www.hasnews.net/2022/04/jobs-index-latest.html
142.250.74.179 49 kB URL www.hasnews.net/2022/04/jobs-index-latest.html
IP 142.250.74.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1395), with CR, LF line terminators
Hash bbfa0997b98cb28e9b2a6751dd2d861a
cbd0613c97ef98e224a9618aa1f60b7b6189a4af
def9a5ef01d948c85d6f237e21879eed27fac40eb5e3afb14aea512f6d76a37d
GET /2022/04/jobs-index-latest.html HTTP/1.1
Host: www.hasnews.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Mon, 08 May 2023 10:51:18 GMT
Date: Mon, 08 May 2023 10:51:18 GMT
Cache-Control: private, max-age=0
Last-Modified: Mon, 08 May 2023 10:51:12 GMT
ETag: W/"6f498a044091bf215f789c811d5c478773744c73ae6c8c1f94b3abdb81b05553"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 49240
Server: GSE
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/fontawesome.min.css
104.17.24.14200 OK 10 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/fontawesome.min.css
IP 104.17.24.14:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (57726)
Hash 3df0b27b3e75de7efd800af1d77d56cc
e8138ee186548f18db7642d80860124b86809446
f8d00356859998784bda26e1d14f2d981515921b96ded50d5d6f6f0e75bac15c
GET /ajax/libs/font-awesome/5.15.1/css/fontawesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.hasnews.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:18 GMT
content-type: text/css; charset=utf-8
content-length: 10256
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f7b5b5f-e238"
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1532460
expires: Sat, 27 Apr 2024 10:51:18 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jsWGCBnVeDS8Gzo4ES%2FPnJ7KU%2Bs%2FisNA00pxhNpxRpmuq%2F8RKS7uCRHKMRCQidoys3%2BNi8HicHov59%2Fm8kZbWEo7fJvL4IREqumErLamU1b9r21o%2BGU6YLGRWVKPztJ0u9bTx5uh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c41258f0ab20b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
104.17.24.14200 OK 28 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 104.17.24.14:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.hasnews.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 08 May 2023 10:51:18 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 9389537
expires: Sat, 27 Apr 2024 10:51:18 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uYGzORdlGGJlAniDzlDYGpsZZtqkP2swfjjFQ%2FwC1c6zE%2FKyw7q2o2zfuYXKsONaINeVtdELGI5645EQ%2FG9RGzr6ZpBymqJcDO6BFNxfLfXR6Mj1U%2FZmv0gaEuIynQMFDYXtk9B1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c41258fbb7db503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
www.hasnews.net/js/cookienotice.js
142.250.74.179 2.0 kB URL www.hasnews.net/js/cookienotice.js
IP 142.250.74.179:0
Hash a705132a2174f88e196ec3610d68faa8
3bad57a48d973a678fec600d45933010f6edc659
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
GET /js/cookienotice.js HTTP/1.1
Host: www.hasnews.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.hasnews.net/2022/04/jobs-index-latest.html
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
Date: Mon, 08 May 2023 10:51:18 GMT
Expires: Mon, 15 May 2023 10:51:18 GMT
Cache-Control: public, max-age=604800
Last-Modified: Mon, 08 May 2023 08:52:51 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash ac7f2029f2d4d0bb7667039ea03956ab
d1dac07cea10394c0433738c2e0192b3a1e55d86
57624d3e62d566c9f88aae9345b27237a2e3dc3c951a7ff0d4e60bad0e0537f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 5d0520916926003c51a89e9accd887f7
d7456c8169fb184e2dbf9d49030da3d8acb9c8b4
a54cf667029c3b7cbf6948e4186a42d61c936412bc4e2ccbd80a420ff29a4bc6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 8e189ec9396afc831c2210304e6ff5d3
e515221e978e77b77914856219d08610979f50b0
6d3690086decf61221ca6eaf77fcf7c0506abd7d846f539c0ea62a442eff9361
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-BLKPRH2N6V
142.250.74.168 79 kB URL www.googletagmanager.com/gtag/js?id=G-BLKPRH2N6V
IP 142.250.74.168:0
File type ASCII text, with very long lines (3288)
Hash 05bc5c0eb35798f3f245b6fdd5786fad
f3a1d34b084c13cd5869025149ecd9bf9df6f215
cffeeedcbb0f7b38d900c6c9c390be67008490b9bbd01fabc64e5deaac48e536
GET /gtag/js?id=G-BLKPRH2N6V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.hasnews.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 08 May 2023 10:51:18 GMT
expires: Mon, 08 May 2023 10:51:18 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79087
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash fc29523d1add1f69d6bcf48bff25ad9a
78b9b0eadd0fa4fe66144bf6b1759b3962e68b02
e1d81acb58de35da22bffc316853e00d8b7f5325b7c8aa11f99c76d2264b7e76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1.bp.blogspot.com/-nONLZHD5gIw/YZzjaypArMI/AAAAAAAABmc/8sFFwTZdrIUZwocluyW8nKe75WltGXEEACLcBGAsYHQ/s150/HasNewsLogo_1-1_Gray.png
142.250.74.161 5.8 kB URL 1.bp.blogspot.com/-nONLZHD5gIw/YZzjaypArMI/AAAAAAAABmc/8sFFwTZdrIUZwocluyW8nKe75WltGXEEACLcBGAsYHQ/s150/HasNewsLogo_1-1_Gray.png
IP 142.250.74.161:0
File type PNG image data, 150 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash c5566af3272bb36b3fb711958c40d98c
69aba16ab2e968896659b555607789390da53a20
d56b08a62af6f9d0b61e0e6a7daaa6be7ce177ce649d27e1a1cea7b39e95b7a9
GET /-nONLZHD5gIw/YZzjaypArMI/AAAAAAAABmc/8sFFwTZdrIUZwocluyW8nKe75WltGXEEACLcBGAsYHQ/s150/HasNewsLogo_1-1_Gray.png HTTP/1.1
Host: 1.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
etag: "v668"
expires: Tue, 09 May 2023 10:51:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="HasNewsLogo_1-1_Gray.png"
x-content-type-options: nosniff
date: Mon, 08 May 2023 10:51:18 GMT
server: fife
content-length: 5839
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.blogger.com/static/v1/widgets/3104864162-widgets.js
142.250.74.73200 OK 57 kB URL GET HTTP/2 www.blogger.com/static/v1/widgets/3104864162-widgets.js
IP 142.250.74.73:443
Certificate IssuerGoogle Trust Services LLC
Subject*.blogger.com
Fingerprint97:52:06:E4:A1:16:39:93:E6:CA:AB:76:74:3C:1E:40:03:57:82:9B
ValidityMon, 17 Apr 2023 08:16:06 GMT - Mon, 10 Jul 2023 08:16:05 GMT
File type ASCII text, with very long lines (2215)
Hash 8527e8a6a732d5287db1f1f8a2972b63
f9bc706ae971d86ba0e7b7da440ee0a2d0a9eb1f
3516a89cf06a22f1a3709b993862119a469fc4937b2d4dfa7e7700394780ffd0
GET /static/v1/widgets/3104864162-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.hasnews.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56664
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 08 May 2023 07:56:28 GMT
expires: Tue, 07 May 2024 07:56:28 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 25 Apr 2023 20:56:36 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 10490
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash ac7f2029f2d4d0bb7667039ea03956ab
d1dac07cea10394c0433738c2e0192b3a1e55d86
57624d3e62d566c9f88aae9345b27237a2e3dc3c951a7ff0d4e60bad0e0537f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 5d0520916926003c51a89e9accd887f7
d7456c8169fb184e2dbf9d49030da3d8acb9c8b4
a54cf667029c3b7cbf6948e4186a42d61c936412bc4e2ccbd80a420ff29a4bc6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 8e189ec9396afc831c2210304e6ff5d3
e515221e978e77b77914856219d08610979f50b0
6d3690086decf61221ca6eaf77fcf7c0506abd7d846f539c0ea62a442eff9361
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
216.239.36.21 42 kB IP 216.239.36.21:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1395)
Hash c42bdd729fd696a85acaf83451a51498
45ca0d26ccfbcb9ece04aa30f31b86551ab1bf5c
699f1248a3f55785a73252ce1f9ffde74758b341e62adb772b118d64929a004b
GET / HTTP/1.1
Host: en.hasnews.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.hasnews.net/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Mon, 08 May 2023 10:51:19 GMT
Date: Mon, 08 May 2023 10:51:19 GMT
Cache-Control: private, max-age=0
Last-Modified: Mon, 08 May 2023 10:47:16 GMT
ETag: W/"83626b78ff04de749c71cacb9dc6d9a737f50388f710783143b3fd0f13caa4a5"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 41717
Server: GSE
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/fontawesome.min.css
104.17.24.14200 OK 10 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/fontawesome.min.css
IP 104.17.24.14:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (57726)
Hash 3df0b27b3e75de7efd800af1d77d56cc
e8138ee186548f18db7642d80860124b86809446
f8d00356859998784bda26e1d14f2d981515921b96ded50d5d6f6f0e75bac15c
GET /ajax/libs/font-awesome/5.15.1/css/fontawesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 08 May 2023 10:51:19 GMT
content-type: text/css; charset=utf-8
content-length: 10256
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f7b5b5f-e238"
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1532461
expires: Sat, 27 Apr 2024 10:51:19 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9dOm76xXUpb2CFqiWdrFmh72oXvY8oPcSG4B4xbN7vQOtYDsBJIRiiisSWBDaQT%2F%2BoqdB%2FhsTKvnMU9aSSF4bRBlMXvFDwEuCfiWEEYatcvVNJzEvt1RMCQCb3p5n8HIHLH2eGQ%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c4125977f9eb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
104.17.24.14200 OK 28 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 104.17.24.14:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 08 May 2023 10:51:19 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 9389538
expires: Sat, 27 Apr 2024 10:51:19 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=08sx3a8xK9%2FukQ7QmDHUkeOwZoFAHx0nDn%2B7NDFRK8aQdsmDX7hX36UEs88cN3gQyRqBInrzyzM8wn58bTco%2ByAL4s%2BM%2F8pHn65IP9FKV5dA8bXQbqh1r8Onh%2Fu1ZfoQc37e8RAU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c4125978fcfb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
www.blogger.com/static/v1/widgets/3104864162-widgets.js
142.250.74.73200 OK 57 kB URL GET HTTP/2 www.blogger.com/static/v1/widgets/3104864162-widgets.js
IP 142.250.74.73:443
Certificate IssuerGoogle Trust Services LLC
Subject*.blogger.com
Fingerprint97:52:06:E4:A1:16:39:93:E6:CA:AB:76:74:3C:1E:40:03:57:82:9B
ValidityMon, 17 Apr 2023 08:16:06 GMT - Mon, 10 Jul 2023 08:16:05 GMT
File type ASCII text, with very long lines (2215)
Hash 8527e8a6a732d5287db1f1f8a2972b63
f9bc706ae971d86ba0e7b7da440ee0a2d0a9eb1f
3516a89cf06a22f1a3709b993862119a469fc4937b2d4dfa7e7700394780ffd0
GET /static/v1/widgets/3104864162-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56664
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 08 May 2023 07:56:28 GMT
expires: Tue, 07 May 2024 07:56:28 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 25 Apr 2023 20:56:36 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 10491
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-0PQYDTTMJG
142.250.74.168200 OK 86 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-0PQYDTTMJG
IP 142.250.74.168:443
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintCA:2C:8E:2F:14:74:84:57:8C:39:86:59:92:AC:A1:7C:C8:FA:99:CA
ValidityMon, 17 Apr 2023 08:16:32 GMT - Mon, 10 Jul 2023 08:16:31 GMT
File type ASCII text, with very long lines (5059)
Hash e8d2f1c4b2f1c5af4254d7d3a135b4af
604e0d50e400a9490a9b4ac9f2cbc24e9531f8bd
ef489e029ecdfd75811d6d73a15b869ca9695f826b053668c86c9b128c22bded
GET /gtag/js?id=G-0PQYDTTMJG HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 08 May 2023 10:51:19 GMT
expires: Mon, 08 May 2023 10:51:19 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 85820
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
en.hasnews.net/js/cookienotice.js
216.239.36.21200 OK 2.0 kB URL GET HTTP/1.1 en.hasnews.net/js/cookienotice.js
IP 216.239.36.21:80
Hash a705132a2174f88e196ec3610d68faa8
3bad57a48d973a678fec600d45933010f6edc659
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
GET /js/cookienotice.js HTTP/1.1
Host: en.hasnews.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
Date: Mon, 08 May 2023 10:51:19 GMT
Expires: Mon, 15 May 2023 10:51:19 GMT
Cache-Control: public, max-age=604800
Last-Modified: Mon, 08 May 2023 08:52:51 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash fc29523d1add1f69d6bcf48bff25ad9a
78b9b0eadd0fa4fe66144bf6b1759b3962e68b02
e1d81acb58de35da22bffc316853e00d8b7f5325b7c8aa11f99c76d2264b7e76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-regular-400.woff2
104.17.24.14200 OK 14 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-regular-400.woff2
IP 104.17.24.14:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 13548, version 331.-31392\012- data
Hash 4a74738e7728e93c4394b8604081da62
fb9648469530a05fa9aac80e47d4d6960472a242
ce20ed8a323117c8a718ff1ddc6dabb997373b575a8e896f2bf02b846c082c9d
GET /ajax/libs/font-awesome/5.15.1/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 08 May 2023 10:51:19 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 13548
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5f7b5b5f-34ec"
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 10601070
expires: Sat, 27 Apr 2024 10:51:19 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j2NN1vq8v%2Bc60tvROjBqZjtmCztZt%2FjR7%2BWvEiKvnrmzTp0IyUOKQSBO29w0RrCpKCBHC%2FSNfftyjIT3izvG0cCph56LgUzMLxOs00D5tfX7y9HLg%2BW42%2FgwCVnA34atQJQyUZtM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c41259828e0b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-solid-900.woff2
104.17.24.14200 OK 80 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-solid-900.woff2
IP 104.17.24.14:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 80300, version 331.-31392\012- data
Hash 8e1ed89b6ccb8ce41faf5cb672677105
9b592048b9062b00f0b2dd782d70a95b7dc69b83
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
GET /ajax/libs/font-awesome/5.15.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 08 May 2023 10:51:19 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 80300
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5f7b5b5f-139ac"
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 323265
expires: Sat, 27 Apr 2024 10:51:19 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OMN%2FUoTAuthpBqsP9Cb0nbjW6AEWTULUEgHI%2FgtuwDx1JLYppNKX23xnEFs39ehbV34a0Zjwj0ekDlj0pOZAG%2FsLShQeQ63xfU65%2Bw7WBBvdmSGEbWTEkDPMQYCON6jqRzzlzDZ8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c41259838e8b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
www.profitabledisplaynetwork.com/316f84ceeacd2189c7f5cc09d47b30cd/invoke.js
192.243.59.12200 OK 9.8 kB URL GET HTTP/1.1 www.profitabledisplaynetwork.com/316f84ceeacd2189c7f5cc09d47b30cd/invoke.js
IP 192.243.59.12:80
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26943), with no line terminators
