news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
193.108.117.25200 OK 7.1 kB URL HTTP/1.1 news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
IP 193.108.117.25:0
ASN #61003 GlobalTeleHost Corp.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2071)
Hash 9c9f9bdfc442cf0cf288dd9b290dbcff
7700e792d219beefb338a9e5910ce2f5655e0477
bac222343878d6ca6880687d132221b016c935943a8b198762c9fb6186ea8ae6
GET /lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4 HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D; expires=Fri, 31-Mar-2023 14:44:47 GMT; Max-Age=3600; path=/
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7504
Expires: Fri, 31 Mar 2023 15:49:52 GMT
Date: Fri, 31 Mar 2023 13:44:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b93010cbf31ba3ec785b4088e5d0f529
c0f1ab8a2aae3c445a8f24959a4eea433a345caf
2cc1a5865dee7636b82a68deddd3aff8b697e846e37789a694cc3c7c47340590
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CC1A5865DEE7636B82A68DEDDD3AFF8B697E846E37789A694CC3C7C47340590"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9614
Expires: Fri, 31 Mar 2023 16:25:02 GMT
Date: Fri, 31 Mar 2023 13:44:48 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Length, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 31 Mar 2023 13:16:12 GMT
content-type: application/json
age: 1716
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 76218c893040d958ae1c4231cdd2133c
6a7b336dee91d4aec26ace0a5883ecdfac52e68f
d35492b04d16ed00e9e195e7c84c99aa6a2b8a93abeb656baae0918986f0a7e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D35492B04D16ED00E9E195E7C84C99AA6A2B8A93ABEB656BAAE0918986F0A7E4"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3678
Expires: Fri, 31 Mar 2023 14:46:06 GMT
Date: Fri, 31 Mar 2023 13:44:48 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WLvLiyAuavVinPUhOohL0doG9d0gqHelU+ehNxO7Iu5tjE0xN53aCuokLk0CPe/67TnLXo99HWJbfa0UohB2eQ==
x-amz-request-id: VMGSWC7RNRC98964
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 31 Mar 2023 13:03:21 GMT
age: 2487
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:48 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
news-donidi.com/lands/53/css/style.css
193.108.117.25200 OK 6.8 kB URL HTTP/1.1 news-donidi.com/lands/53/css/style.css
IP 193.108.117.25:0
ASN #61003 GlobalTeleHost Corp.
Hash e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4
GET /lands/53/css/style.css HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:48 GMT
Content-Type: text/css
Content-Length: 6750
Last-Modified: Fri, 20 Aug 2021 13:24:46 GMT
Connection: keep-alive
ETag: "611fad1e-1a5e"
Accept-Ranges: bytes
news-donidi.com/lands/53/js/device.js
193.108.117.25200 OK 7.4 kB URL HTTP/1.1 news-donidi.com/lands/53/js/device.js
IP 193.108.117.25:0
ASN #61003 GlobalTeleHost Corp.
File type HTML document, ASCII text
Hash 46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/js/device.js HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:48 GMT
Content-Type: application/javascript
Content-Length: 7364
Last-Modified: Fri, 20 Aug 2021 13:24:46 GMT
Connection: keep-alive
ETag: "611fad1e-1cc4"
Accept-Ranges: bytes
news-donidi.com/revopush.js?v=4
193.108.117.25200 OK 10 kB URL HTTP/1.1 news-donidi.com/revopush.js?v=4
IP 193.108.117.25:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (9954), with no line terminators
Hash fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0
Analyzer Verdict Alert fortinet Phishing
GET /revopush.js?v=4 HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:48 GMT
Content-Type: application/javascript
Content-Length: 9954
Last-Modified: Thu, 15 Dec 2022 09:31:10 GMT
Connection: keep-alive
ETag: "639ae95e-26e2"
Accept-Ranges: bytes
news-donidi.com/lands/53/images/spinning-circles2.svg
193.108.117.25200 OK 503 B URL HTTP/1.1 news-donidi.com/lands/53/images/spinning-circles2.svg
IP 193.108.117.25:0
ASN #61003 GlobalTeleHost Corp.
