH2R5DdEbJijHzTgSzHYPnHkPwXsvL4PNJk55JVGpLvv8ppK2xxFi03gzhYbkQtutxuhv6yH%2FlBO6ChH4atuUVSjiDjEZQYgFoHxexIB0XsoMgcJHy%2FRpud2HXDOIqDoN1gjAUBY812izd50GjHLgo20zBAng3A1ADMbCEzW1iXtx42T8AUP8KuVbDcgc0JerxCKQhKS1BSglISlDlB2at2ubK%2BrW5zZYvIW2R%2FkYNqqPPuNt3VeVekZDs7IM%2FMvHOcT%2F7AutivtQMqKG1FQRCGtBG2Wx7nrUY7DkOfh16LwcoK0h6bK92UU%2FLCbh2ZnJLjvVcQ0TGsGoPJF0GLl0DLYei7oGvDRtvFZno3FaWliprc1plOwHWFLF9CvuFsqwPy%2FHyKHeZDsMnqo9EXH5z8dwxmKmSmwofyAUFX3Rxe0SXZuaJLS%2B5fynKZyE06m%2FDVnOZi6Zv3xEapDT93xg6%2BfovNgFl555qw%2BXmacpl2Lfn2tORcmLPaMEG%2BP2evi%2BhyYddOFyYtsvOX3z57LsmMsFbqdAQqH4ZfgskpeerC1nx3X%2F78AaQZwRQVkmJCFgGpx2DZFmw2Wf37o79urZl7sJrAqCNOlDkoi2po%2FOjoU8kp8R89ByUmq9%2FdedJ77c8N0KiCFUc2RGLywz%2BH%2FG17E13jgOY3kCYVeqZCT1WgagBbPDHMMzNZ%2FTWYByLlDCNlnJ1IGXXr0F4r92tNryHaUTtknEeCcS%2BcbbXr%2Bpw3wo7wOsjtlH166qf%2FAAAA%2F%2F8BAAD%2F%2F9qmVT6XBAAA