Hash 44d7f62e61e2c219261b1ece3f7f8430
9a6a946caf5b16e1cd744f98ee1c3817ce30d695
1164f1f0f407d433a15fd369cdff09732b2132b8b47817e538e111aca837eebb
Analyzer Verdict Alert urlquery suspicious Suspicious - Suspicious Javascript code
urlquery suspicious Suspicious - Suspicious Javascript code
urlquery suspicious Suspicious - Suspicious Javascript code
GET /316f84ceeacd2189c7f5cc09d47b30cd/invoke.js HTTP/1.1
Host: www.profitabledisplaynetwork.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dc8fec54327bb52754b727235c731633
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.profitabledisplaynetwork.com/07078fc182371728b7576225cea159a4/invoke.js
192.243.59.12200 OK 9.8 kB URL GET HTTP/1.1 www.profitabledisplaynetwork.com/07078fc182371728b7576225cea159a4/invoke.js
IP 192.243.59.12:80
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26953), with no line terminators
Hash b6c2aad0b8085f2ab8a459930e6f7619
8a25ede8d9331c0f4849d1f90b6b68d94e6ba85e
b2ebfe3fedbc26ea93b27c2a362d8c34ebf4736472e21b184fa6a66400b76e76
Analyzer Verdict Alert urlquery suspicious Suspicious - Suspicious Javascript code
urlquery suspicious Suspicious - Suspicious Javascript code
urlquery suspicious Suspicious - Suspicious Javascript code
GET /07078fc182371728b7576225cea159a4/invoke.js HTTP/1.1
Host: www.profitabledisplaynetwork.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1ef6231ba36d6f78f2f205bb7d78e5c6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.r2m01.amazontrust.com/
54.230.80.227 471 B URL ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 65fdbbfbc29ef27ca037d6fd035b8ef6
38b7c8dce78e906e5a08d5442426717f6cf84409
78bf8710eef29a025a4b9c96e43f75811e1487717cc3ff263e8e485cb6ad0bb6
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=111101
Date: Mon, 08 May 2023 10:51:20 GMT
Etag: "6457d23c-1d7"
Expires: Tue, 09 May 2023 17:43:01 GMT
Last-Modified: Sun, 07 May 2023 16:30:52 GMT
Server: ECAcc (nya/78C0)
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NriUnUjJ7_xKDJB8iiVGTRF9m14DJ93M1XuD5ZMZyJiZItmbXfJSPg==
Age: 4329
simplewebanalysis.com/stats
52.58.93.188200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 52.58.93.188:443
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 23e970c78246df9ee2097d34da4b9331
34a2d8f4c9f01831598357a3d0baf89d65165849
991ada404b038132f715459c24dac6c9d0b4f83338c981b1839ca2913e3ad38f
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:20 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://en.hasnews.net
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=874d333a-b87c-4aa7-9eee-8b4dcd942132:2:1; expires=Thu, 05 May 2033 10:51:20 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.58.93.188200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 52.58.93.188:443
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 71979b8940c497b9c5d5796e6f221e51
9479d9246ee8e2477892be466144a160d0ba15f7
3d2d3d525fd530a5c4501204525e5f29908d9ed3fa689d71c94a8437315e2dfd
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:20 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://en.hasnews.net
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=fb63b5e0-4881-4676-90ef-796dfb447781:3:1; expires=Thu, 05 May 2033 10:51:20 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
pl19299837.highrevenuegate.com/60/cd/d8/60cdd84aa09bd290de1377709d4f4f02.js
192.243.61.225200 OK 13 kB URL GET HTTP/1.1 pl19299837.highrevenuegate.com/60/cd/d8/60cdd84aa09bd290de1377709d4f4f02.js
IP 192.243.61.225:80
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37131), with no line terminators
Hash 1a9f490d308a0206f198229c1acfb19f
6260c07fccacbe73e2dfda3002a58f4d0482164a
ff6c08a79fbc90a72fb080a42d8a25c91054d3d94fa2a53dcd290af800fe0b2d
Analyzer Verdict Alert urlquery suspicious Suspicious - Suspicious Javascript code
quad9 Sinkholed
GET /60/cd/d8/60cdd84aa09bd290de1377709d4f4f02.js HTTP/1.1
Host: pl19299837.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7834c9066306ad25b2c830907d225423
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.profitabledisplaynetwork.com/316f84ceeacd2189c7f5cc09d47b30cd/invoke.js
192.243.59.12200 OK 9.8 kB URL GET HTTP/1.1 www.profitabledisplaynetwork.com/316f84ceeacd2189c7f5cc09d47b30cd/invoke.js
IP 192.243.59.12:80
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26945), with no line terminators
Hash 8803e71a315ed360ebd21f8eea8f458d
e08c863b8bc8c866a9d02c196dc3dbd2c131141e
eca527c137e7ea978d5b1521bdbb0782555a6086b583a42d2fe996688ed4de55
Analyzer Verdict Alert urlquery suspicious Suspicious - Suspicious Javascript code
urlquery suspicious Suspicious - Suspicious Javascript code
urlquery suspicious Suspicious - Suspicious Javascript code
GET /316f84ceeacd2189c7f5cc09d47b30cd/invoke.js HTTP/1.1
Host: www.profitabledisplaynetwork.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6716f96ceff1e7b810f3ff9c485ff00d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.profitabledisplaynetwork.com/07078fc182371728b7576225cea159a4/invoke.js
192.243.59.12200 OK 9.8 kB URL GET HTTP/1.1 www.profitabledisplaynetwork.com/07078fc182371728b7576225cea159a4/invoke.js
IP 192.243.59.12:80
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26959), with no line terminators
Hash ca5801cfee95048ca0dd914faaf9dfa6
90984f2ea0770aefbe90ac708c3fdb38a40bc3df
f7efb42d0f16bb3f18fadc53a66349a79f5f358802dd75b47ae1a0e889d010b2
Analyzer Verdict Alert urlquery suspicious Suspicious - Suspicious Javascript code
urlquery suspicious Suspicious - Suspicious Javascript code
urlquery suspicious Suspicious - Suspicious Javascript code
GET /07078fc182371728b7576225cea159a4/invoke.js HTTP/1.1
Host: www.profitabledisplaynetwork.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bd02d342ab9cfe036218908b4763ba1b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-brands-400.woff2
104.17.24.14200 OK 78 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-brands-400.woff2
IP 104.17.24.14:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 78460, version 331.-31392\012- data
Hash f075c50f89795e4cdb4d45b51f1a6800
f726c4275bb494a045fde059175f072de06c01df
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba
GET /ajax/libs/font-awesome/5.15.1/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 08 May 2023 10:51:20 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 78460
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5f7b5b5f-1327c"
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 317073
expires: Sat, 27 Apr 2024 10:51:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MyU3ohU3hK6TPf2Pb2%2BRBM3DQQr7FDygmcIh0p2IG6%2BrvfGODxC8iiHa4jDkV7hSv99ZjHrH0EUfEQySBYUUYRls2klEh6gjRwmqMnfQgpsC7N0V6giAAxZgrfv91WxdL4gEzapl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c41259cc8b8b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
en.hasnews.net/responsive/sprite_v1_6.css.svg
216.239.36.21200 OK 2.2 kB URL GET HTTP/1.1 en.hasnews.net/responsive/sprite_v1_6.css.svg
IP 216.239.36.21:80
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7657)
Hash d4dcfc8144f556815c7a1d84ed4e959e
22088bd6cdf970dcf7bfab9a74a4768548ca8890
73d16aca9b019e42dd2de3a10e5049b5606268ce0d8e3a167b05b37acb9b0e9c
GET /responsive/sprite_v1_6.css.svg HTTP/1.1
Host: en.hasnews.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Cookie: _ga_0PQYDTTMJG=GS1.1.1683543079.1.0.1683543079.0.0.0; _ga=GA1.1.719031242.1683543080; dom3ic8zudi28v8lr6fgphwffqoz0j6c=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: image/svg+xml
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2244
Date: Mon, 08 May 2023 10:51:20 GMT
Expires: Mon, 15 May 2023 10:51:20 GMT
Cache-Control: public, max-age=604800
Last-Modified: Sun, 07 May 2023 11:52:02 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
www.profitabledisplaynetwork.com/316f84ceeacd2189c7f5cc09d47b30cd/invoke.js
192.243.59.12200 OK 9.8 kB URL GET HTTP/1.1 www.profitabledisplaynetwork.com/316f84ceeacd2189c7f5cc09d47b30cd/invoke.js
IP 192.243.59.12:80
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26953), with no line terminators
Hash eb985aa906221e988be95ca83d7ef260
5ca4560204b4de1388748994cfd41280afd3945e
d47aba559901a6d2fbded4c1272d3d63b61473a85e7b0e926550fbb13e954c38
Analyzer Verdict Alert urlquery suspicious Suspicious - Suspicious Javascript code
urlquery suspicious Suspicious - Suspicious Javascript code
urlquery suspicious Suspicious - Suspicious Javascript code
GET /316f84ceeacd2189c7f5cc09d47b30cd/invoke.js HTTP/1.1
Host: www.profitabledisplaynetwork.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dc625c207714fc3dafea953843627416
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
volunteerbrash.com/watch.1493767446225.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
173.233.137.60307 Temporary Redirect 0 B URL GET HTTP/1.1 volunteerbrash.com/watch.1493767446225.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
IP 173.233.137.60:443
Certificate IssuerLet's Encrypt
Subjectvolunteerbrash.com
Fingerprint9B:09:BB:A5:3D:3F:D0:BC:83:1F:28:BD:2A:D9:E1:CE:F0:BA:89:6E
ValidityWed, 03 May 2023 21:31:25 GMT - Tue, 01 Aug 2023 21:31:24 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1493767446225.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1 HTTP/1.1
Host: volunteerbrash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://en.hasnews.net
Access-Control-Allow-Origin: http://en.hasnews.net
Access-Control-Allow-Credentials: true
Location: https://volunteerbrash.com/watch.1493767446225.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=31dd5ad9bca0ed2338526084f61b19c6b6fc1e4a89a91e0201edb92e0216832b371044e1e8503216b9bce22459fbf4b2a72b81c342d30d23f8bcff5e3944a0ac32da30fa0697147ca4fd9394869dba3503ebcac24602fd78981d3fc4110e&pst=1683543140&rmtc=t
Set-Cookie: u_pl=19199313; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTE5OTMxMywiayI6IjMxNmY4NGNlZWFjZDIxODljN2Y1Y2MwOWQ0N2IzMGNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDk0NjUzLCJwaWQiOjgyOTMzNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJwY2h0YjhidiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9lbi5oYXNuZXdzLm5ldC8ifX0.259Cq2l2AIrS8r6BkN56ajqNAADgqbKMW009QKjogl4; expires=Mon, 08 May 2023 10:52:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 970ca0cdcbcfd7e6b105c2efe5e0cd87
Strict-Transport-Security: max-age=0; includeSubdomains
omenrandomoverlive.com/watch.1678148482220.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=874d333a-b87c-4aa7-9eee-8b4dcd942132%3A2%3A1
192.243.61.227307 Temporary Redirect 0 B URL GET HTTP/1.1 omenrandomoverlive.com/watch.1678148482220.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=874d333a-b87c-4aa7-9eee-8b4dcd942132%3A2%3A1
IP 192.243.61.227:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectomenrandomoverlive.com
FingerprintF8:B4:78:00:B8:C0:21:9F:8D:CD:82:02:9D:07:80:16:AD:F1:C8:A5
ValidityMon, 01 May 2023 19:19:30 GMT - Sun, 30 Jul 2023 19:19:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1678148482220.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=874d333a-b87c-4aa7-9eee-8b4dcd942132%3A2%3A1 HTTP/1.1
Host: omenrandomoverlive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://en.hasnews.net
Access-Control-Allow-Origin: http://en.hasnews.net
Access-Control-Allow-Credentials: true
Location: https://omenrandomoverlive.com/watch.1678148482220.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=874d333a-b87c-4aa7-9eee-8b4dcd942132%3A2%3A1&shu=705d5687beb544ec893599e8ea9e5ccf8a908dc65eecb644b5f7a2efe45626459cdcb6cbbd09f8723056f21f82587ca954411c8fba072797b02c95f0ab32dd75bdbf7f00d402da0429d4529604a45228a53dd3&pst=1683543140&rmtc=t
Set-Cookie: u_pl=19199280; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTE5OTI4MCwiayI6IjA3MDc4ZmMxODIzNzE3MjhiNzU3NjIyNWNlYTE1OWE0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDk0NjUzLCJwaWQiOjgyOTMzNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoicjN6eDJuNmZzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2VuLmhhc25ld3MubmV0LyJ9fQ.SfzZEpo4WTapD2mOAGZgd2iG-Zy0cTa9cdBl8BZnSOs; expires=Mon, 08 May 2023 10:52:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a8a19a5136a7c981b47082ce35ab67b2
Strict-Transport-Security: max-age=0; includeSubdomains
www.profitabledisplaynetwork.com/07078fc182371728b7576225cea159a4/invoke.js
192.243.59.12200 OK 9.8 kB URL GET HTTP/1.1 www.profitabledisplaynetwork.com/07078fc182371728b7576225cea159a4/invoke.js
IP 192.243.59.12:80
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26957), with no line terminators
Hash 1df5bda2837e4862c45f19a2b2b32f19
ee7b05563be6f87598597266c4b49262f67361bb
27228e1f7717403b3d9b57af565e3b78a044874b589504c8ee93ea3991dfbfb9
Analyzer Verdict Alert urlquery suspicious Suspicious - Suspicious Javascript code
urlquery suspicious Suspicious - Suspicious Javascript code
urlquery suspicious Suspicious - Suspicious Javascript code
GET /07078fc182371728b7576225cea159a4/invoke.js HTTP/1.1
Host: www.profitabledisplaynetwork.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fbdea22f7747443e57737709e1430e7a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
volunteerbrash.com/watch.1493767446225.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=31dd5ad9bca0ed2338526084f61b19c6b6fc1e4a89a91e0201edb92e0216832b371044e1e8503216b9bce22459fbf4b2a72b81c342d30d23f8bcff5e3944a0ac32da30fa0697147ca4fd9394869dba3503ebcac24602fd78981d3fc4110e&pst=1683543140&rmtc=t
173.233.137.60200 OK 2.1 kB URL GET HTTP/1.1 volunteerbrash.com/watch.1493767446225.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=31dd5ad9bca0ed2338526084f61b19c6b6fc1e4a89a91e0201edb92e0216832b371044e1e8503216b9bce22459fbf4b2a72b81c342d30d23f8bcff5e3944a0ac32da30fa0697147ca4fd9394869dba3503ebcac24602fd78981d3fc4110e&pst=1683543140&rmtc=t
IP 173.233.137.60:443
Certificate IssuerLet's Encrypt
Subjectvolunteerbrash.com
Fingerprint9B:09:BB:A5:3D:3F:D0:BC:83:1F:28:BD:2A:D9:E1:CE:F0:BA:89:6E
ValidityWed, 03 May 2023 21:31:25 GMT - Tue, 01 Aug 2023 21:31:24 GMT
File type HTML document text\012- HTML document, ASCII text, with very long lines (2613)
Hash d14555e896cde60c12520ed41b3d99a7
38cd5151c531fbb4c60cf410728f70fcf2e7d688
803b4b96f0563213cdfe8f2a6e2718e0cb3ab0015b65b049baa0d62237ea16df
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1493767446225.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=31dd5ad9bca0ed2338526084f61b19c6b6fc1e4a89a91e0201edb92e0216832b371044e1e8503216b9bce22459fbf4b2a72b81c342d30d23f8bcff5e3944a0ac32da30fa0697147ca4fd9394869dba3503ebcac24602fd78981d3fc4110e&pst=1683543140&rmtc=t HTTP/1.1