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:48 GMT
Content-Type: image/svg+xml
Content-Length: 503
Last-Modified: Fri, 20 Aug 2021 13:24:46 GMT
Connection: keep-alive
ETag: "611fad1e-1f7"
Accept-Ranges: bytes
news-donidi.com/traffback-reject.php?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4&land=53
193.108.117.25200 OK 48 B URL HTTP/1.1 news-donidi.com/traffback-reject.php?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4&land=53
IP 193.108.117.25:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with no line terminators
Hash ee3967fa9cbb786093ab5ab35e33e166
df282d0e02f3d54b038694c8270f88080a2d1c24
d6c4aa081dcd752e5d4d511907fdd040404578833c4cb31dcc299cf22dab8186
GET /traffback-reject.php?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4&land=53 HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
Connection: keep-alive
Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
news-donidi.com/lands/53/images/video.gif
193.108.117.25200 OK 500 kB URL HTTP/1.1 news-donidi.com/lands/53/images/video.gif
IP 193.108.117.25:0
ASN #61003 GlobalTeleHost Corp.
File type GIF image data, version 89a, 320 x 180\012- data
Size 500 kB (500082 bytes)
Hash 2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
GET /lands/53/images/video.gif HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:48 GMT
Content-Type: image/gif
Content-Length: 500082
Last-Modified: Fri, 20 Aug 2021 13:24:46 GMT
Connection: keep-alive
ETag: "611fad1e-7a172"
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ae064c74a3769d42109473ad05d56fb9
d48029ab8568cee6ab7416d3b476ed792d780a56
9852216f395a42f7b4792e852f9f9fa83e07d917a979237d5d7406a1d74edc4f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9852216F395A42F7B4792E852F9F9FA83E07D917A979237D5D7406A1D74EDC4F"
Last-Modified: Wed, 29 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11481
Expires: Fri, 31 Mar 2023 16:56:09 GMT
Date: Fri, 31 Mar 2023 13:44:48 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Backoff, Last-Modified, Alert, Content-Length, Pragma, Cache-Control, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 31 Mar 2023 13:14:39 GMT
age: 1809
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.117.65.55101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.117.65.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lnlHqRTULdyygEyl1/kFjQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: AlXMtQ5OZelLZfFprXN+//1XG3s=
Date: Fri, 31 Mar 2023 13:44:48 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
news-ziperu.com/revopush.js?v=4
193.108.118.196200 OK 10 kB URL HTTP/2 news-ziperu.com/revopush.js?v=4
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (9954), with no line terminators
Hash fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0
Analyzer Verdict Alert fortinet Phishing
GET /revopush.js?v=4 HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:10 GMT
etag: "639ae95e-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15599
Expires: Fri, 31 Mar 2023 18:04:49 GMT
Date: Fri, 31 Mar 2023 13:44:50 GMT
Connection: keep-alive
news-ziperu.com/lands/53/css/style.css
193.108.118.196200 OK 6.8 kB URL HTTP/2 news-ziperu.com/lands/53/css/style.css
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
Hash e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4
GET /lands/53/css/style.css HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: text/css
content-length: 6750
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1a5e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-ziperu.com/lands/53/images/spinning-circles2.svg
193.108.118.196200 OK 503 B URL HTTP/2 news-ziperu.com/lands/53/images/spinning-circles2.svg
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15599
Expires: Fri, 31 Mar 2023 18:04:49 GMT
Date: Fri, 31 Mar 2023 13:44:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15599
Expires: Fri, 31 Mar 2023 18:04:49 GMT
Date: Fri, 31 Mar 2023 13:44:50 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a2b8f737604b7983cf686c82599dc73
aa63be93c4cd641f09ce0d5144ef60aab21caed1
78835586bfd170fee7e6f70b2b426ed186f5aeae969459c6dcbf527ba9c0deec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6380
x-amzn-requestid: 0a129a69-0720-47a0-8b0e-b3200de24204
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUn6E19IAMF9SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260165-564474a42e79d1dc4eb9558f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 3paQf8BhyRcZoZNox8660Zyzz0WaiQxJuHmDbj4wpo-rgbDdkxrYgQ==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:47:23 GMT
age: 57447
etag: "aa63be93c4cd641f09ce0d5144ef60aab21caed1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39bdd16276747b1445a79e674a2a3347
d0676f63738484298a78b7abf7e4934c3d256065
67aa526299060c2a39c4baa10fd03f121497dccd5e765676639ed73ac529c34b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11061
x-amzn-requestid: 428128ec-c441-4ff7-9c84-880a01672b00
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnVFnFf0IAMFTvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260223-185c48300f161931310fa35f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:41:55 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: gc77o7y-moH1HuMEZFe9-00DVAda9baa-5VEPlMA4SIZDJNzQ8jUlA==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:49:08 GMT
etag: "d0676f63738484298a78b7abf7e4934c3d256065"
content-type: image/jpeg
age: 57342
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F008df6b4-92c5-423a-a32e-4ab5016464ba.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F008df6b4-92c5-423a-a32e-4ab5016464ba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5d955ec5d3a9f655e4ca0523acfd039
e8b2cd28a02a2cee1b4e57c57570f2598721ff57
e7753ef91d6f04dce00f83cb1ba3ea4f1abb52140993fbee375e506597cee529
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F008df6b4-92c5-423a-a32e-4ab5016464ba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6970
x-amzn-requestid: 9f7a82d7-dbba-4c67-a330-6a7f2b68177d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cdn3zGn7oAMFwNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64222031-1d97c16f7a9c163c02fe72ac;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 23:01:05 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: JMvV8caOiRMRcDrT78aodKrihx7EcnIjnvOfbFIptyCxV-PB0_zfuA==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 04:19:18 GMT
age: 33932
etag: "e8b2cd28a02a2cee1b4e57c57570f2598721ff57"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
193.108.118.196200 OK 13 kB URL HTTP/2 news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
Hash 0baaea3cb11aa778fad77038e9289131
17675ad1de96e34a6d2021fa6258c55c5e5e21aa
fb0849380713f16d90cdcb1115bb20630dd61eb40e072d58d89279f4a78b3080
GET /lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4= HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://news-donidi.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
set-cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D; expires=Fri, 31-Mar-2023 14:44:50 GMT; Max-Age=3600; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 876e5464aba1639f3b07b07d1d694514
93885a6205be71d16187782b1803f53d5c8538cb
6e2b6b15f462922a9e8260f55cfcd94d488d1a48435458db43270ea3b825d8c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13775
x-amzn-requestid: 43d1a1f3-b189-4fcd-a298-429123d1921b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUloF9woAMFU4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-13778451622503253ea252eb;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: bXA995GxGti4_AzSi9F19ZNvUwm5_ZSBw0BB0lRIfNHcmX7Ajt6bSg==
via: 1.1 8731d2a1a7d15f67b588bf58f652f9f0.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:46:36 GMT
age: 57494
etag: "93885a6205be71d16187782b1803f53d5c8538cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
news-ziperu.com/lands/53/js/device.js
193.108.118.196200 OK 7.4 kB URL HTTP/2 news-ziperu.com/lands/53/js/device.js
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
File type HTML document, ASCII text
Hash 46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/js/device.js HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: c00efe5b-7fdb-445a-a924-75ddd461b72b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: COQPtHizoAMF7-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bfa64-3eb90ae703b78e8a06130540;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 07:06:12 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: nZfXy-IsoHliuLodEocEZlH-IvmIV9G-noSmSEU1wmuMPfBx3rLJ9w==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 00:11:32 GMT
age: 48798
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
news-ziperu.com/lands/53/images/video.gif
193.108.118.196200 OK 500 kB URL HTTP/2 news-ziperu.com/lands/53/images/video.gif
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
File type GIF image data, version 89a, 320 x 180\012- data
Size 500 kB (500082 bytes)
Hash 2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
GET /lands/53/images/video.gif HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-7a172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-ziperu.com/sw.js
193.108.118.196200 OK 4.3 kB IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (4286), with no line terminators
Hash 5a725e8f3453d50e7d5105d015eaad7e
60b9e2d121650005f4c0c0e4e01638f3c22f8225
f70f159259ede98f8a95bc29f27b230c3eb9b9fa3099992bc600e1c4656e70c4
Analyzer Verdict Alert fortinet Phishing
GET /sw.js HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: application/javascript
content-length: 4286
last-modified: Fri, 24 Feb 2023 15:11:00 GMT
etag: "63f8d384-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-ziperu.com/favicon.ico
193.108.118.196200 OK 1.2 kB URL HTTP/2 news-ziperu.com/favicon.ico
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e
GET /favicon.ico HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 20 Jul 2019 16:00:28 GMT
etag: "5d333a9c-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
151.101.194.217200 OK 20 kB URL HTTP/2 browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP 151.101.194.217:0
File type ASCII text, with very long lines (62031)
Hash 1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44
GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Fri, 31 Mar 2023 13:44:50 GMT
age: 6320223
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2
1.news-ziperu.com/revopush.js?v=4
149.7.16.217200 OK 10 kB URL HTTP/2 1.news-ziperu.com/revopush.js?v=4
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type ASCII text, with very long lines (9954), with no line terminators
Hash fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0
GET /revopush.js?v=4 HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:18 GMT
etag: "639ae966-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ziperu.com/lands/53/css/style.css
149.7.16.217200 OK 6.8 kB URL HTTP/2 1.news-ziperu.com/lands/53/css/style.css
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
Hash e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4
GET /lands/53/css/style.css HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: text/css
content-length: 6750
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1a5e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ziperu.com/lands/53/images/spinning-circles2.svg
149.7.16.217200 OK 503 B URL HTTP/2 1.news-ziperu.com/lands/53/images/spinning-circles2.svg
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ziperu.com/lands/53/js/device.js
149.7.16.217200 OK 7.4 kB URL HTTP/2 1.news-ziperu.com/lands/53/js/device.js
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type HTML document, ASCII text
Hash 46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/js/device.js HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ziperu.com/sw.js
149.7.16.217200 OK 4.3 kB IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type ASCII text, with very long lines (4286), with no line terminators
Hash 5a725e8f3453d50e7d5105d015eaad7e
60b9e2d121650005f4c0c0e4e01638f3c22f8225
f70f159259ede98f8a95bc29f27b230c3eb9b9fa3099992bc600e1c4656e70c4
Analyzer Verdict Alert fortinet Phishing
GET /sw.js HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: application/javascript
content-length: 4286
last-modified: Fri, 24 Feb 2023 16:07:29 GMT
etag: "63f8e0c1-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ziperu.com/lands/53/images/video.gif
149.7.16.217200 OK 500 kB URL HTTP/2 1.news-ziperu.com/lands/53/images/video.gif
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type GIF image data, version 89a, 320 x 180\012- data
Size 500 kB (500082 bytes)
Hash 2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
GET /lands/53/images/video.gif HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-7a172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ziperu.com/favicon.ico
149.7.16.217200 OK 1.2 kB URL HTTP/2 1.news-ziperu.com/favicon.ico
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e
GET /favicon.ico HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 20 Jul 2019 16:00:28 GMT
etag: "5d333a9c-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
151.101.194.217200 OK 20 kB URL HTTP/2 browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP 151.101.194.217:0
File type ASCII text, with very long lines (62031)
Hash 1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44
GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Fri, 31 Mar 2023 13:44:51 GMT
age: 6320224
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2
2.news-ziperu.com/revopush.js?v=4
149.7.16.217200 OK 10 kB URL HTTP/2 2.news-ziperu.com/revopush.js?v=4
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type ASCII text, with very long lines (9954), with no line terminators
Hash fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0
GET /revopush.js?v=4 HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:18 GMT
etag: "639ae966-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
149.7.16.217200 OK 6.8 kB URL HTTP/2 1.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
Hash 6be721bf9da66ed3e5ba9ef44001bd85
6cb0665ec519565ecd917864fa116cc80b16489f
a0e6d8e8ac6cb38c58318993257b82fec78756f45f87664d914c875c092e616e
GET /traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53 HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
149.7.16.217200 OK 7.6 kB URL HTTP/2 2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
Hash fb340393b0e8a92d676abb18479c6a12
de017a7362c2919de131f99244d6337c72b58df9
e6f3eea26ef1f29281b040f3be15f7ba799534eca2feacdad3caada51ef51745
GET /lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4= HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
set-cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D; expires=Fri, 31-Mar-2023 14:44:51 GMT; Max-Age=3600; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
2.news-ziperu.com/lands/53/images/video.gif
149.7.16.217200 OK 500 kB URL HTTP/2 2.news-ziperu.com/lands/53/images/video.gif
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type GIF image data, version 89a, 320 x 180\012- data
Size 500 kB (500082 bytes)
Hash 2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
GET /lands/53/images/video.gif HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-7a172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-ziperu.com/lands/53/js/device.js
149.7.16.217200 OK 7.4 kB URL HTTP/2 2.news-ziperu.com/lands/53/js/device.js
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type HTML document, ASCII text
Hash 46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/js/device.js HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-ziperu.com/sw.js
149.7.16.217200 OK 4.3 kB IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type ASCII text, with very long lines (4286), with no line terminators
Hash 5a725e8f3453d50e7d5105d015eaad7e
60b9e2d121650005f4c0c0e4e01638f3c22f8225
f70f159259ede98f8a95bc29f27b230c3eb9b9fa3099992bc600e1c4656e70c4
Analyzer Verdict Alert fortinet Phishing
GET /sw.js HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: application/javascript
content-length: 4286
last-modified: Fri, 24 Feb 2023 16:07:29 GMT
etag: "63f8e0c1-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-ziperu.com/favicon.ico
149.7.16.217200 OK 1.2 kB URL HTTP/2 2.news-ziperu.com/favicon.ico
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e
GET /favicon.ico HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 20 Jul 2019 16:00:28 GMT
etag: "5d333a9c-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
151.101.194.217200 OK 20 kB URL HTTP/2 browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP 151.101.194.217:0
File type ASCII text, with very long lines (62031)
Hash 1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44
GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ziperu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Fri, 31 Mar 2023 13:44:51 GMT
age: 6320224
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2
3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
149.7.16.217200 OK 17 kB URL HTTP/2 3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
Hash 2ce3798636e7acb5f1bc822652dcec90
52374a491f49134e2312c04fac669d1433ee6a8f
d619649ac856dc45816df95f597cf0318aba042a13a30522c816c4cfa2a721b3
GET /lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4= HTTP/1.1
Host: 3.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ziperu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
set-cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D; expires=Fri, 31-Mar-2023 14:44:52 GMT; Max-Age=3600; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
3.news-ziperu.com/lands/53/css/style.css
149.7.16.217200 OK 6.8 kB URL HTTP/2 3.news-ziperu.com/lands/53/css/style.css
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
Hash e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4
GET /lands/53/css/style.css HTTP/1.1
Host: 3.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: text/css
content-length: 6750
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1a5e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
3.news-ziperu.com/lands/53/images/spinning-circles2.svg
149.7.16.217200 OK 503 B URL HTTP/2 3.news-ziperu.com/lands/53/images/spinning-circles2.svg
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: 3.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
3.news-ziperu.com/lands/53/images/video.gif
149.7.16.217200 OK 500 kB URL HTTP/2 3.news-ziperu.com/lands/53/images/video.gif
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type GIF image data, version 89a, 320 x 180\012- data
Size 500 kB (500082 bytes)
Hash 2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
GET /lands/53/images/video.gif HTTP/1.1
Host: 3.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-7a172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
3.news-ziperu.com/lands/53/js/device.js
149.7.16.217200 OK 7.4 kB URL HTTP/2 3.news-ziperu.com/lands/53/js/device.js
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type HTML document, ASCII text
Hash 46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/js/device.js HTTP/1.1
Host: 3.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
149.7.16.217200 OK 4.4 kB URL HTTP/2 2.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
Hash 835de90ed531f956e6eb79d286ca5092
10240fdcdb1faf02827b72a2b3b51c95b48c86b3
ac339323bcd5056ef8a256126c311ae36ab303aa9c8b5efe70c13926c1088e8a
GET /traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53 HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
193.108.118.196200 OK 8.4 kB URL HTTP/2 news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
Hash 56624580ba0895d631c45767867e6487
51b04bc6ed7fedc348a7d4cb20c2b9ffa7c6bf34
874bfe728ae2234889f636414bfc90c32a6b4eb86b130d8b14f89bc2b2c273fa
GET /traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53 HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
151.101.194.217200 OK 20 kB URL HTTP/2 browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP 151.101.194.217:0
File type ASCII text, with very long lines (62031)
Hash 1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44
GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-ziperu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Fri, 31 Mar 2023 13:44:52 GMT
age: 6320224
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2
3.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
149.7.16.217200 OK 17 kB URL HTTP/2 3.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
Hash 13d4e0a1e1c16b4870444bf151d03022
7da93902502603da449494d0ef722bcf0ce2ae55
6c91ed4850bf43dd0b2dd4a606e566c103729cf1560e809e78fa95c66c9d19ed
GET /traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53 HTTP/1.1
Host: 3.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
4.news-ziperu.com/lands/53/css/style.css
149.7.16.217200 OK 6.8 kB URL HTTP/2 4.news-ziperu.com/lands/53/css/style.css
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
Hash e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4
GET /lands/53/css/style.css HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: text/css
content-length: 6750
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1a5e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
4.news-ziperu.com/lands/53/images/spinning-circles2.svg
149.7.16.217200 OK 503 B URL HTTP/2 4.news-ziperu.com/lands/53/images/spinning-circles2.svg
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
4.news-ziperu.com/lands/53/images/video.gif
149.7.16.217200 OK 500 kB URL HTTP/2 4.news-ziperu.com/lands/53/images/video.gif
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type GIF image data, version 89a, 320 x 180\012- data
Size 500 kB (500082 bytes)
Hash 2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
GET /lands/53/images/video.gif HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-7a172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
4.news-ziperu.com/lands/53/js/device.js
149.7.16.217200 OK 7.4 kB URL HTTP/2 4.news-ziperu.com/lands/53/js/device.js
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type HTML document, ASCII text
Hash 46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/js/device.js HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
4.news-ziperu.com/sw.js
149.7.16.217200 OK 4.3 kB IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type ASCII text, with very long lines (4286), with no line terminators
Hash 5a725e8f3453d50e7d5105d015eaad7e
60b9e2d121650005f4c0c0e4e01638f3c22f8225
f70f159259ede98f8a95bc29f27b230c3eb9b9fa3099992bc600e1c4656e70c4
Analyzer Verdict Alert fortinet Phishing
GET /sw.js HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: application/javascript
content-length: 4286
last-modified: Fri, 24 Feb 2023 16:07:29 GMT
etag: "63f8e0c1-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
4.news-ziperu.com/favicon.ico
149.7.16.217200 OK 1.2 kB URL HTTP/2 4.news-ziperu.com/favicon.ico
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e
GET /favicon.ico HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 20 Jul 2019 16:00:28 GMT
etag: "5d333a9c-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
151.101.194.217200 OK 20 kB URL HTTP/2 browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP 151.101.194.217:0
File type ASCII text, with very long lines (62031)
Hash 1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44
GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-ziperu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Fri, 31 Mar 2023 13:44:52 GMT
age: 6320225
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2
l1kbg.webout.life/
136.243.92.2200 OK 1.6 kB IP 136.243.92.2:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 67c4a8a84684c5023da1903f9c25808c
dac8aa65f59ccb01aaf2686a051c6fef70dddcfd
2ab6f87d5d49e4e154c64d12916f1918fc55503cffead114a2401a8378a3c65b
GET / HTTP/1.1
Host: l1kbg.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4.news-ziperu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:53 GMT
content-type: text/html; charset=UTF-8
content-length: 1563
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7117d0725779b203269d6c54c3ccedcf
24f4e806fd15c39484288a88c67117c918ce0829
ecfdfee4723c973d404d5e580a8cead357de755354328bfa40c1041350a76504
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 13:44:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7117d0725779b203269d6c54c3ccedcf
24f4e806fd15c39484288a88c67117c918ce0829
ecfdfee4723c973d404d5e580a8cead357de755354328bfa40c1041350a76504
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 13:44:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bf29feb5d124115ffaf0b00e89ab0309
693d2ad3694d3171af6545ef4758855127b2e669
40c67d04ae6c3d13fd0a77cf0c804660a5498d0c24425162f8e21c86d9e85eb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 13:44:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bf29feb5d124115ffaf0b00e89ab0309
693d2ad3694d3171af6545ef4758855127b2e669
40c67d04ae6c3d13fd0a77cf0c804660a5498d0c24425162f8e21c86d9e85eb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 13:44:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l1kbg.webout.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:10 GMT
expires: Wed, 27 Mar 2024 10:31:10 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 270823
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l1kbg.webout.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:23 GMT
expires: Wed, 27 Mar 2024 10:31:23 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 270810
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
l1kbg.webout.life/images/simple/adult/background.jpg
136.243.92.2200 OK 151 kB URL HTTP/2 l1kbg.webout.life/images/simple/adult/background.jpg
IP 136.243.92.2:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=2667, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=4000], baseline, precision 8, 4000x2667, components 3\012- data
Size 151 kB (151270 bytes)
Hash d06243db5eaed3c22dd6794f0384be16
752c841153c3fc67482180d49c8492021def9817
9f4e5aae6461b0d857a26e03d10a44ccc41db096b257a33c5c58f6961b32ad30
GET /images/simple/adult/background.jpg HTTP/1.1
Host: l1kbg.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://l1kbg.webout.life/css/simple/adult.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:53 GMT
content-type: image/jpeg
content-length: 151270
last-modified: Tue, 29 Mar 2022 11:54:01 GMT
etag: "6242f359-24ee6"
expires: Mon, 03 Apr 2023 13:44:53 GMT
cache-control: max-age=259200, public, must_revalidate
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bf29feb5d124115ffaf0b00e89ab0309
693d2ad3694d3171af6545ef4758855127b2e669
40c67d04ae6c3d13fd0a77cf0c804660a5498d0c24425162f8e21c86d9e85eb1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 13:44:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
l1kbg.webout.life/site/set-cache
136.243.92.2200 OK 1 B URL HTTP/2 l1kbg.webout.life/site/set-cache
IP 136.243.92.2:0
ASN #24940 Hetzner Online GmbH
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /site/set-cache HTTP/1.1
Host: l1kbg.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l1kbg.webout.life/
Content-Type: application/json
Origin: https://l1kbg.webout.life
Content-Length: 226
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:53 GMT
content-type: text/html; charset=UTF-8
content-length: 1
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: content-type
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0530376e431b6563796e4abb0db0bc4e
6921f4bd83a806e1ea8247854ad4c045fa7ee298
d6371c81d5494d5e50fd5cc1cfe1ce28213dfa70ea5a94df82c9f4b3e6430a53
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10490
x-amzn-requestid: 0525e5c4-485e-47eb-ab95-1136e4d5c29a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUnTEztoAMFzMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260161-54b47454475ff6ee4d880534;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:41 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: AdbJgoCBGJGvjP53lBj3_GWyuRF8O_fgNTPPEjUmFmyRxMQl2pgTzw==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:54:29 GMT
age: 57028
etag: "6921f4bd83a806e1ea8247854ad4c045fa7ee298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
eighter.fun/6mdkxB29
104.21.59.197302 Found 0 B IP 104.21.59.197:0
Analyzer Verdict Alert fortinet Malware
GET /6mdkxB29 HTTP/1.1
Host: eighter.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news-donidi.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 31 Mar 2023 13:44:48 GMT
content-type: text/html; charset=UTF-8
location: https://news-ziperu.com/tds.php?sid=8060051&p1=s8hnpa108pvu1&domain=news-ziperu.com
cache-control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
expires: 0
last-modified: Fri, 31 Mar 2023 13:44:48 GMT
pragma: no-cache
set-cookie: _subid=s8hnpa108pvu1;Expires=Monday, 01-May-2023 13:44:48 GMT;Max-Age=2678400;Path=/
_token=uuid_s8hnpa108pvu1_s8hnpa108pvu16426e3d0acd461.65399676;Expires=Monday, 01-May-2023 13:44:48 GMT;Max-Age=2678400;Path=/
330d8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwNjVcIjoxNjgwMjcwMjg4fSxcImNhbXBhaWduc1wiOntcIjIzMFwiOjE2ODAyNzAyODh9LFwidGltZVwiOjE2ODAyNzAyODh9In0.7ExX7cn1_jQifMHirFIC6qcnkGcaBA_OFnptYRGgCV8;Expires=Monday, 29-Jun-2076 03:29:36 GMT;Max-Age=1680356688;Path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hg9mqLR4jZVHrtwzrd%2BrQzWulxhuGWDHK06IBrH9SGi8WSZzgR16P7AER8pRAwGtkFvku3FRwPISWDNeDduEMood%2B8R3vMv63Wi54nXOUKmH1sDdVQ1c8%2BUTdPC2zw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b090777ef1ab4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
4.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
149.7.16.217200 OK 0 B URL HTTP/2 4.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
IP 149.7.16.217:0
ASN #63023 AS-GLOBALTELEHOST
GET /traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53 HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
l1kbg.webout.life/css/simple/adult.css
136.243.92.2200 OK 0 B URL HTTP/2 l1kbg.webout.life/css/simple/adult.css
IP 136.243.92.2:0
ASN #24940 Hetzner Online GmbH
GET /css/simple/adult.css HTTP/1.1
Host: l1kbg.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://l1kbg.webout.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:53 GMT
content-type: text/css
last-modified: Tue, 29 Mar 2022 11:54:01 GMT
etag: W/"6242f359-db2"
expires: Mon, 03 Apr 2023 13:44:53 GMT
cache-control: max-age=259200, public, must_revalidate
content-encoding: br
X-Firefox-Spdy: h2
l1kbg.webout.life/js/jquery.js
136.243.92.2200 OK 0 B URL HTTP/2 l1kbg.webout.life/js/jquery.js
IP 136.243.92.2:0
ASN #24940 Hetzner Online GmbH
GET /js/jquery.js HTTP/1.1
Host: l1kbg.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://l1kbg.webout.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:53 GMT
content-type: application/javascript
last-modified: Tue, 29 Mar 2022 11:54:01 GMT
etag: W/"6242f359-15391"
expires: Mon, 03 Apr 2023 13:44:53 GMT
cache-control: max-age=259200, public, must_revalidate
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
IP 142.250.74.106:0
GET /css?family=Roboto:300,400,700,400i&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://l1kbg.webout.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 31 Mar 2023 13:44:53 GMT
date: Fri, 31 Mar 2023 13:44:53 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2