192.243.59.13

200 OK

7 B

URL HTTP/1.1
wastedinvaluable.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSujhsQPRkEUVRGEIngzvbPzPSMOSzGGAnmjySSi5fqqurZcqu7mqru6dnFw2JUchCc4MVj7ze7WdQQkruizARBBoSMB9mDe%2FLiQRSCOcvMDiw%2BqHqv6vsO7%2Fve%2B2y7OCAuCrp%2F%2BYLelErRlWbdrZ28LlOuS1u7eK3muXX3VO26TFuNU7X%2B7DK9Nz23WXdfr70r2Lpe8V3PdT3Xq52VRsS6vzJHIbM7Ha%2FecesNv%2B41G%2Bib%2F79t4cBSB7x3QE5A8unxtZ%2FvQ7IR0uTeGWHXc5298U5SKJprgx7fez9dT3WZIjkqY%2BMgTvcWbGg7JeSrY9Dp3kIBdG9npgCRnBLnNw9RurdoE1Fv97DTSEGkiPjTKHsjCDWCpCMwfQOSPyQA47h4CWly%2B6I2Jd04ROkMnZKlx48gyylZ%2Bv1ZpMnd00r2a1e1KnKpU4t%2BXEH2R5DdEbJijHzTgSzHYPnHkPwXsvL4PNJk55JVGpLvv8ppK2xxFi03gzhYbkQtutxuhv6yH%2FlBO6ChH4atuUVSjiDjEZQYgFoHxexIB0XsoMgcJHy%2FRpud2HXDOIqDoN1gjAUBY812izd50GjHLgo20zBAng3A1ADMbCEzW1iXtx42T8AUP8KuVbDcgc0JerxCKQhKS1BSglISlDlB2at2ubK%2BrW5zZYvIW2R%2FkYNqqPPuNt3VeVekZDs7IM%2FMvHOcT%2F7AutivtQMqKG1FQRCGtBG2Wx7nrUY7DkOfh16LwcoK0h6bK92UU%2FLCbh2ZnJLjvVcQ0TGsGoPJF0GLl0DLYei7oGvDRtvFZno3FaWliprc1plOwHWFLF9CvuFsqwPy%2FHyKHeZDsMnqo9EXH5z8dwxmKmSmwofyAUFX3Rxe0SXZuaJLS%2B5fynKZyE06m%2FDVnOZi6Zv3xEapDT93xg6%2BfovNgFl555qw%2BXmacpl2Lfn2tORcmLPaMEG%2BP2evi%2BhyYddOFyYtsvOX3z57LsmMsFbqdAQqH4ZfgskpeerC1nx3X%2F78AaQZwRQVkmJCFgGpx2DZFmw2Wf37o79urZl7sJrAqCNOlDkoi2po%2FOjoU8kp8R89ByUmq9%2FdedJ77c8N0KiCFUc2RGLywz%2BH%2FG17E13jgOY3kCYVeqZCT1WgagBbPDHMMzNZ%2FTWYByLlDCNlnJ1IGXXr0F4r92tNryHaUTtknEeCcS%2BcbbXr%2Bpw3wo7wOsjtlH166qf%2FAAAA%2F%2F8BAAD%2F%2F9qmVT6XBAAA
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTYgcRRSujhsQPRkEUVRGEIngzvbPzPSMOSzGGAnmjySSi5fqqurZcqu7mqru6dnFw2JUchCc4MVj7ze7WdQQkruizARBBoSMB9mDe%2FLiQRSCOcvMDiw%2BqHqv6vsO7%2Fve%2B2y7OCAuCrp%2F%2BYLelErRlWbdrZ28LlOuS1u7eK3muXX3VO26TFuNU7X%2B7DK9Nz23WXdfr70r2Lpe8V3PdT3Xq52VRsS6vzJHIbM7Ha%2FecesNv%2B41G%2Bib%2F79t4cBSB7x3QE5A8unxtZ%2FvQ7IR0uTeGWHXc5298U5SKJprgx7fez9dT3WZIjkqY%2BMgTvcWbGg7JeSrY9Dp3kIBdG9npgCRnBLnNw9RurdoE1Fv97DTSEGkiPjTKHsjCDWCpCMwfQOSPyQA47h4CWly%2B6I2Jd04ROkMnZKlx48gyylZ%2Bv1ZpMnd00r2a1e1KnKpU4t%2BXEH2R5DdEbJijHzTgSzHYPnHkPwXsvL4PNJk55JVGpLvv8ppK2xxFi03gzhYbkQtutxuhv6yH%2FlBO6ChH4atuUVSjiDjEZQYgFoHxexIB0XsoMgcJHy%2FRpud2HXDOIqDoN1gjAUBY812izd50GjHLgo20zBAng3A1ADMbCEzW1iXtx42T8AUP8KuVbDcgc0JerxCKQhKS1BSglISlDlB2at2ubK%2BrW5zZYvIW2R%2FkYNqqPPuNt3VeVekZDs7IM%2FMvHOcT%2F7AutivtQMqKG1FQRCGtBG2Wx7nrUY7DkOfh16LwcoK0h6bK92UU%2FLCbh2ZnJLjvVcQ0TGsGoPJF0GLl0DLYei7oGvDRtvFZno3FaWliprc1plOwHWFLF9CvuFsqwPy%2FHyKHeZDsMnqo9EXH5z8dwxmKmSmwofyAUFX3Rxe0SXZuaJLS%2B5fynKZyE06m%2FDVnOZi6Zv3xEapDT93xg6%2BfovNgFl555qw%2BXmacpl2Lfn2tORcmLPaMEG%2BP2evi%2BhyYddOFyYtsvOX3z57LsmMsFbqdAQqH4ZfgskpeerC1nx3X%2F78AaQZwRQVkmJCFgGpx2DZFmw2Wf37o79urZl7sJrAqCNOlDkoi2po%2FOjoU8kp8R89ByUmq9%2FdedJ77c8N0KiCFUc2RGLywz%2BH%2FG17E13jgOY3kCYVeqZCT1WgagBbPDHMMzNZ%2FTWYByLlDCNlnJ1IGXXr0F4r92tNryHaUTtknEeCcS%2BcbbXr%2Bpw3wo7wOsjtlH166qf%2FAAAA%2F%2F8BAAD%2F%2F9qmVT6XBAAA HTTP/1.1
Host: wastedinvaluable.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Cookie: u_pl=16876772; uid_id2=da676dcb-53f3-4b6a-8572-2b2383a72776:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec83aeaa6b3377a47861dd648f772d716c=[3760946]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 22:52:55 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c988ee1be530fa1c847650d9fdd4195c
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg

172.64.109.13

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:52:54 GMT
content-type: image/svg+xml
last-modified: Wed, 01 Sep 2021 12:22:39 GMT
etag: W/"612f708f-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1155524
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hiYGbs8fbtCVZRCihmJ3%2FQ1uUPIS182X0hRWPzJo4g5RPO43K6MHVTKMFGDYVsOoWmSo218hh554ym%2BIIhgaees3IGHZIJ606TijBgJGYGJcwhGBIZ4iobnhGKQOwwEQ7PqOu1YK3dUw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad39bd1c7737-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css