Host: volunteerbrash.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
Referer: http://en.hasnews.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19199313; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTE5OTMxMywiayI6IjMxNmY4NGNlZWFjZDIxODljN2Y1Y2MwOWQ0N2IzMGNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDk0NjUzLCJwaWQiOjgyOTMzNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJwY2h0YjhidiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9lbi5oYXNuZXdzLm5ldC8ifX0.259Cq2l2AIrS8r6BkN56ajqNAADgqbKMW009QKjogl4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://en.hasnews.net
Access-Control-Allow-Origin: http://en.hasnews.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=fb63b5e0-4881-4676-90ef-796dfb447781:3:1; expires=Mon, 15 May 2023 10:51:20 GMT; secure; SameSite=None
iprceeb2190e53bfc15a5df2f3989a72bd7e=3569806; expires=Mon, 08 May 2023 14:51:20 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
uncs=1; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
pdhtkv5=true; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
uncs5=1; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 028dc6358b472cac97ca1ed951d49d77
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash d787447ecf029358e9fe8e6d7cc9fa54
d3befedcc60325f8754154c30381652dbd6f510f
64d620479312ad341816876f0ea12221cc6ef0c209491cf03e29135ec480ae11
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
omenrandomoverlive.com/watch.1678148482220.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=874d333a-b87c-4aa7-9eee-8b4dcd942132%3A2%3A1&shu=705d5687beb544ec893599e8ea9e5ccf8a908dc65eecb644b5f7a2efe45626459cdcb6cbbd09f8723056f21f82587ca954411c8fba072797b02c95f0ab32dd75bdbf7f00d402da0429d4529604a45228a53dd3&pst=1683543140&rmtc=t
192.243.61.227200 OK 2.1 kB URL GET HTTP/1.1 omenrandomoverlive.com/watch.1678148482220.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=874d333a-b87c-4aa7-9eee-8b4dcd942132%3A2%3A1&shu=705d5687beb544ec893599e8ea9e5ccf8a908dc65eecb644b5f7a2efe45626459cdcb6cbbd09f8723056f21f82587ca954411c8fba072797b02c95f0ab32dd75bdbf7f00d402da0429d4529604a45228a53dd3&pst=1683543140&rmtc=t
IP 192.243.61.227:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectomenrandomoverlive.com
FingerprintF8:B4:78:00:B8:C0:21:9F:8D:CD:82:02:9D:07:80:16:AD:F1:C8:A5
ValidityMon, 01 May 2023 19:19:30 GMT - Sun, 30 Jul 2023 19:19:29 GMT
File type HTML document text\012- HTML document, ASCII text, with very long lines (2599)
Hash 2c7249b34efae1807aa30ac21398a711
b19f06d8cf9be252425caef0b553daece12dfb12
ab74e47edc67c82b0ca9012e64a1fafe88e6f8b48d8ad636f52224cfc0d0a874
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1678148482220.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=874d333a-b87c-4aa7-9eee-8b4dcd942132%3A2%3A1&shu=705d5687beb544ec893599e8ea9e5ccf8a908dc65eecb644b5f7a2efe45626459cdcb6cbbd09f8723056f21f82587ca954411c8fba072797b02c95f0ab32dd75bdbf7f00d402da0429d4529604a45228a53dd3&pst=1683543140&rmtc=t HTTP/1.1
Host: omenrandomoverlive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
Referer: http://en.hasnews.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19199280; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTE5OTI4MCwiayI6IjA3MDc4ZmMxODIzNzE3MjhiNzU3NjIyNWNlYTE1OWE0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDk0NjUzLCJwaWQiOjgyOTMzNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoicjN6eDJuNmZzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2VuLmhhc25ld3MubmV0LyJ9fQ.SfzZEpo4WTapD2mOAGZgd2iG-Zy0cTa9cdBl8BZnSOs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://en.hasnews.net
Access-Control-Allow-Origin: http://en.hasnews.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=874d333a-b87c-4aa7-9eee-8b4dcd942132:2:1; expires=Mon, 15 May 2023 10:51:20 GMT; secure; SameSite=None
iprcdd4034343698a7eb50a835b12f7620ce=3569808; expires=Mon, 08 May 2023 14:51:20 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
uncs=1; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
pdhtkv23=true; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
uncs23=1; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 74528189749b09cb77940ab17fe4eecb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
grubhamsterconstraint.com/watch.181477922549.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
173.233.137.36307 Temporary Redirect 0 B URL GET HTTP/1.1 grubhamsterconstraint.com/watch.181477922549.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
IP 173.233.137.36:443
Certificate IssuerLet's Encrypt
Subjectgrubhamsterconstraint.com
FingerprintF1:DC:82:5D:B0:A2:05:18:F6:87:5D:17:8B:06:AA:D8:D5:7E:C1:6D
ValiditySat, 29 Apr 2023 06:17:36 GMT - Fri, 28 Jul 2023 06:17:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.181477922549.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1 HTTP/1.1
Host: grubhamsterconstraint.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://en.hasnews.net
Access-Control-Allow-Origin: http://en.hasnews.net
Access-Control-Allow-Credentials: true
Location: https://grubhamsterconstraint.com/watch.181477922549.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=45d37976788cb7cfcc2760d1038dc5800451f4f72b38fd0ca4dafec132d186d03cf045b17215d8c6957523a5170d2a1decec5fe4dd2090a63358e473353d26213c85c4deea990549be50e9cab16932b751b61c9c803473991220e2f7b4ed9e56e4&pst=1683543140&rmtc=t
Set-Cookie: u_pl=19199280; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTE5OTI4MCwiayI6IjA3MDc4ZmMxODIzNzE3MjhiNzU3NjIyNWNlYTE1OWE0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDk0NjUzLCJwaWQiOjgyOTMzNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoicjN6eDJuNmZzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2VuLmhhc25ld3MubmV0LyJ9fQ.SfzZEpo4WTapD2mOAGZgd2iG-Zy0cTa9cdBl8BZnSOs; expires=Mon, 08 May 2023 10:52:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 87387e8f811a3a664b4b605c0ef2c15a
Strict-Transport-Security: max-age=0; includeSubdomains
disdainkindle.com/watch.1419634168458.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
192.243.61.225307 Temporary Redirect 0 B URL GET HTTP/1.1 disdainkindle.com/watch.1419634168458.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
IP 192.243.61.225:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectdisdainkindle.com
Fingerprint47:21:F5:C7:94:67:4E:9B:7D:9A:92:AF:92:BE:D0:F4:7B:EE:09:0E
ValidityMon, 01 May 2023 19:14:29 GMT - Sun, 30 Jul 2023 19:14:28 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1419634168458.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1 HTTP/1.1
Host: disdainkindle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://en.hasnews.net
Access-Control-Allow-Origin: http://en.hasnews.net
Access-Control-Allow-Credentials: true
Location: https://disdainkindle.com/watch.1419634168458.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=9cb7f213f90bfb926548111168b7fdedba572b2258e6fe4952d16296604c3426d4c2d6e864a05b02cd5924f85938fd301e78fe456d560491198f946125d068abb17b8eb07526ac41da12055c0f11433f9010217b&pst=1683543140&rmtc=t
Set-Cookie: u_pl=19199313; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTE5OTMxMywiayI6IjMxNmY4NGNlZWFjZDIxODljN2Y1Y2MwOWQ0N2IzMGNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDk0NjUzLCJwaWQiOjgyOTMzNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJwY2h0YjhidiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9lbi5oYXNuZXdzLm5ldC8ifX0.259Cq2l2AIrS8r6BkN56ajqNAADgqbKMW009QKjogl4; expires=Mon, 08 May 2023 10:52:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b9162712c662a1766926b032b198fbe2
Strict-Transport-Security: max-age=0; includeSubdomains
fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
IP 216.58.207.227:443
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintD2:67:59:66:D0:D5:C9:19:F4:2D:E4:65:4B:EA:E1:50:8D:D2:3E:1D
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT
File type Web Open Font Format (Version 2), TrueType, length 15640, version 1.0\012- data
Hash 6b222561afc4a71b9888f2ec060b72de
8c65d3b85a37264f4378e61cbf37ebad1adc02fb
c867104326e3c4b658209d8e5bcea0900aaf7fbc2bbc181ca01c482cac2810f3
GET /s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15640
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 11:27:39 GMT
expires: Thu, 02 May 2024 11:27:39 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 15 Sep 2020 18:08:37 GMT
content-type: font/woff2
age: 429821
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash d787447ecf029358e9fe8e6d7cc9fa54
d3befedcc60325f8754154c30381652dbd6f510f
64d620479312ad341816876f0ea12221cc6ef0c209491cf03e29135ec480ae11
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
friendshipmale.com/sfp.js
172.64.108.35200 OK 28 kB URL GET HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.108.35:80
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 8bf542db65f0ff20d510889d62e5e092
1b1b7cc04275b7641e2f07b0f4bf99b5387303bf
77a3bebee72af7beb49cd94b7f16852a532aac5f3db8f610160440fe75ca4711
Analyzer Verdict Alert urlquery suspicious Suspicious - Suspicious Javascript code
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 096cff9fcc06df107a089616b23dee1b
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Mon, 08 May 2023 10:51:20 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2BT3b%2FUgCpUWHvQTSkcuLmQpkC3zGsHHyyQFFXlkWKuFqgiS7ZgC%2FsMoknwwYxXTzohLcaAsVS0G2bNfmJXjDmCWUIvAzmDJ8CDjkiyVygLubg49%2Bn%2FOEzw7xPe07e9kINoED7s%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c41259f4e17730f-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
teenagersisolation.com/watch.1073476194312.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
173.233.137.60307 Temporary Redirect 0 B URL GET HTTP/1.1 teenagersisolation.com/watch.1073476194312.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
IP 173.233.137.60:443
Certificate IssuerLet's Encrypt
Subjectteenagersisolation.com
Fingerprint95:A7:2F:6B:9E:75:41:27:21:74:82:01:E5:F3:10:55:7E:D9:12:2B
ValiditySat, 29 Apr 2023 06:04:34 GMT - Fri, 28 Jul 2023 06:04:33 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1073476194312.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1 HTTP/1.1
Host: teenagersisolation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://en.hasnews.net
Access-Control-Allow-Origin: http://en.hasnews.net
Access-Control-Allow-Credentials: true
Location: https://teenagersisolation.com/watch.1073476194312.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=c7e748ed74ef3677a2f9ccd402fdf07fe0d573d34f31d810974deedb1a490591b6925370834287b52bb470f7643b586cb0c84d3765ae5c5691e4792fb6d8f7094a1bc49ad313c6b8ae3d15269aecb0d186977e9577b5e1cdeeca6000e97fb086ef&pst=1683543140&rmtc=t
Set-Cookie: u_pl=19199313; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTE5OTMxMywiayI6IjMxNmY4NGNlZWFjZDIxODljN2Y1Y2MwOWQ0N2IzMGNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDk0NjUzLCJwaWQiOjgyOTMzNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJwY2h0YjhidiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9lbi5oYXNuZXdzLm5ldC8ifX0.259Cq2l2AIrS8r6BkN56ajqNAADgqbKMW009QKjogl4; expires=Mon, 08 May 2023 10:52:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ce7c3296d69ec0e644392b4d8feccff2
Strict-Transport-Security: max-age=0; includeSubdomains
grubhamsterconstraint.com/watch.181477922549.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=45d37976788cb7cfcc2760d1038dc5800451f4f72b38fd0ca4dafec132d186d03cf045b17215d8c6957523a5170d2a1decec5fe4dd2090a63358e473353d26213c85c4deea990549be50e9cab16932b751b61c9c803473991220e2f7b4ed9e56e4&pst=1683543140&rmtc=t
173.233.137.36200 OK 2.0 kB URL GET HTTP/1.1 grubhamsterconstraint.com/watch.181477922549.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=45d37976788cb7cfcc2760d1038dc5800451f4f72b38fd0ca4dafec132d186d03cf045b17215d8c6957523a5170d2a1decec5fe4dd2090a63358e473353d26213c85c4deea990549be50e9cab16932b751b61c9c803473991220e2f7b4ed9e56e4&pst=1683543140&rmtc=t
IP 173.233.137.36:443
Certificate IssuerLet's Encrypt
Subjectgrubhamsterconstraint.com
FingerprintF1:DC:82:5D:B0:A2:05:18:F6:87:5D:17:8B:06:AA:D8:D5:7E:C1:6D
ValiditySat, 29 Apr 2023 06:17:36 GMT - Fri, 28 Jul 2023 06:17:35 GMT
File type HTML document, ASCII text, with very long lines (2447)
Hash a836ba3f079ba0dd57028c70329c87c0
87d03f42f178080b47fd8b82719189e1866fa038
34d3650965ee753b99e33546b00940d1be5ad80e006683adccccb1c9b3e73c71
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.181477922549.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=45d37976788cb7cfcc2760d1038dc5800451f4f72b38fd0ca4dafec132d186d03cf045b17215d8c6957523a5170d2a1decec5fe4dd2090a63358e473353d26213c85c4deea990549be50e9cab16932b751b61c9c803473991220e2f7b4ed9e56e4&pst=1683543140&rmtc=t HTTP/1.1
Host: grubhamsterconstraint.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
Referer: http://en.hasnews.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19199280; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTE5OTI4MCwiayI6IjA3MDc4ZmMxODIzNzE3MjhiNzU3NjIyNWNlYTE1OWE0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDk0NjUzLCJwaWQiOjgyOTMzNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoicjN6eDJuNmZzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2VuLmhhc25ld3MubmV0LyJ9fQ.SfzZEpo4WTapD2mOAGZgd2iG-Zy0cTa9cdBl8BZnSOs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://en.hasnews.net
Access-Control-Allow-Origin: http://en.hasnews.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=fb63b5e0-4881-4676-90ef-796dfb447781:3:1; expires=Mon, 15 May 2023 10:51:20 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
uncs=1; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
pdhtkv23=true; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
uncs23=1; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a99589201f0d136b7c7128ef893c932b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
disdainkindle.com/watch.1419634168458.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=9cb7f213f90bfb926548111168b7fdedba572b2258e6fe4952d16296604c3426d4c2d6e864a05b02cd5924f85938fd301e78fe456d560491198f946125d068abb17b8eb07526ac41da12055c0f11433f9010217b&pst=1683543140&rmtc=t
192.243.61.225200 OK 2.0 kB URL GET HTTP/1.1 disdainkindle.com/watch.1419634168458.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=9cb7f213f90bfb926548111168b7fdedba572b2258e6fe4952d16296604c3426d4c2d6e864a05b02cd5924f85938fd301e78fe456d560491198f946125d068abb17b8eb07526ac41da12055c0f11433f9010217b&pst=1683543140&rmtc=t
IP 192.243.61.225:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectdisdainkindle.com
Fingerprint47:21:F5:C7:94:67:4E:9B:7D:9A:92:AF:92:BE:D0:F4:7B:EE:09:0E
ValidityMon, 01 May 2023 19:14:29 GMT - Sun, 30 Jul 2023 19:14:28 GMT
File type HTML document, ASCII text, with very long lines (2455)
Hash 2a90a7cea746be48628ee80788ffbad2
8af8344eb05fd0df93ee5f85f980d36bd7631611
117f7b24b87b1bf1770de1841f76c52e8f019419babb5f58e7004e7cd303c42c
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1419634168458.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=9cb7f213f90bfb926548111168b7fdedba572b2258e6fe4952d16296604c3426d4c2d6e864a05b02cd5924f85938fd301e78fe456d560491198f946125d068abb17b8eb07526ac41da12055c0f11433f9010217b&pst=1683543140&rmtc=t HTTP/1.1
Host: disdainkindle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
Referer: http://en.hasnews.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19199313; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTE5OTMxMywiayI6IjMxNmY4NGNlZWFjZDIxODljN2Y1Y2MwOWQ0N2IzMGNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDk0NjUzLCJwaWQiOjgyOTMzNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJwY2h0YjhidiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9lbi5oYXNuZXdzLm5ldC8ifX0.259Cq2l2AIrS8r6BkN56ajqNAADgqbKMW009QKjogl4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://en.hasnews.net
Access-Control-Allow-Origin: http://en.hasnews.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=fb63b5e0-4881-4676-90ef-796dfb447781:3:1; expires=Mon, 15 May 2023 10:51:20 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
uncs=1; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
pdhtkv5=true; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
uncs5=1; expires=Tue, 09 May 2023 10:51:20 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9296502d7431b4664b9dbb460d0f1a94
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
teenagersisolation.com/watch.1073476194312.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=c7e748ed74ef3677a2f9ccd402fdf07fe0d573d34f31d810974deedb1a490591b6925370834287b52bb470f7643b586cb0c84d3765ae5c5691e4792fb6d8f7094a1bc49ad313c6b8ae3d15269aecb0d186977e9577b5e1cdeeca6000e97fb086ef&pst=1683543140&rmtc=t
173.233.137.60200 OK 2.0 kB URL GET HTTP/1.1 teenagersisolation.com/watch.1073476194312.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=c7e748ed74ef3677a2f9ccd402fdf07fe0d573d34f31d810974deedb1a490591b6925370834287b52bb470f7643b586cb0c84d3765ae5c5691e4792fb6d8f7094a1bc49ad313c6b8ae3d15269aecb0d186977e9577b5e1cdeeca6000e97fb086ef&pst=1683543140&rmtc=t
IP 173.233.137.60:443
Certificate IssuerLet's Encrypt
Subjectteenagersisolation.com
Fingerprint95:A7:2F:6B:9E:75:41:27:21:74:82:01:E5:F3:10:55:7E:D9:12:2B
ValiditySat, 29 Apr 2023 06:04:34 GMT - Fri, 28 Jul 2023 06:04:33 GMT
File type HTML document, ASCII text, with very long lines (2436)
Hash a7bae078a778f4e5d4ca4e1a7e49bae5
7a044d85aab3ca0bc1fb82c514f4b59e3f3caa40
1d1f9d47d1d991003c4040c7311471b7fbc8fd2ba647a00153adc0da66fbfda2
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1073476194312.js?key=316f84ceeacd2189c7f5cc09d47b30cd&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=c7e748ed74ef3677a2f9ccd402fdf07fe0d573d34f31d810974deedb1a490591b6925370834287b52bb470f7643b586cb0c84d3765ae5c5691e4792fb6d8f7094a1bc49ad313c6b8ae3d15269aecb0d186977e9577b5e1cdeeca6000e97fb086ef&pst=1683543140&rmtc=t HTTP/1.1
Host: teenagersisolation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
Referer: http://en.hasnews.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19199313; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTE5OTMxMywiayI6IjMxNmY4NGNlZWFjZDIxODljN2Y1Y2MwOWQ0N2IzMGNkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDk0NjUzLCJwaWQiOjgyOTMzNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJwY2h0YjhidiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9lbi5oYXNuZXdzLm5ldC8ifX0.259Cq2l2AIrS8r6BkN56ajqNAADgqbKMW009QKjogl4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://en.hasnews.net
Access-Control-Allow-Origin: http://en.hasnews.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=fb63b5e0-4881-4676-90ef-796dfb447781:3:1; expires=Mon, 15 May 2023 10:51:21 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 09 May 2023 10:51:21 GMT; secure; SameSite=None
uncs=1; expires=Tue, 09 May 2023 10:51:21 GMT; secure; SameSite=None
pdhtkv5=true; expires=Tue, 09 May 2023 10:51:21 GMT; secure; SameSite=None
uncs5=1; expires=Tue, 09 May 2023 10:51:21 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e94afaa36b2138a003378723c313e94c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
en.hasnews.net/feeds/posts/default?alt=json&max-results=6
216.239.36.21200 OK 14 kB URL GET HTTP/1.1 en.hasnews.net/feeds/posts/default?alt=json&max-results=6
IP 216.239.36.21:80
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (47744), with no line terminators
Hash f359e2f3b95ead3a6fff1e24459c2ffc
1c1f387e43f8c946107daf9e1614de16d86a8bda
8fbbc29d39b279398300b7fe76d447409934dea5f4e2171a6f9702caa90ffe68
GET /feeds/posts/default?alt=json&max-results=6 HTTP/1.1
Host: en.hasnews.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Cookie: _ga_0PQYDTTMJG=GS1.1.1683543079.1.0.1683543079.0.0.0; _ga=GA1.1.719031242.1683543080; dom3ic8zudi28v8lr6fgphwffqoz0j6c=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
ETag: W/"4b1440568c5018fda249f89cbef0df7e23ac195b9c24511ab517a80e01dca13c"
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: application/json; charset=UTF-8
Server: blogger-renderd
Expires: Mon, 08 May 2023 10:51:21 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Last-Modified: Mon, 08 May 2023 10:47:16 GMT
Content-Encoding: gzip
Content-Length: 13457
X-Frame-Options: SAMEORIGIN
en.hasnews.net/feeds/posts/default/-/UK%20Trends?alt=json&max-results=5
216.239.36.21200 OK 8.0 kB URL GET HTTP/1.1 en.hasnews.net/feeds/posts/default/-/UK%20Trends?alt=json&max-results=5
IP 216.239.36.21:80
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (30553), with no line terminators
Hash 741af4236e730ca6e44d2f03f260966b
da10eb61f8d9987e9d764fa364d2841f8150840c
185925bb18afc5aa43d7bf42cedd6caf07c596fb96f8000e7dbd7cf9f0e5a63b
GET /feeds/posts/default/-/UK%20Trends?alt=json&max-results=5 HTTP/1.1
Host: en.hasnews.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Cookie: _ga_0PQYDTTMJG=GS1.1.1683543079.1.0.1683543079.0.0.0; _ga=GA1.1.719031242.1683543080; dom3ic8zudi28v8lr6fgphwffqoz0j6c=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
ETag: W/"adef2e615d230e39fa2409bd1d466f5a6eac38f67869a919e35c00891e3ca0ae"
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: application/json; charset=UTF-8
Server: blogger-renderd
Expires: Mon, 08 May 2023 10:51:21 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Last-Modified: Mon, 08 May 2023 10:47:16 GMT
Content-Encoding: gzip
Content-Length: 7993
X-Frame-Options: SAMEORIGIN
en.hasnews.net/feeds/posts/default/-/USA%20Trends?alt=json&max-results=5
216.239.36.21200 OK 14 kB URL GET HTTP/1.1 en.hasnews.net/feeds/posts/default/-/USA%20Trends?alt=json&max-results=5
IP 216.239.36.21:80
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (46535), with no line terminators
Hash 8d79b30b27b643ed4782e318a212666e
adfb6664285e96698a21cf89be5771a2c7110680
0d513b4f1e155490cf139614a52757bcbcd4a8cf4adaa88e03736a305d6c361e
GET /feeds/posts/default/-/USA%20Trends?alt=json&max-results=5 HTTP/1.1
Host: en.hasnews.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Cookie: _ga_0PQYDTTMJG=GS1.1.1683543079.1.0.1683543079.0.0.0; _ga=GA1.1.719031242.1683543080; dom3ic8zudi28v8lr6fgphwffqoz0j6c=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cross-Origin-Resource-Policy: cross-origin
ETag: W/"139afe8baf6c4b4cdd409feeba3ff9382e783794640ff36b218ad92df2e1886d"
Date: Mon, 08 May 2023 10:51:20 GMT
Content-Type: application/json; charset=UTF-8
Server: blogger-renderd
Expires: Mon, 08 May 2023 10:51:21 GMT
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Last-Modified: Mon, 08 May 2023 10:47:16 GMT
Content-Encoding: gzip
Content-Length: 13789
X-Frame-Options: SAMEORIGIN
investorequalityfrog.com/watch.942731363993.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
173.233.139.164307 Temporary Redirect 0 B URL GET HTTP/1.1 investorequalityfrog.com/watch.942731363993.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
IP 173.233.139.164:443
Certificate IssuerLet's Encrypt
Subjectinvestorequalityfrog.com
Fingerprint0A:6E:42:7D:FB:1D:68:E7:A7:94:22:71:DE:18:39:A1:8C:B0:57:0D
ValidityFri, 28 Apr 2023 01:27:07 GMT - Thu, 27 Jul 2023 01:27:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.942731363993.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1 HTTP/1.1
Host: investorequalityfrog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:21 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://en.hasnews.net
Access-Control-Allow-Origin: http://en.hasnews.net
Access-Control-Allow-Credentials: true
Location: https://investorequalityfrog.com/watch.942731363993.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=7dd6e82a9bff95f7035851db305c0540bb8a986ac966c3cfe91d2e1c8346e1c5d39d6590e1e61f88e631c260c3e2f0e6c840f4981f6140c8e75c6dbdd0ed84d1752011063dfd6ffc5b8d4292eeba8f682d5ec7f710065cd74ca547c6bed8b67c&pst=1683543141&rmtc=t
Set-Cookie: u_pl=19199280; expires=Tue, 09 May 2023 10:51:21 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTE5OTI4MCwiayI6IjA3MDc4ZmMxODIzNzE3MjhiNzU3NjIyNWNlYTE1OWE0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDk0NjUzLCJwaWQiOjgyOTMzNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoicjN6eDJuNmZzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2VuLmhhc25ld3MubmV0LyJ9fQ.SfzZEpo4WTapD2mOAGZgd2iG-Zy0cTa9cdBl8BZnSOs; expires=Mon, 08 May 2023 10:52:21 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e667cd2cff2ba0c79933130f554d7d7a
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
45.133.44.9200 OK 106 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
IP 45.133.44.9:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint6F:9C:41:9B:BA:6A:17:A2:42:F8:28:FF:ED:09:F8:26:12:F1:4C:7B
ValidityThu, 30 Mar 2023 06:08:09 GMT - Wed, 28 Jun 2023 06:08:08 GMT
File type PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size 106 kB (105910 bytes)
Hash a36b92bb68d9b579458560ba9b94862a
782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6
9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e
GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:21 GMT
content-type: image/png
content-length: 105910
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Wed, 10 May 2023 10:51:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/ab/a0/b2/aba0b2fc7778c728f527909c2f93c665/1627917313.png
45.133.44.9200 OK 65 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/ab/a0/b2/aba0b2fc7778c728f527909c2f93c665/1627917313.png
IP 45.133.44.9:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint6F:9C:41:9B:BA:6A:17:A2:42:F8:28:FF:ED:09:F8:26:12:F1:4C:7B
ValidityThu, 30 Mar 2023 06:08:09 GMT - Wed, 28 Jun 2023 06:08:08 GMT
File type PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Hash 7b7a5b41c35f8431cbe8da8d833533ab
763cbed7a77765c52c00a2496c0dcf49f92bb867
c5739d41dd101ae24bc1bed6a0b34f11141d52d690b75a79b43f888ab12b67b2
GET /cti/ab/a0/b2/aba0b2fc7778c728f527909c2f93c665/1627917313.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:21 GMT
content-type: image/png
content-length: 65272
server: nginx/1.17.6
last-modified: Mon, 02 Aug 2021 15:15:21 GMT
etag: "61080c09-fef8"
expires: Wed, 10 May 2023 10:51:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
45.133.44.9200 OK 144 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP 45.133.44.9:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint6F:9C:41:9B:BA:6A:17:A2:42:F8:28:FF:ED:09:F8:26:12:F1:4C:7B
ValidityThu, 30 Mar 2023 06:08:09 GMT - Wed, 28 Jun 2023 06:08:08 GMT
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size 144 kB (144379 bytes)
Hash 33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:21 GMT
content-type: image/png
content-length: 144379
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Wed, 10 May 2023 10:51:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/0a/b1/19/0ab11970b13dadf9c71649681a7b7b25/1663334700.png
45.133.44.9200 OK 63 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/0a/b1/19/0ab11970b13dadf9c71649681a7b7b25/1663334700.png
IP 45.133.44.9:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint6F:9C:41:9B:BA:6A:17:A2:42:F8:28:FF:ED:09:F8:26:12:F1:4C:7B
ValidityThu, 30 Mar 2023 06:08:09 GMT - Wed, 28 Jun 2023 06:08:08 GMT
File type PNG image data, 300 x 250, 8-bit/color RGB, non-interlaced\012- data
Hash ca20347717e56278de527735235fa53c
500f51235625acd96f5c6953ad508853196c6440
4b1caf972f548fd2e2e19b1503154e9df2159d9bc3385f79b9b96b03f90ec58d
GET /cti/0a/b1/19/0ab11970b13dadf9c71649681a7b7b25/1663334700.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:21 GMT
content-type: image/png
content-length: 63011
server: nginx/1.17.6
last-modified: Fri, 16 Sep 2022 13:25:08 GMT
etag: "63247934-f623"
expires: Wed, 10 May 2023 10:51:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/f6/35/b7/f635b77bafc2b1ad71606bdc54eae832/1627915979.png
45.133.44.9200 OK 99 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/f6/35/b7/f635b77bafc2b1ad71606bdc54eae832/1627915979.png
IP 45.133.44.9:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint6F:9C:41:9B:BA:6A:17:A2:42:F8:28:FF:ED:09:F8:26:12:F1:4C:7B
ValidityThu, 30 Mar 2023 06:08:09 GMT - Wed, 28 Jun 2023 06:08:08 GMT
File type PNG image data, 300 x 250, 8-bit/color RGB, non-interlaced\012- data
Hash 59fc14989b83eecea47eb45a035deccf
7045cc026440c00106f4c9af3055ccf1d04eefae
c482478da1573a4ff26d9df46a35f7d273ac2b22fe67c68bf62c45aa62fa7389
GET /cti/f6/35/b7/f635b77bafc2b1ad71606bdc54eae832/1627915979.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:21 GMT
content-type: image/png
content-length: 98812
server: nginx/1.17.6
last-modified: Mon, 02 Aug 2021 14:53:10 GMT
etag: "610806d6-181fc"
expires: Wed, 10 May 2023 10:51:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
variety.com/wp-content/uploads/2021/05/MTV-Movie-TV-Awards.jpg?w=1000&h=563&crop=1
192.0.66.176200 OK 44 kB URL GET HTTP/2 variety.com/wp-content/uploads/2021/05/MTV-Movie-TV-Awards.jpg?w=1000&h=563&crop=1
IP 192.0.66.176:443
Certificate IssuerLet's Encrypt
Subjectvariety.com
FingerprintE7:47:B9:9D:DD:E9:BF:4E:A1:4B:1F:34:38:90:A4:32:CC:94:0A:D7
ValidityTue, 07 Mar 2023 23:31:11 GMT - Mon, 05 Jun 2023 23:31:10 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1000x563, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2e65c13aba6fb8c8b73379233c910779
c87d2510ce926229328035075f1a59d08e1a8870
3701aefc18ca8e192958d71a35f455878d6674eb8cbafe7e66ab19ba210e566e
GET /wp-content/uploads/2021/05/MTV-Movie-TV-Awards.jpg?w=1000&h=563&crop=1 HTTP/1.1
Host: variety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 08 May 2023 10:51:21 GMT
content-type: image/webp
content-length: 43656
last-modified: Fri, 05 May 2023 22:16:09 GMT
etag: "b648e2a6a2c1b471"
vary: Accept
x-cache: HIT
cache-control: max-age=31536000
x-rq: arn2 109 84 443
accept-ranges: bytes
X-Firefox-Spdy: h2
i0.wp.com/timesofsandiego.com/wp-content/uploads/2023/05/Migrants-San-Ysidro.jpg?fit=1183%2C663&ssl=1
192.0.77.2200 OK 118 kB URL GET HTTP/2 i0.wp.com/timesofsandiego.com/wp-content/uploads/2023/05/Migrants-San-Ysidro.jpg?fit=1183%2C663&ssl=1
IP 192.0.77.2:443
Certificate IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1183x663, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 118 kB (117700 bytes)
Hash 7e84753a3d94d2a3a4e4d329d937777b
d4e3f024a946edb064feefd5cd9db900e05685fe
bc48407aea773a3cccabb50fceec5a16bacbcc00fb1aae5b77c8f5335e4d88ab
GET /timesofsandiego.com/wp-content/uploads/2023/05/Migrants-San-Ysidro.jpg?fit=1183%2C663&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 08 May 2023 10:51:21 GMT
content-type: image/webp
content-length: 117700
last-modified: Sun, 07 May 2023 20:32:06 GMT
expires: Wed, 07 May 2025 08:32:06 GMT
cache-control: public, max-age=63115200
link: <https://timesofsandiego.com/wp-content/uploads/2023/05/Migrants-San-Ysidro.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "5ef62852ca3feb87"
vary: Accept
x-nc: HIT arn 6
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
investorequalityfrog.com/watch.942731363993.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=7dd6e82a9bff95f7035851db305c0540bb8a986ac966c3cfe91d2e1c8346e1c5d39d6590e1e61f88e631c260c3e2f0e6c840f4981f6140c8e75c6dbdd0ed84d1752011063dfd6ffc5b8d4292eeba8f682d5ec7f710065cd74ca547c6bed8b67c&pst=1683543141&rmtc=t
173.233.139.164200 OK 2.0 kB URL GET HTTP/1.1 investorequalityfrog.com/watch.942731363993.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=7dd6e82a9bff95f7035851db305c0540bb8a986ac966c3cfe91d2e1c8346e1c5d39d6590e1e61f88e631c260c3e2f0e6c840f4981f6140c8e75c6dbdd0ed84d1752011063dfd6ffc5b8d4292eeba8f682d5ec7f710065cd74ca547c6bed8b67c&pst=1683543141&rmtc=t
IP 173.233.139.164:443
Certificate IssuerLet's Encrypt
Subjectinvestorequalityfrog.com
Fingerprint0A:6E:42:7D:FB:1D:68:E7:A7:94:22:71:DE:18:39:A1:8C:B0:57:0D
ValidityFri, 28 Apr 2023 01:27:07 GMT - Thu, 27 Jul 2023 01:27:06 GMT
File type HTML document, ASCII text, with very long lines (2428)
Hash 13ccc020a0e04a9cd748721234b55d59
f1753efd885f2cfbb10cf49e009b133f172a1214
c4faddfa51ab168265369a8954a9b7708f782f64c711fdf1af927be51bd8bbcd
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.942731363993.js?key=07078fc182371728b7576225cea159a4&kw=%5B%22hasnews%22%5D&refer=http%3A%2F%2Fen.hasnews.net%2F&tz=0&dev=e&res=12.2077&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1&shu=7dd6e82a9bff95f7035851db305c0540bb8a986ac966c3cfe91d2e1c8346e1c5d39d6590e1e61f88e631c260c3e2f0e6c840f4981f6140c8e75c6dbdd0ed84d1752011063dfd6ffc5b8d4292eeba8f682d5ec7f710065cd74ca547c6bed8b67c&pst=1683543141&rmtc=t HTTP/1.1
Host: investorequalityfrog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
Referer: http://en.hasnews.net/
DNT: 1
Connection: keep-alive
Cookie: u_pl=19199280; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTE5OTI4MCwiayI6IjA3MDc4ZmMxODIzNzE3MjhiNzU3NjIyNWNlYTE1OWE0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDk0NjUzLCJwaWQiOjgyOTMzNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoicjN6eDJuNmZzIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE3OTA4ODk0OCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMjQzODYsImJuIjoiRmlyZWZveCIsImJ2IjoiMTExLjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2VuLmhhc25ld3MubmV0LyJ9fQ.SfzZEpo4WTapD2mOAGZgd2iG-Zy0cTa9cdBl8BZnSOs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://en.hasnews.net
Access-Control-Allow-Origin: http://en.hasnews.net
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=fb63b5e0-4881-4676-90ef-796dfb447781:3:1; expires=Mon, 15 May 2023 10:51:21 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 09 May 2023 10:51:21 GMT; secure; SameSite=None
uncs=1; expires=Tue, 09 May 2023 10:51:21 GMT; secure; SameSite=None
pdhtkv23=true; expires=Tue, 09 May 2023 10:51:21 GMT; secure; SameSite=None
uncs23=1; expires=Tue, 09 May 2023 10:51:21 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d343926357f26969da054b9facb7601f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.rollingstone.com/wp-content/uploads/2023/05/ed-sheeran-trial-podcast.jpg?w=1600&h=900&crop=1
192.0.66.114200 OK 389 kB URL GET HTTP/2 www.rollingstone.com/wp-content/uploads/2023/05/ed-sheeran-trial-podcast.jpg?w=1600&h=900&crop=1
IP 192.0.66.114:443
Certificate IssuerLet's Encrypt
Subjectrollingstone.com
FingerprintBF:91:84:C7:22:3C:E7:86:1C:1D:D7:BA:43:47:93:A3:D1:B0:64:AB
ValiditySat, 22 Apr 2023 15:18:27 GMT - Fri, 21 Jul 2023 15:18:26 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1600x900, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 389 kB (388764 bytes)
Hash 921cba5ae4e0bbc703cbcaf6de2989c5
1be3132bd2cfc021c344ca32b8e3498542f5d9a5
107ce29c0bf19aa7dd3ac274ca0d20475ba4da693ad864da489d559b6870c101
GET /wp-content/uploads/2023/05/ed-sheeran-trial-podcast.jpg?w=1600&h=900&crop=1 HTTP/1.1
Host: www.rollingstone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 08 May 2023 10:51:21 GMT
content-type: image/webp
content-length: 388764
last-modified: Mon, 08 May 2023 02:23:32 GMT
etag: "a3c54881323bcd12"
vary: Accept
x-rq: arn1 109 88 443
x-cache: HIT
cache-control: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
a2.espncdn.com/combiner/i?img=%2Fphoto%2F2023%2F0508%2Fr1170120_1296x729_16%2D9.jpg
23.36.76.162200 OK 222 kB URL GET HTTP/2 a2.espncdn.com/combiner/i?img=%2Fphoto%2F2023%2F0508%2Fr1170120_1296x729_16%2D9.jpg
IP 23.36.76.162:443
ASN #20940 Akamai International B.V.
Certificate IssuerEntrust, Inc.
Subjecta.espncdn.com
Fingerprint80:4D:03:BD:76:EB:C1:42:AB:D2:56:D9:82:C6:0F:48:4D:E2:9D:C8
ValidityTue, 30 Aug 2022 17:25:59 GMT - Sat, 30 Sep 2023 17:25:59 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1296x729, components 3\012- data
Size 222 kB (221837 bytes)
Hash 66434d11ab622abe4d7dbc60a2ad3f62
d2ece6ad98cf28a2e39ee6f1660fd909628565e4
6f7f1ab7598e64a95a4713d4d426b3c06be1b161254989037c398a2c9d97a783
GET /combiner/i?img=%2Fphoto%2F2023%2F0508%2Fr1170120_1296x729_16%2D9.jpg HTTP/1.1
Host: a2.espncdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
content-length: 221837
last-modified: Mon, 08 May 2023 01:18:35 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=52133
expires: Tue, 09 May 2023 01:20:14 GMT
date: Mon, 08 May 2023 10:51:21 GMT
X-Firefox-Spdy: h2
www.nottscountyfc.co.uk/siteassets/image/2022-23-images/matches/national-league/play-offs/boreham-wood/baldwin-celebration-match-report-1600.png
104.18.7.213200 OK 2.5 MB URL GET HTTP/2 www.nottscountyfc.co.uk/siteassets/image/2022-23-images/matches/national-league/play-offs/boreham-wood/baldwin-celebration-match-report-1600.png
IP 104.18.7.213:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint6B:C1:7E:65:F8:A6:4B:72:EC:82:C8:AA:10:18:63:54:0B:1D:AF:3B
ValiditySat, 22 Apr 2023 00:00:00 GMT - Sun, 21 Apr 2024 23:59:59 GMT
File type PNG image data, 1360 x 765, 8-bit/color RGBA, non-interlaced\012- data
Size 2.5 MB (2513069 bytes)
Hash 8ae1c91704aa87695538a8aa09c14383
397f9b5e083d0c79c335e6fde196d62bf455a130
dd148cd32d85de211b87af19f8c8994052fe521f94d9c0b572e16fae872f0d79
GET /siteassets/image/2022-23-images/matches/national-league/play-offs/boreham-wood/baldwin-celebration-match-report-1600.png HTTP/1.1
Host: www.nottscountyfc.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:21 GMT
content-type: image/png
content-length: 2513069
access-control-expose-headers: Request-Context
cache-control: public
etag: "1D9810C09507A00"
expires: Mon, 08 May 2023 22:51:21 GMT
last-modified: Sun, 07 May 2023 17:47:48 GMT
arr-disable-session-affinity: True
x-generated-time: 08/05/2023 10:51:21
request-context: appId=cid-v1:cb340336-af09-43b6-9693-6a0a1f335392
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4125a23a06b527-OSL
X-Firefox-Spdy: h2
imgs.classicfm.com/images/577175?width=1200&crop=16_9&signature=rhqYbyQ7V7eUWAp_J02wf9djJIo=
81.20.53.3200 OK 102 kB URL GET HTTP/1.1 imgs.classicfm.com/images/577175?width=1200&crop=16_9&signature=rhqYbyQ7V7eUWAp_J02wf9djJIo=
IP 81.20.53.3:443
ASN #39202 Global Radio Limited
Certificate IssuerDigiCert Inc
Subject*.classicfm.com
Fingerprint6A:33:96:FA:F1:D2:5E:B2:91:34:BA:E6:0F:BF:BE:58:6E:66:B2:F6
ValidityWed, 02 Nov 2022 00:00:00 GMT - Wed, 29 Nov 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3\012- data
Size 102 kB (102423 bytes)
Hash 335ea21459864cdd717ca496961314fc
37bfa727ac2722ff52038e37e138d89c72fc2724
8889bf804d4f8814da7ac7c7ba9cb17ad7bf2576cf49f02b2c3c3cf12117b065
GET /images/577175?width=1200&crop=16_9&signature=rhqYbyQ7V7eUWAp_J02wf9djJIo= HTTP/1.1
Host: imgs.classicfm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Mon, 08 May 2023 10:51:21 GMT
content-type: image/jpeg
content-length: 102423
etag: "37bfa727ac2722ff52038e37e138d89c72fc2724"
last-modified: Sun, 07 May 2023 20:25:29 GMT
x-image-width: 1200
x-image-height: 675
access-control-allow-origin: *
expires: Tue, 06 Jun 2023 20:25:29 GMT
cache-control: max-age=2592000, s-maxage=604800
age: 51951
accept-ranges: bytes
feature-policy: geolocation none; microphone none; camera none; magnetometer none; gyroscope none
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
i2-prod.leeds-live.co.uk/incoming/article26866591.ece/ALTERNATES/s1200/0_mark-owen-2.png
54.230.111.98200 OK 17 kB URL GET HTTP/2 i2-prod.leeds-live.co.uk/incoming/article26866591.ece/ALTERNATES/s1200/0_mark-owen-2.png
IP 54.230.111.98:443
Certificate IssuerAmazon
Subjectmirror.co.uk
Fingerprint01:CE:6C:66:9F:D0:38:F6:59:A2:89:E9:37:2C:53:86:FE:99:73:5D
ValidityMon, 17 Oct 2022 00:00:00 GMT - Wed, 15 Nov 2023 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x630, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c53fe984ff6d30aa702c97f2877c5236
86cc4a9837c62df6cf34449326f63a2bd1d85e3d
b25c278c81694e5af3b5b113a9c4dfb3cf43626403201c56c0bdf56800c1f1e7
GET /incoming/article26866591.ece/ALTERNATES/s1200/0_mark-owen-2.png HTTP/1.1
Host: i2-prod.leeds-live.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/webp
content-length: 17118
date: Mon, 08 May 2023 10:51:21 GMT
server: Apache-Coyote/1.1
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self';
access-control-allow-origin: *
last-modified: Sun, 07 May 2023 21:19:25 GMT
access-control-allow-headers: X-Requested-With
x-removedcookies: YES
cache-control: max-age=2592000
x-varnish: 984213430
x-served-by: reg-cache-plus302.tm-aws.com
via: 1.1 varnish, 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FiYqQlZjR8zka5bjwTdh2TC-axnQ1yND5upYkNFcy58d4RJVxXVTqw==
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/36/90/13/369013892c357d415d1ad7748ed75879/1627917230.png
45.133.44.9200 OK 62 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/36/90/13/369013892c357d415d1ad7748ed75879/1627917230.png
IP 45.133.44.9:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint6F:9C:41:9B:BA:6A:17:A2:42:F8:28:FF:ED:09:F8:26:12:F1:4C:7B
ValidityThu, 30 Mar 2023 06:08:09 GMT - Wed, 28 Jun 2023 06:08:08 GMT
File type PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Hash aab722bc84ce26456c71f76bf135d39d
931d9bda71c71ca06e3774c1d67d9842b2c2dc7e
47f5ef20379af39109b365fa5700137a998dd749ca0ea5faf3e82b94be508c59
GET /cti/36/90/13/369013892c357d415d1ad7748ed75879/1627917230.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:21 GMT
content-type: image/png
content-length: 61633
server: nginx/1.17.6
last-modified: Mon, 02 Aug 2021 15:13:57 GMT
etag: "61080bb5-f0c1"
expires: Wed, 10 May 2023 10:51:21 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
imgs.goldradiouk.com/images/577177?width=1200&crop=16_9&signature=A11w9G509XbKWjtb0elj6F7dCWQ=
81.20.53.3200 OK 91 kB URL GET HTTP/1.1 imgs.goldradiouk.com/images/577177?width=1200&crop=16_9&signature=A11w9G509XbKWjtb0elj6F7dCWQ=
IP 81.20.53.3:443
ASN #39202 Global Radio Limited
Certificate IssuerDigiCert Inc
Subject*.goldradiouk.com
FingerprintBA:65:C6:E8:2C:E7:E0:98:4B:43:2B:58:E9:A2:EF:79:33:BB:8A:0A
ValidityWed, 15 Mar 2023 00:00:00 GMT - Fri, 12 Apr 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3\012- data
Hash 87a6c0a7993e9beb6a0c2ba875491940
69e40425c88e043f2c9ba4f6908255f175c1a666
5122c7311f226c94a47809138162ad32be54574f1ca1562492635d3c2d50e6d8
GET /images/577177?width=1200&crop=16_9&signature=A11w9G509XbKWjtb0elj6F7dCWQ= HTTP/1.1
Host: imgs.goldradiouk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Mon, 08 May 2023 10:51:21 GMT
content-type: image/jpeg
content-length: 91424
etag: "69e40425c88e043f2c9ba4f6908255f175c1a666"
last-modified: Sun, 07 May 2023 21:24:06 GMT
x-image-width: 1200
x-image-height: 675
access-control-allow-origin: *
expires: Tue, 06 Jun 2023 21:24:06 GMT
cache-control: max-age=2592000, s-maxage=604800
age: 48434
accept-ranges: bytes
feature-policy: geolocation none; microphone none; camera none; magnetometer none; gyroscope none
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash ddc44ea85aee11d82c46f746bb6a8957
c53800d96f811c42ba907123ed5419e4b4981b7f
8ddb8745db496cd9b49ac770c5a4d6d23b58001643a626f87e8a949d3e22392a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a2.espncdn.com/combiner/i?img=%2Fphoto%2F2023%2F0507%2Fr1169862_1296x729_16%2D9.jpg
23.36.76.162200 OK 472 B URL GET HTTP/2 a2.espncdn.com/combiner/i?img=%2Fphoto%2F2023%2F0507%2Fr1169862_1296x729_16%2D9.jpg
IP 23.36.76.162:443
ASN #20940 Akamai International B.V.
Certificate IssuerEntrust, Inc.
Subjecta.espncdn.com
Fingerprint80:4D:03:BD:76:EB:C1:42:AB:D2:56:D9:82:C6:0F:48:4D:E2:9D:C8
ValidityTue, 30 Aug 2022 17:25:59 GMT - Sat, 30 Sep 2023 17:25:59 GMT
Hash ddc44ea85aee11d82c46f746bb6a8957
c53800d96f811c42ba907123ed5419e4b4981b7f
8ddb8745db496cd9b49ac770c5a4d6d23b58001643a626f87e8a949d3e22392a
GET /combiner/i?img=%2Fphoto%2F2023%2F0507%2Fr1169862_1296x729_16%2D9.jpg HTTP/1.1
Host: a2.espncdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
content-length: 161099
last-modified: Sun, 07 May 2023 18:23:22 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=28270
expires: Mon, 08 May 2023 18:42:31 GMT
date: Mon, 08 May 2023 10:51:21 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash ddc44ea85aee11d82c46f746bb6a8957
c53800d96f811c42ba907123ed5419e4b4981b7f
8ddb8745db496cd9b49ac770c5a4d6d23b58001643a626f87e8a949d3e22392a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash ddc44ea85aee11d82c46f746bb6a8957
c53800d96f811c42ba907123ed5419e4b4981b7f
8ddb8745db496cd9b49ac770c5a4d6d23b58001643a626f87e8a949d3e22392a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
findingattending.com/sbar.json?key=60cdd84aa09bd290de1377709d4f4f02&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
173.233.139.164200 OK 4.0 kB URL GET HTTP/1.1 findingattending.com/sbar.json?key=60cdd84aa09bd290de1377709d4f4f02&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1
IP 173.233.139.164:443
Certificate IssuerLet's Encrypt
Subjectfindingattending.com
FingerprintE7:89:CC:29:C7:58:F9:4C:FA:77:07:F4:8D:17:04:3C:90:C7:9D:21
ValidityMon, 01 May 2023 19:16:04 GMT - Sun, 30 Jul 2023 19:16:03 GMT
File type JSON data\012- , ASCII text, with very long lines (5679), with no line terminators
Hash ee71a39f5f4cef7570735264dfd700f6
e57144c9bbcba68209ae1cca202b203279d41ca8
561e0d75a39b3718521600eb89a40dddf0ccf293da35037c6eb5810d2a65f0f2
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=60cdd84aa09bd290de1377709d4f4f02&uuid=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1 HTTP/1.1
Host: findingattending.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:22 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://en.hasnews.net
Access-Control-Allow-Origin: http://en.hasnews.net
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=19199338; expires=Tue, 09 May 2023 10:51:21 GMT; secure; SameSite=None
uid_id2=fb63b5e0-4881-4676-90ef-796dfb447781:3:1; expires=Mon, 15 May 2023 10:51:21 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 09 May 2023 10:51:22 GMT; secure; SameSite=None
uncs=1; expires=Tue, 09 May 2023 10:51:22 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 09 May 2023 10:51:22 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 09 May 2023 10:51:22 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c0d125ad58752697f693f5d5865ddd3b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
lh3.googleusercontent.com/blogger_img_proxy/AByxGDQfZNaNsbMXb99qfmm66gM7rkQ7iYieP1zSewjklCV_FMziChAB9_C_tJsMM36nYzBZeOD51EQ_hkSkKILpG983nrj2xOMYku-ZcckMEEi1xiqo9aJBJntOlFE52Psfq1up7jq4A5sctipqrCoXmzxKzoEFpzmE7lcRYaVZLw7oUYv3REwKr8LzFipSOJRQZ9LbVJHI1P6FbLvdSd-E5IUIIIGl0i_L_06N3v8QaMuj95AiBYfJSIjRY7LA4WZJRUG4_ZNGhtpSw4psqZcMmun8ilCsQiHWQQHfPj5ok-AYVlWU6-XUR4vTA_GMqydrAbGVsHIPEyDsKO7PYr40QCf5rWd66lr1Ql5H4YfLFvJDc66o9Fz1b5vmQvZvEkwDh-MwISqwq9qQ5Fm7dvUNHw=w308-h187-p-k-no-nu
142.250.74.97200 OK 23 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDQfZNaNsbMXb99qfmm66gM7rkQ7iYieP1zSewjklCV_FMziChAB9_C_tJsMM36nYzBZeOD51EQ_hkSkKILpG983nrj2xOMYku-ZcckMEEi1xiqo9aJBJntOlFE52Psfq1up7jq4A5sctipqrCoXmzxKzoEFpzmE7lcRYaVZLw7oUYv3REwKr8LzFipSOJRQZ9LbVJHI1P6FbLvdSd-E5IUIIIGl0i_L_06N3v8QaMuj95AiBYfJSIjRY7LA4WZJRUG4_ZNGhtpSw4psqZcMmun8ilCsQiHWQQHfPj5ok-AYVlWU6-XUR4vTA_GMqydrAbGVsHIPEyDsKO7PYr40QCf5rWd66lr1Ql5H4YfLFvJDc66o9Fz1b5vmQvZvEkwDh-MwISqwq9qQ5Fm7dvUNHw=w308-h187-p-k-no-nu
IP 142.250.74.97:443
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint5B:7C:CC:9B:35:65:AF:5C:4A:0A:CA:A9:D5:41:DA:66:86:43:19:CD
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 308x187, components 3\012- data
Hash eb14eef72559312bf7cdb95d8e454a8a
6cc1d8af2705c858132822990e3ce0879e99b7eb
54e12f8838dca0a4f3b3d3012820b4cfd4afca3d74c8b5d259e84e462c488bef
GET /blogger_img_proxy/AByxGDQfZNaNsbMXb99qfmm66gM7rkQ7iYieP1zSewjklCV_FMziChAB9_C_tJsMM36nYzBZeOD51EQ_hkSkKILpG983nrj2xOMYku-ZcckMEEi1xiqo9aJBJntOlFE52Psfq1up7jq4A5sctipqrCoXmzxKzoEFpzmE7lcRYaVZLw7oUYv3REwKr8LzFipSOJRQZ9LbVJHI1P6FbLvdSd-E5IUIIIGl0i_L_06N3v8QaMuj95AiBYfJSIjRY7LA4WZJRUG4_ZNGhtpSw4psqZcMmun8ilCsQiHWQQHfPj5ok-AYVlWU6-XUR4vTA_GMqydrAbGVsHIPEyDsKO7PYr40QCf5rWd66lr1Ql5H4YfLFvJDc66o9Fz1b5vmQvZvEkwDh-MwISqwq9qQ5Fm7dvUNHw=w308-h187-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Tue, 09 May 2023 10:51:22 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Mon, 08 May 2023 10:51:22 GMT
server: fife
content-length: 22747
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.wokv.com/resizer/UWUhUKwuvae73r023WlszYT_gWc=/1440x810/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/G55WOCULCKWUURDUCDHNTTD4JQ.jpg
104.84.152.81200 OK 75 kB URL GET HTTP/2 www.wokv.com/resizer/UWUhUKwuvae73r023WlszYT_gWc=/1440x810/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/G55WOCULCKWUURDUCDHNTTD4JQ.jpg
IP 104.84.152.81:443
ASN #20940 Akamai International B.V.
Certificate IssuerLet's Encrypt
Subjectcmg.web.arc-cdn.net
Fingerprint36:82:84:25:9A:F6:94:AC:AF:27:6A:D1:D4:AA:62:37:C6:5B:E8:7C
ValidityMon, 20 Mar 2023 18:47:47 GMT - Sun, 18 Jun 2023 18:47:46 GMT
File type ISO Media, AVIF Image\012- data
Hash dd7e290a77aacbb7f2a6f1fdd1546128
fdb79c74d81fbc56799db9c55369fca10d3213a2
f76501a2b39277015a0c4ead7667544769117db878b174d5c0744f93a0342952
GET /resizer/UWUhUKwuvae73r023WlszYT_gWc=/1440x810/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/G55WOCULCKWUURDUCDHNTTD4JQ.jpg HTTP/1.1
Host: www.wokv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Mon, 08 May 2023 03:51:36 GMT
etag: "afac43ced3a37d3ffaaa855d5ac16c395194bab4"
server: Akamai Image Manager
content-length: 74878
content-type: image/avif
cache-control: private, no-transform, max-age=31510869
expires: Tue, 07 May 2024 03:52:31 GMT
date: Mon, 08 May 2023 10:51:22 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=302, ak_p; desc="467650_1750374477_129070020_30145_10647_8_0";dur=1
content-security-policy: upgrade-insecure-requests, upgrade-insecure-requests
x-arc-request-id: 0.4d985468.1683543081.7b173c4
akamai-true-ttl: 31536000
X-Firefox-Spdy: h2
en.hasnews.net/favicon.ico
216.239.36.21200 OK 94 B URL GET HTTP/1.1 en.hasnews.net/favicon.ico
IP 216.239.36.21:80
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash d0bbfb35df9f549e8fa3d6c6a8c9ec85
b6e303e1b3ff4d8fc9d1271f3c107326eff9b02f
5d413eeb35cdb0e5cb5f66d202ee455c16ce0daa2c9ac4fca1c202b63f939528
GET /favicon.ico HTTP/1.1
Host: en.hasnews.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Cookie: _ga_0PQYDTTMJG=GS1.1.1683543079.1.0.1683543079.0.0.0; _ga=GA1.1.719031242.1683543080; dom3ic8zudi28v8lr6fgphwffqoz0j6c=fb63b5e0-4881-4676-90ef-796dfb447781%3A3%3A1; sb_main_60cdd84aa09bd290de1377709d4f4f02=1; sb_count_60cdd84aa09bd290de1377709d4f4f02=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: image/x-icon; charset=UTF-8
Expires: Mon, 08 May 2023 10:51:22 GMT
Date: Mon, 08 May 2023 10:51:22 GMT
Cache-Control: private, max-age=86400
Last-Modified: Mon, 08 May 2023 10:47:16 GMT
ETag: W/"83626b78ff04de749c71cacb9dc6d9a737f50388f710783143b3fd0f13caa4a5"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 94
Server: GSE
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash ddc44ea85aee11d82c46f746bb6a8957
c53800d96f811c42ba907123ed5419e4b4981b7f
8ddb8745db496cd9b49ac770c5a4d6d23b58001643a626f87e8a949d3e22392a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 08 May 2023 10:51:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lh3.googleusercontent.com/blogger_img_proxy/AByxGDRxbKe3HpNYME8V4D9KaTc6Nkg4uZE3OGQucMbNCu0Lr95c7Im5j9hF-PraoFWGAWPfIlwwvHwBHQXU76cCFiufLm98BjNEsHLhmPtCmdDPaha0knTSyxX3gCpXT8ba7Y9zQ0aQEvCowY5a0YmzCgThnLcpJgpD3bzykxHlWwx1erJe6PUqYnsdkcPM7PbkMeiI_QmPFqxSDBFxLqSPcrkH9BUkXjOLY6C5cQc71W-794YYcmf03S3SOnbzAjkISujmWRT9MUCqZeaTPy9bj7h4scO2=w110-h72-p-k-no-nu
142.250.74.97200 OK 3.9 kB URL GET HTTP/2 lh3.googleusercontent.com/blogger_img_proxy/AByxGDRxbKe3HpNYME8V4D9KaTc6Nkg4uZE3OGQucMbNCu0Lr95c7Im5j9hF-PraoFWGAWPfIlwwvHwBHQXU76cCFiufLm98BjNEsHLhmPtCmdDPaha0knTSyxX3gCpXT8ba7Y9zQ0aQEvCowY5a0YmzCgThnLcpJgpD3bzykxHlWwx1erJe6PUqYnsdkcPM7PbkMeiI_QmPFqxSDBFxLqSPcrkH9BUkXjOLY6C5cQc71W-794YYcmf03S3SOnbzAjkISujmWRT9MUCqZeaTPy9bj7h4scO2=w110-h72-p-k-no-nu
IP 142.250.74.97:443
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint5B:7C:CC:9B:35:65:AF:5C:4A:0A:CA:A9:D5:41:DA:66:86:43:19:CD
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 110x72, components 3\012- data
Hash 80666f252703b4e3ccd0d725eb6d3089
493e42d5087da0e6a10b33a820c847b4efaadc44
181d69ab9674d9b4b0657fd10fb5c4587b3e8dabb8b4ae9b2f29154a6f81461d
GET /blogger_img_proxy/AByxGDRxbKe3HpNYME8V4D9KaTc6Nkg4uZE3OGQucMbNCu0Lr95c7Im5j9hF-PraoFWGAWPfIlwwvHwBHQXU76cCFiufLm98BjNEsHLhmPtCmdDPaha0knTSyxX3gCpXT8ba7Y9zQ0aQEvCowY5a0YmzCgThnLcpJgpD3bzykxHlWwx1erJe6PUqYnsdkcPM7PbkMeiI_QmPFqxSDBFxLqSPcrkH9BUkXjOLY6C5cQc71W-794YYcmf03S3SOnbzAjkISujmWRT9MUCqZeaTPy9bj7h4scO2=w110-h72-p-k-no-nu HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
expires: Tue, 09 May 2023 10:51:22 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
date: Mon, 08 May 2023 10:51:22 GMT
server: fife
content-length: 3854
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
findingattending.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSv28cRRidTaIUQMGvBgTSFRG%2FhM%2Bze%2BvbW1KghGBkYeKQgEiHZndmzxPPzaxmdm%2FPFhIWkVDKo6Fev7NjAZYFf0AQOtNFQvJB4wIXSPkDECI1Otvi4Gu%2B9773FW%2FeN19ulceEomRHix%2BYDakUm19o0sZrt33%2FcmNZ6nLQGHTan7bDyw3bf8uncZO%2B3nhPpGtmPqA%2BpT71G4vSiswM5n3fb1LIfC%2F2mzFthkHTXwgxsP%2FnrvTgmAfePybPQvLJE3v7IWQ6hu59f024tcLkb77bKxUrjEWf736s17SpNHozmFkPmd4924Zxh4s%2FwuidE8Mw%2FX8XEzkh3qM%2FkOjdM5dI%2BjunRhMFoZHwJ1H1xxBqDMnGSM1dSH5IgJTj%2Bgp07%2F51Yyu2fqqyqTohFx7%2FBVlNyIXfn4fu7V9VctC4ZVRZSKMdBlkNORhDdsfIywMUG%2BcgqwOkxReQ%2FBcy%2F3gZure94pSB5EeXsqTdShYEnQs7HX8ubEftuZiKbC6K2zxLwjCKOv5JQlKOIbMxlBiCufMonYdSeigzD2XuocePGlEadjq8s8CZSNMgyfxOFmZhzFKapbQVByjT6RuGKPIhUjVEajeR202sySFs%2BRPcag3HL8IVE%2BJ9%2BDn6vEYlCCpHUDGCShJUBUHVr3e4coGr73PlysQ%2F68FZb9UjU3S32I4pukKTrfyYPDMNz7v09x2siaNGm6acd0LGaJzwIKZc%2BK0oimjMwyzMaAAna0h3Dsx52JAT8srTD5DLCXlq92sk7ABOHSCVL4GVL4NVoyigYKujsEOxofeFbq4yp0XlmloU4KZGXlxAse5tqWPywskZX330IkT6kJwVUlsjtzXuyJ8Juure6KapyPZNUznyw0peyJ7cYNMT3ypYIS5%2B%2B75Yr4zlS9fc8Jsr6VSYwr2PhCuWmeZSdx357qrkXNhFY1NBHiy5T0Ryo3SrV0ury3z5xjuLS73cCuek0WMwefhZG6mckItXdk4%2B73N%2FBpB2DFvW6JUzp9KMkeabcPls5gyBVTOe5B6qsh7ZIJkNlSRQYsZZUsP9hyczvOXuoWs9sOIudK9G39boqxpMDeHK86Mitw%2Ff%2FrV1UkiUN0qU9bYTZdVXp9E6edQQkWjHcUjDiFOahDwI%2FAWRslbIYhYEWYTCTfjt3974BwAA%2F%2F8BAAD%2F%2F368qruJBAAA
173.233.139.164200 OK 7 B URL GET HTTP/1.1 findingattending.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSv28cRRidTaIUQMGvBgTSFRG%2FhM%2Bze%2BvbW1KghGBkYeKQgEiHZndmzxPPzaxmdm%2FPFhIWkVDKo6Fev7NjAZYFf0AQOtNFQvJB4wIXSPkDECI1Otvi4Gu%2B9773FW%2FeN19ulceEomRHix%2BYDakUm19o0sZrt33%2FcmNZ6nLQGHTan7bDyw3bf8uncZO%2B3nhPpGtmPqA%2BpT71G4vSiswM5n3fb1LIfC%2F2mzFthkHTXwgxsP%2FnrvTgmAfePybPQvLJE3v7IWQ6hu59f024tcLkb77bKxUrjEWf736s17SpNHozmFkPmd4924Zxh4s%2FwuidE8Mw%2FX8XEzkh3qM%2FkOjdM5dI%2BjunRhMFoZHwJ1H1xxBqDMnGSM1dSH5IgJTj%2Bgp07%2F51Yyu2fqqyqTohFx7%2FBVlNyIXfn4fu7V9VctC4ZVRZSKMdBlkNORhDdsfIywMUG%2BcgqwOkxReQ%2FBcy%2F3gZure94pSB5EeXsqTdShYEnQs7HX8ubEftuZiKbC6K2zxLwjCKOv5JQlKOIbMxlBiCufMonYdSeigzD2XuocePGlEadjq8s8CZSNMgyfxOFmZhzFKapbQVByjT6RuGKPIhUjVEajeR202sySFs%2BRPcag3HL8IVE%2BJ9%2BDn6vEYlCCpHUDGCShJUBUHVr3e4coGr73PlysQ%2F68FZb9UjU3S32I4pukKTrfyYPDMNz7v09x2siaNGm6acd0LGaJzwIKZc%2BK0oimjMwyzMaAAna0h3Dsx52JAT8srTD5DLCXlq92sk7ABOHSCVL4GVL4NVoyigYKujsEOxofeFbq4yp0XlmloU4KZGXlxAse5tqWPywskZX330IkT6kJwVUlsjtzXuyJ8Juure6KapyPZNUznyw0peyJ7cYNMT3ypYIS5%2B%2B75Yr4zlS9fc8Jsr6VSYwr2PhCuWmeZSdx357qrkXNhFY1NBHiy5T0Ryo3SrV0ury3z5xjuLS73cCuek0WMwefhZG6mckItXdk4%2B73N%2FBpB2DFvW6JUzp9KMkeabcPls5gyBVTOe5B6qsh7ZIJkNlSRQYsZZUsP9hyczvOXuoWs9sOIudK9G39boqxpMDeHK86Mitw%2Ff%2FrV1UkiUN0qU9bYTZdVXp9E6edQQkWjHcUjDiFOahDwI%2FAWRslbIYhYEWYTCTfjt3974BwAA%2F%2F8BAAD%2F%2F368qruJBAAA
IP 173.233.139.164:443
Certificate IssuerLet's Encrypt
Subjectfindingattending.com
FingerprintE7:89:CC:29:C7:58:F9:4C:FA:77:07:F4:8D:17:04:3C:90:C7:9D:21
ValidityMon, 01 May 2023 19:16:04 GMT - Sun, 30 Jul 2023 19:16:03 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSv28cRRidTaIUQMGvBgTSFRG%2FhM%2Bze%2BvbW1KghGBkYeKQgEiHZndmzxPPzaxmdm%2FPFhIWkVDKo6Fev7NjAZYFf0AQOtNFQvJB4wIXSPkDECI1Otvi4Gu%2B9773FW%2FeN19ulceEomRHix%2BYDakUm19o0sZrt33%2FcmNZ6nLQGHTan7bDyw3bf8uncZO%2B3nhPpGtmPqA%2BpT71G4vSiswM5n3fb1LIfC%2F2mzFthkHTXwgxsP%2FnrvTgmAfePybPQvLJE3v7IWQ6hu59f024tcLkb77bKxUrjEWf736s17SpNHozmFkPmd4924Zxh4s%2FwuidE8Mw%2FX8XEzkh3qM%2FkOjdM5dI%2BjunRhMFoZHwJ1H1xxBqDMnGSM1dSH5IgJTj%2Bgp07%2F51Yyu2fqqyqTohFx7%2FBVlNyIXfn4fu7V9VctC4ZVRZSKMdBlkNORhDdsfIywMUG%2BcgqwOkxReQ%2FBcy%2F3gZure94pSB5EeXsqTdShYEnQs7HX8ubEftuZiKbC6K2zxLwjCKOv5JQlKOIbMxlBiCufMonYdSeigzD2XuocePGlEadjq8s8CZSNMgyfxOFmZhzFKapbQVByjT6RuGKPIhUjVEajeR202sySFs%2BRPcag3HL8IVE%2BJ9%2BDn6vEYlCCpHUDGCShJUBUHVr3e4coGr73PlysQ%2F68FZb9UjU3S32I4pukKTrfyYPDMNz7v09x2siaNGm6acd0LGaJzwIKZc%2BK0oimjMwyzMaAAna0h3Dsx52JAT8srTD5DLCXlq92sk7ABOHSCVL4GVL4NVoyigYKujsEOxofeFbq4yp0XlmloU4KZGXlxAse5tqWPywskZX330IkT6kJwVUlsjtzXuyJ8Juure6KapyPZNUznyw0peyJ7cYNMT3ypYIS5%2B%2B75Yr4zlS9fc8Jsr6VSYwr2PhCuWmeZSdx357qrkXNhFY1NBHiy5T0Ryo3SrV0ury3z5xjuLS73cCuek0WMwefhZG6mckItXdk4%2B73N%2FBpB2DFvW6JUzp9KMkeabcPls5gyBVTOe5B6qsh7ZIJkNlSRQYsZZUsP9hyczvOXuoWs9sOIudK9G39boqxpMDeHK86Mitw%2Ff%2FrV1UkiUN0qU9bYTZdVXp9E6edQQkWjHcUjDiFOahDwI%2FAWRslbIYhYEWYTCTfjt3974BwAA%2F%2F8BAAD%2F%2F368qruJBAAA HTTP/1.1
Host: findingattending.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Cookie: u_pl=19199338; uid_id2=fb63b5e0-4881-4676-90ef-796dfb447781:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:22 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d4aa397214b5f0eaf70103291413fdf2
Strict-Transport-Security: max-age=0; includeSubdomains
blogger.googleusercontent.com/img/a/AVvXsEg1Bb4a_ggYBlNLzJDWfbKU16_p5DJjSiMCzw6nBhddLjJwDmh9lrxJduiV6b-aCtHpPy0tFrFZsEqEe_ZIDLrDj_Lt5WZKMDbnmUXnNZrgKt4Ebv65AGIxg1RkWNlaJuqDab59sCPgvUseqQ5PrkYchZjobW1FMUUyYXmcmPVTksG7GkcsxkIlY-2e=s132
142.250.74.97200 OK 1.8 kB URL GET HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEg1Bb4a_ggYBlNLzJDWfbKU16_p5DJjSiMCzw6nBhddLjJwDmh9lrxJduiV6b-aCtHpPy0tFrFZsEqEe_ZIDLrDj_Lt5WZKMDbnmUXnNZrgKt4Ebv65AGIxg1RkWNlaJuqDab59sCPgvUseqQ5PrkYchZjobW1FMUUyYXmcmPVTksG7GkcsxkIlY-2e=s132
IP 142.250.74.97:443
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint5B:7C:CC:9B:35:65:AF:5C:4A:0A:CA:A9:D5:41:DA:66:86:43:19:CD
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT
File type PNG image data, 132 x 38, 8-bit/color RGBA, non-interlaced\012- data
Hash aa02850e95920597c55cbcf672223d9d
cc0239c8a73595550001ecb9848e25bca3d4fe42
c1cbdbe7eeea4e50e03a2398e7e6b99d4a2d3e6ac8df12450ed6364b137c5918
GET /img/a/AVvXsEg1Bb4a_ggYBlNLzJDWfbKU16_p5DJjSiMCzw6nBhddLjJwDmh9lrxJduiV6b-aCtHpPy0tFrFZsEqEe_ZIDLrDj_Lt5WZKMDbnmUXnNZrgKt4Ebv65AGIxg1RkWNlaJuqDab59sCPgvUseqQ5PrkYchZjobW1FMUUyYXmcmPVTksG7GkcsxkIlY-2e=s132 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v1e2"
expires: Tue, 09 May 2023 10:51:22 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Hasnews_Logo.png"
x-content-type-options: nosniff
date: Mon, 08 May 2023 10:51:22 GMT
server: fife
content-length: 1759
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/img/update-icon.png
172.64.167.9200 OK 22 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/img/update-icon.png
IP 172.64.167.9:443
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type PNG image data, 435 x 438, 8-bit colormap, non-interlaced\012- data
Hash 293e03ff5c8794295c7e2bec46e8c106
b2b71ebe6d4719b2259cd6978a410f2dee026b00
2d268405eca080323e13a2f58d284ab1719403438385d405d75739cb23d063cb
GET /sb/notifications/vpn/default/us/mac/black/2/img/update-icon.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:22 GMT
content-type: image/png
content-length: 22157
last-modified: Fri, 29 Jul 2022 12:34:31 GMT
etag: "62e3d3d7-568d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 15022432
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UvO8USN7j76vmqoOHOpBbS2MSUGCBtZ2oAYHfPc9nwftaQngW22%2BEaq2KZ4t2Azo80p6%2FsAOC4Luc87yeFnU2YdICB2CZ%2FS0FwSU4QVJ8Shd01rEl33iDc%2FgJv%2Bdk399luOizQQ8D%2F5j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4125aaffa47199-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
findingattending.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Findex.html&l=1315&fd=310
173.233.139.164200 OK 0 B URL GET HTTP/1.1 findingattending.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Findex.html&l=1315&fd=310
IP 173.233.139.164:80
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Findex.html&l=1315&fd=310 HTTP/1.1
Host: findingattending.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:22 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
blogger.googleusercontent.com/img/a/AVvXsEgaACvjmILoq6ucPtIYyhJEZdqblmXkcqOTNrgjYQYfFwMu_tbC8iVyHLjiH65pJlr4grHvD42RSHQNWcUIKy2d4MioXsGDzCNXn-wBs_OCH6a0XzBIHBBKH-o4udxEnJ4O7yzndfL2FiEuaoJ4iv_bCrJxNXO4SFho6OmZs4uKeDbRMXdwXlygmA-i=s132
142.250.74.97200 OK 1.8 kB URL GET HTTP/2 blogger.googleusercontent.com/img/a/AVvXsEgaACvjmILoq6ucPtIYyhJEZdqblmXkcqOTNrgjYQYfFwMu_tbC8iVyHLjiH65pJlr4grHvD42RSHQNWcUIKy2d4MioXsGDzCNXn-wBs_OCH6a0XzBIHBBKH-o4udxEnJ4O7yzndfL2FiEuaoJ4iv_bCrJxNXO4SFho6OmZs4uKeDbRMXdwXlygmA-i=s132
IP 142.250.74.97:443
Certificate IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint5B:7C:CC:9B:35:65:AF:5C:4A:0A:CA:A9:D5:41:DA:66:86:43:19:CD
ValidityMon, 17 Apr 2023 08:25:28 GMT - Mon, 10 Jul 2023 08:25:27 GMT
File type PNG image data, 132 x 38, 8-bit/color RGBA, non-interlaced\012- data
Hash aa02850e95920597c55cbcf672223d9d
cc0239c8a73595550001ecb9848e25bca3d4fe42
c1cbdbe7eeea4e50e03a2398e7e6b99d4a2d3e6ac8df12450ed6364b137c5918
GET /img/a/AVvXsEgaACvjmILoq6ucPtIYyhJEZdqblmXkcqOTNrgjYQYfFwMu_tbC8iVyHLjiH65pJlr4grHvD42RSHQNWcUIKy2d4MioXsGDzCNXn-wBs_OCH6a0XzBIHBBKH-o4udxEnJ4O7yzndfL2FiEuaoJ4iv_bCrJxNXO4SFho6OmZs4uKeDbRMXdwXlygmA-i=s132 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v1e4"
expires: Tue, 09 May 2023 10:51:22 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Hasnews_Logo.png"
x-content-type-options: nosniff
date: Mon, 08 May 2023 10:51:22 GMT
server: fife
content-length: 1759
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
findingattending.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fcss%2Fanimate.css&l=79245&fd=358
173.233.139.164200 OK 0 B URL GET HTTP/1.1 findingattending.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fcss%2Fanimate.css&l=79245&fd=358
IP 173.233.139.164:80
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fcss%2Fanimate.css&l=79245&fd=358 HTTP/1.1
Host: findingattending.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:23 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/img/number.png
172.64.167.9200 OK 1.1 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/img/number.png
IP 172.64.167.9:443
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e4414e85c588bf7db195e49c02ab2bb
09254e79b255f1b2dfe45adbbe44583a4b433782
0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762
GET /sb/notifications/vpn/default/us/mac/black/2/img/number.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 08 May 2023 10:51:23 GMT
content-type: image/png
content-length: 1138
last-modified: Wed, 02 Sep 2020 10:55:44 GMT
etag: "5f4f7a30-472"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 15022309
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KgpQAVRgPswbAnNva4P4m2w4M%2FC25KBaVGW7vDHn9FdlObJ2KBO9cAOTNGzs73o99AIiNoGYgKgA8KkKAqcXBIHOPhzfCp%2FyxnRqVR%2FBjsik%2BNYGlHnrfb65idGAvk4YMpyfqHnysc1F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4125ad8f604133-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
findingattending.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fjs%2Fscript.js&l=393&fd=360
173.233.139.164200 OK 0 B URL GET HTTP/1.1 findingattending.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fjs%2Fscript.js&l=393&fd=360
IP 173.233.139.164:80
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fjs%2Fscript.js&l=393&fd=360 HTTP/1.1
Host: findingattending.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:23 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
findingattending.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidbascgAO%2FLiCQfKj4JeLs2mt7TQ%2BooQRFhKa0IHpDszOzzjTjmdXMrteJkIiohHo0F86b56QREEXwBxShDbdKSDFcciAHpP4BCNEzchJh%2BC7fe9%2F7Dm%2FeN19u5yfER06Plz4wm1IputCq%2B7XXbgfBldqK1PmwNozan7bDKzU7eCvwu3X%2F9dp7gq2bhYYf%2BH7gB7UlaUVihgtBENR9yHS%2FG9S7fj1s1INWiKH9P3e5B0c98MEJeRaST57YPwghWQXd%2F%2F6acOuZSd98t58rmhmLAd%2F7WK9rU2j0ZzCxHhK9d74N446WfoTRu6eGYQb%2FLsZyQrxHfyDWe%2BcuEQ92z4zGCkIj5k%2BiGFQQqoKkFZi5C8mPCMA4rq9C9%2B9fN7agG2cqnaoTcunxX5DFhFz6%2FXno%2FsGiksPaLaPyTBrtMExKyGEF2auQ5ofINi9AFodg2ReQ%2FBey8HgFur%2Bz6pSB5MeXk7jdjFvCnw%2BjKJgP2532fNcXyXyn2%2BZJHIadThScJiRlBZlUUGIE6i4idx5y6SFPPOSphz4%2FrnVYGEU8anEqGGvESRAlYRJ2KfMT5je7DeRs%2BoYRsnQEpkZgdgup3cK6HMHmP8GtlXB8Di6bEO%2FDzzHgJQpBUDiCghIUkqDICIpBucuVa7jyPlcuj4Pz3jjvzXJsst423TVZT2iynZ6QZ6bheZf%2FvoN1cVxr%2B4zzKKTU78a80fW5CJqdTsfv8jAJE78BJ0tIdwHUediUE%2FLK0w%2BQygl5au9rxPQQTh2CyZdA85dBi3Gn4YOujcPIx6Y%2BELq%2BRp0WhatrkYGbEml2CdmGt61OyAunZ3z10YsQ7CE5LzBbIrUl7sifCXrq3vimKcjOTVM48sNqmsm%2B3KTTE9%2FKaCbmvn1fbBTG8uVrbvTNVTYVpnD%2FI%2BGyFaq51D1HvluUnAu7ZCwT5MGy%2B0TEN3K3tphbnacrN95ZWu6nVjgnja5A5dFnbTA5IXNXd08%2F73N%2FNiBtBZuX6Oczp9JUYOkWXDqbOUNg1YzHqYciL8e2Ec%2BGShIoMeM0LuH%2Bw%2BMZ3nb30LMeaHYXul9iYEsMVAmqRnD5xXGW2odv%2F9o8LcTKG8fKejuxsuqrs2idPK4x5gsaxJ1ACC5aTcbCNovidtIMOyJq8RYyN%2BG3f3vjHwAAAP%2F%2FAQAA%2F%2F%2BBmwKriQQAAA%3D%3D
173.233.139.164200 OK 7 B URL GET HTTP/1.1 findingattending.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidbascgAO%2FLiCQfKj4JeLs2mt7TQ%2BooQRFhKa0IHpDszOzzjTjmdXMrteJkIiohHo0F86b56QREEXwBxShDbdKSDFcciAHpP4BCNEzchJh%2BC7fe9%2F7Dm%2FeN19u5yfER06Plz4wm1IputCq%2B7XXbgfBldqK1PmwNozan7bDKzU7eCvwu3X%2F9dp7gq2bhYYf%2BH7gB7UlaUVihgtBENR9yHS%2FG9S7fj1s1INWiKH9P3e5B0c98MEJeRaST57YPwghWQXd%2F%2F6acOuZSd98t58rmhmLAd%2F7WK9rU2j0ZzCxHhK9d74N446WfoTRu6eGYQb%2FLsZyQrxHfyDWe%2BcuEQ92z4zGCkIj5k%2BiGFQQqoKkFZi5C8mPCMA4rq9C9%2B9fN7agG2cqnaoTcunxX5DFhFz6%2FXno%2FsGiksPaLaPyTBrtMExKyGEF2auQ5ofINi9AFodg2ReQ%2FBey8HgFur%2Bz6pSB5MeXk7jdjFvCnw%2BjKJgP2532fNcXyXyn2%2BZJHIadThScJiRlBZlUUGIE6i4idx5y6SFPPOSphz4%2FrnVYGEU8anEqGGvESRAlYRJ2KfMT5je7DeRs%2BoYRsnQEpkZgdgup3cK6HMHmP8GtlXB8Di6bEO%2FDzzHgJQpBUDiCghIUkqDICIpBucuVa7jyPlcuj4Pz3jjvzXJsst423TVZT2iynZ6QZ6bheZf%2FvoN1cVxr%2B4zzKKTU78a80fW5CJqdTsfv8jAJE78BJ0tIdwHUediUE%2FLK0w%2BQygl5au9rxPQQTh2CyZdA85dBi3Gn4YOujcPIx6Y%2BELq%2BRp0WhatrkYGbEml2CdmGt61OyAunZ3z10YsQ7CE5LzBbIrUl7sifCXrq3vimKcjOTVM48sNqmsm%2B3KTTE9%2FKaCbmvn1fbBTG8uVrbvTNVTYVpnD%2FI%2BGyFaq51D1HvluUnAu7ZCwT5MGy%2B0TEN3K3tphbnacrN95ZWu6nVjgnja5A5dFnbTA5IXNXd08%2F73N%2FNiBtBZuX6Oczp9JUYOkWXDqbOUNg1YzHqYciL8e2Ec%2BGShIoMeM0LuH%2Bw%2BMZ3nb30LMeaHYXul9iYEsMVAmqRnD5xXGW2odv%2F9o8LcTKG8fKejuxsuqrs2idPK4x5gsaxJ1ACC5aTcbCNovidtIMOyJq8RYyN%2BG3f3vjHwAAAP%2F%2FAQAA%2F%2F%2BBmwKriQQAAA%3D%3D
IP 173.233.139.164:443
Certificate IssuerLet's Encrypt
Subjectfindingattending.com
FingerprintE7:89:CC:29:C7:58:F9:4C:FA:77:07:F4:8D:17:04:3C:90:C7:9D:21
ValidityMon, 01 May 2023 19:16:04 GMT - Sun, 30 Jul 2023 19:16:03 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRidbascgAO%2FLiCQfKj4JeLs2mt7TQ%2BooQRFhKa0IHpDszOzzjTjmdXMrteJkIiohHo0F86b56QREEXwBxShDbdKSDFcciAHpP4BCNEzchJh%2BC7fe9%2F7Dm%2FeN19u5yfER06Plz4wm1IputCq%2B7XXbgfBldqK1PmwNozan7bDKzU7eCvwu3X%2F9dp7gq2bhYYf%2BH7gB7UlaUVihgtBENR9yHS%2FG9S7fj1s1INWiKH9P3e5B0c98MEJeRaST57YPwghWQXd%2F%2F6acOuZSd98t58rmhmLAd%2F7WK9rU2j0ZzCxHhK9d74N446WfoTRu6eGYQb%2FLsZyQrxHfyDWe%2BcuEQ92z4zGCkIj5k%2BiGFQQqoKkFZi5C8mPCMA4rq9C9%2B9fN7agG2cqnaoTcunxX5DFhFz6%2FXno%2FsGiksPaLaPyTBrtMExKyGEF2auQ5ofINi9AFodg2ReQ%2FBey8HgFur%2Bz6pSB5MeXk7jdjFvCnw%2BjKJgP2532fNcXyXyn2%2BZJHIadThScJiRlBZlUUGIE6i4idx5y6SFPPOSphz4%2FrnVYGEU8anEqGGvESRAlYRJ2KfMT5je7DeRs%2BoYRsnQEpkZgdgup3cK6HMHmP8GtlXB8Di6bEO%2FDzzHgJQpBUDiCghIUkqDICIpBucuVa7jyPlcuj4Pz3jjvzXJsst423TVZT2iynZ6QZ6bheZf%2FvoN1cVxr%2B4zzKKTU78a80fW5CJqdTsfv8jAJE78BJ0tIdwHUediUE%2FLK0w%2BQygl5au9rxPQQTh2CyZdA85dBi3Gn4YOujcPIx6Y%2BELq%2BRp0WhatrkYGbEml2CdmGt61OyAunZ3z10YsQ7CE5LzBbIrUl7sifCXrq3vimKcjOTVM48sNqmsm%2B3KTTE9%2FKaCbmvn1fbBTG8uVrbvTNVTYVpnD%2FI%2BGyFaq51D1HvluUnAu7ZCwT5MGy%2B0TEN3K3tphbnacrN95ZWu6nVjgnja5A5dFnbTA5IXNXd08%2F73N%2FNiBtBZuX6Oczp9JUYOkWXDqbOUNg1YzHqYciL8e2Ec%2BGShIoMeM0LuH%2Bw%2BMZ3nb30LMeaHYXul9iYEsMVAmqRnD5xXGW2odv%2F9o8LcTKG8fKejuxsuqrs2idPK4x5gsaxJ1ACC5aTcbCNovidtIMOyJq8RYyN%2BG3f3vjHwAAAP%2F%2FAQAA%2F%2F%2BBmwKriQQAAA%3D%3D HTTP/1.1
Host: findingattending.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Cookie: u_pl=19199338; uid_id2=fb63b5e0-4881-4676-90ef-796dfb447781:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:23 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 91fd4e6b33e6f50d3f8979d133d14322
Strict-Transport-Security: max-age=0; includeSubdomains
findingattending.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fcss%2Fstyle.css&l=4644&fd=377
192.243.59.13200 OK 0 B URL GET HTTP/1.1 findingattending.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fcss%2Fstyle.css&l=4644&fd=377
IP 192.243.59.13:80
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fvpn%2Fdefault%2Fus%2Fmac%2Fblack%2F2%2Fcss%2Fstyle.css&l=4644&fd=377 HTTP/1.1
Host: findingattending.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:23 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/js/script.js
172.64.167.9200 OK 189 B URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/js/script.js
IP 172.64.167.9:443
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
Hash 070a04d0e3616aeaa6fb029f8f2af992
e2132bbba4d32e9bce75372f3c78994d16e4d660
0ddb83ecd3c2ba5e36e0ad715130196d3fc6cf2eac0c1fc9a2ad587987eebff3
GET /sb/notifications/vpn/default/us/mac/black/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:22 GMT
content-type: application/javascript
last-modified: Wed, 02 Sep 2020 10:55:46 GMT
etag: W/"5f4f7a32-189"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BRhyobFRRNd5R%2BK4O%2FNFCBpQMsHUzLz%2BxW8pvyaX1tVHieY93H0nyMbT1E5Jbvl54dbJTGewWpzmeY8kjuUusqJ8ZfIafOvx3zfFG2uLhuhUZs73EcLCMeWdfCEOQpAyPzOswV83Xfaw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4125aacf6a7199-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
findingattending.com/pixel/sbs?c=1
173.233.139.164200 OK 0 B URL GET HTTP/1.1 findingattending.com/pixel/sbs?c=1
IP 173.233.139.164:443
Certificate IssuerLet's Encrypt
Subjectfindingattending.com
FingerprintE7:89:CC:29:C7:58:F9:4C:FA:77:07:F4:8D:17:04:3C:90:C7:9D:21
ValidityMon, 01 May 2023 19:16:04 GMT - Sun, 30 Jul 2023 19:16:03 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: findingattending.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Cookie: u_pl=19199338; uid_id2=fb63b5e0-4881-4676-90ef-796dfb447781:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:23 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/fonts/SFUIDisplay-Regular.woff2
172.64.167.9200 OK 43 kB URL GET HTTP/3 cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/fonts/SFUIDisplay-Regular.woff2
IP 172.64.167.9:443
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type Web Open Font Format (Version 2), TrueType, length 42576, version 1.0\012- data
Hash 2a7d15a301e2045942980e8544ccfbb5
71adf9d8bcff90f86a96b1d21e847bf5d79b3c0e
474b4d7266171e03c8efcd904e8010bd8cb11a068d5e67b5450bc46d768a41e9
GET /sb/notifications/vpn/default/us/mac/black/2/fonts/SFUIDisplay-Regular.woff2 HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 08 May 2023 10:51:23 GMT
content-type: application/octet-stream
content-length: 42576
last-modified: Fri, 29 Jul 2022 12:34:08 GMT
etag: "62e3d3c0-a650"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1m%2BAGwNttYw4U5EYkShY42nEIwnERLspYl3juT9vnypIO5sYlDDS2uPAQ%2F6gtQjlfCiSI%2Bk6MndciboiJUd25ZFbdxOiT5UThcmXd2pbeRJSJ8Olytf%2BGzlSa17rH0d4okQbz9lW6Hdj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4125ad8f694133-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.barscreative1.com/sb/notifications/vpn/default/us/mac/black/2/index.html
45.133.44.3200 OK 1.3 kB URL GET HTTP/2 cdn.barscreative1.com/sb/notifications/vpn/default/us/mac/black/2/index.html
IP 45.133.44.3:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintD7:F2:D3:47:0C:43:94:F7:D3:3B:42:E5:1A:61:6E:85:4E:72:C0:25
ValidityThu, 16 Mar 2023 00:04:28 GMT - Wed, 14 Jun 2023 00:04:27 GMT
File type HTML document text\012- HTML document, ASCII text, with very long lines (1401), with no line terminators
Hash 5f893a1b2ebdae2c19df0cb4bd5ecf24
4bba44c8f5a6fa858268bcd208bb327f043b6d0a
0ea0182cdaff5d4386002a3ed51f4d7030c005da6b19199786c1fa144d4ef541
GET /sb/notifications/vpn/default/us/mac/black/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:22 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 02 Sep 2020 10:55:17 GMT
etag: W/"5f4f7a15-523"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Mon, 08 May 2023 11:51:22 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/css/animate.css
172.64.167.9200 OK 79 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/css/animate.css
IP 172.64.167.9:443
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
Hash 80047eaa13ebd50c50e8a9753621e430
9c503e07d130572a0eaf51f7c02cbd4cf6213fe3
3f831a59615f8d5d40b4340b2836f91438c876f8dbce75f78e38360d6fe0f429
GET /sb/notifications/vpn/default/us/mac/black/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:22 GMT
content-type: text/css
last-modified: Wed, 02 Sep 2020 10:55:20 GMT
etag: W/"5f4f7a18-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lsl4PwKt1CEknyMhbu7dmb8Gx6qqP7jK3f9cGkaQ6zzS%2F8kA%2Bm40lxvrHnnhk4KWgjx2j5%2B%2FPMkQorQvncSEuABCsRltA53gFUUKyQ7LVCOmAgS7qmu68YzI%2FaR3S3o%2FoH6FOtdlOTdr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4125aacf647199-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=fb63b5e0-4881-4676-90ef-796dfb447781&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=60cdd84aa09bd290de1377709d4f4f02&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10
192.243.59.20200 OK 0 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=fb63b5e0-4881-4676-90ef-796dfb447781&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=60cdd84aa09bd290de1377709d4f4f02&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10
IP 192.243.59.20:80
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=fb63b5e0-4881-4676-90ef-796dfb447781&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=60cdd84aa09bd290de1377709d4f4f02&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 08 May 2023 10:51:23 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 21cc764aabbbf6ecec4541a733f816f2
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/css/style.css
172.64.167.9200 OK 4.6 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/notifications/vpn/default/us/mac/black/2/css/style.css
IP 172.64.167.9:443
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type ASCII text, with very long lines (4925), with no line terminators
Hash 5a273ffec732a4c81c8b9208965c6bf2
754f504cd29034a66c91ef8c153ffab1f3674a86
26be0b9d0a29efcf61404724d67c707c1b59a334e5bbc5b3bcab7051d70423e7
GET /sb/notifications/vpn/default/us/mac/black/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://en.hasnews.net
DNT: 1
Connection: keep-alive
Referer: http://en.hasnews.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 08 May 2023 10:51:22 GMT
content-type: text/css
last-modified: Fri, 29 Jul 2022 12:34:16 GMT
etag: W/"62e3d3c8-1224"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=svty7h9oXFSUrvgJumzOeEcVfCZ2xqENL42481HOcqmISSgMfkVvd6Cvu7jPRnjDanQd73LzKsSA2XGdzJArPSkdNQ%2Fmyt3aml7C4rU6iSs6SJ6I%2FHNi4j%2BBZ44VqlZU9QAyjvlARx8m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c4125aadf777199-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2