172.64.109.13

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:52:54 GMT
content-type: text/css
last-modified: Wed, 01 Sep 2021 12:22:34 GMT
etag: W/"612f708a-11aa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TOQwPGCChn0NpOhvCsXhH93TZjvXxK%2FwEHDqSya4gz6snmNR0BcY9Gez3DTkyNUeGavNPdEmSPEbmVm%2BcOkvx3gBrzB4AbWle%2FofRRAIiChH61JG5o%2BaG2CHPRmFNv2OCCKZOkd7HChR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad397cc37737-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

c0.wp.com/c/6.1.1/wp-includes/js/jquery/jquery-migrate.min.js

192.0.77.37

200 OK

0 B

URL HTTP/2
c0.wp.com/c/6.1.1/wp-includes/js/jquery/jquery-migrate.min.js
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /c/6.1.1/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/p/jetpack/11.5.1/css/jetpack.css

192.0.77.37

200 OK

0 B

URL HTTP/2
c0.wp.com/p/jetpack/11.5.1/css/jetpack.css
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /p/jetpack/11.5.1/css/jetpack.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 25 Oct 2022 13:51:34 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

stats.wp.com/e-202248.js

192.0.76.3

200 OK

0 B

URL HTTP/2
stats.wp.com/e-202248.js
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /e-202248.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"62f6b688-3508"
content-encoding: br
expires: Mon, 20 Nov 2023 01:50:03 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2

www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f

66.29.146.22

200 OK

0 B

URL HTTP/2
www.officialnd.com/cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f
IP
66.29.146.22:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cole-van-note-announces-johnson-county-data-breach-investigation-officialnd/?feed_id=42740&_unique_id=6385136460c1f HTTP/1.1
Host: www.officialnd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
x-pingback: https://www.officialnd.com/xmlrpc.php
link: <https://www.officialnd.com/wp-json/>; rel="https://api.w.org/", <https://www.officialnd.com/wp-json/wp/v2/posts/37705>; rel="alternate"; type="application/json", <https://www.officialnd.com/?p=37705>; rel=shortlink
etag: "68301-1669665642;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding
date: Mon, 28 Nov 2022 22:52:51 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

c0.wp.com/c/6.1.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

192.0.77.37

200 OK

0 B

URL HTTP/2
c0.wp.com/c/6.1.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /c/6.1.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

c0.wp.com/c/6.1.1/wp-includes/js/mediaelement/wp-mediaelement.min.css

192.0.77.37

200 OK

0 B

URL HTTP/2
c0.wp.com/c/6.1.1/wp-includes/js/mediaelement/wp-mediaelement.min.css
IP
192.0.77.37:0
ASN
#2635 AUTOMATTIC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /c/6.1.1/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:52:51 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Tue, 28 Nov 2023 22:52:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

172.64.141.24

200 OK

0 B

URL HTTP/2
friendshipmale.com/sfp.js
IP
172.64.141.24:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:52:52 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 19d851f71d72e082635eb2ca89cbb6fb
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 28 Nov 2022 22:52:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8gOE6tIroYDG89sYy0nzLmw7r6ENvCaFlG09Hmk0InNXAYkHid4oswlXQKaaRzV9h6Ifd38ENNCfMQWy7Ir%2FOYWjmTjqB4hhrx6MRP9iO3sKJgcLGlnO4oLlspcOBrb39HII7xg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad2c1a0a7714-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/interstitial/software/flashPlayer/mac/multi/1/index.html

45.133.44.3

200 OK

0 B

URL HTTP/2
cdn.barscreative1.com/sb/interstitial/software/flashPlayer/mac/multi/1/index.html
IP
45.133.44.3:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:52:54 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 01 Sep 2021 12:22:33 GMT
etag: W/"612f7089-cfb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Mon, 28 Nov 2022 23:52:54 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/animate.css

172.64.109.13

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/css/animate.css
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:52:54 GMT
content-type: text/css
last-modified: Wed, 01 Sep 2021 12:22:34 GMT
etag: W/"612f708a-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rAGnYJN2%2Bbxs%2FKk2h9FO2O9RN9DGZ6Bt7i9obLt8S%2FKutzkvlny7WgbEdqULjkbSZl378nuMqWh%2By0jFVjrjtiIqAWe6Lj5CUYN19h7dCUsKbsfvpEqbIMmKV7v5i1Vu4ebHaujNPPKl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad397cba7737-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/script.js

172.64.109.13

200 OK

0 B

URL HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/flashPlayer/mac/multi/1/js/script.js
IP
172.64.109.13:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sb/interstitial/software/flashPlayer/mac/multi/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.officialnd.com
Connection: keep-alive
Referer: https://www.officialnd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:52:55 GMT
content-type: application/javascript
last-modified: Wed, 01 Sep 2021 12:22:36 GMT
etag: W/"612f708c-7082"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNCPftpAPndJghFd6we4iE5z%2F5OKrVJrCB7xm2VdVb%2BQ%2BNbQGxFFLNStM2xHQNFquOnrfgvRbZ%2FaVt2d%2B3YaL8djiiEEIy%2FS9EvwbGI3%2FoWc0vdXFKHjxW57HFTiVDdtl8VkcQRGMVoz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7716ad3a4e557737-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations