Report - news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4

Report Overview

Submitted URL
news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
IP
149.7.16.233
ASN
#63023 AS-GLOBALTELEHOST
Submitted
2023-03-31 13:45:00
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
36

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-31T18:12:09Z	333 B	391 B	34.117.237.239
browser.sentry-cdn.com	4393	2018-07-13T13:42:06Z	2023-04-01T05:19:48Z	2.2 kB	103 kB	151.101.194.217
2.news-ziperu.com	unknown	2023-02-08T21:50:22Z	2023-03-29T22:17:38Z	3.7 kB	537 kB	149.7.16.217
4.news-ziperu.com	unknown	2023-02-10T08:25:44Z	2023-03-29T22:17:39Z	3.8 kB	522 kB	149.7.16.217
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-31T18:12:03Z	1.7 kB	3.5 kB	142.250.74.131
eighter.fun	unknown	2023-02-08T21:50:08Z	2023-03-31T09:32:24Z	469 B	1.4 kB	104.21.59.197
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-31T20:23:24Z	422 B	630 B	142.250.74.106
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-31T18:14:44Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-31T18:18:04Z	413 B	5.9 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-31T18:13:52Z	606 B	238 B	34.117.65.55
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-31T07:51:33Z	3.3 kB	65 kB	34.120.237.76
1.news-ziperu.com	unknown	2023-02-08T21:50:21Z	2023-03-29T22:17:38Z	4.3 kB	539 kB	149.7.16.217
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-31T20:44:48Z	966 B	33 kB	216.58.207.227
news-donidi.com	unknown	2022-11-29T18:09:51Z	2023-03-31T11:07:01Z	3.1 kB	534 kB	193.108.117.25
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-31T18:12:04Z	2.4 kB	6.2 kB	23.36.76.226
news-ziperu.com	unknown	2023-01-17T14:05:42Z	2023-03-31T09:33:00Z	4.8 kB	554 kB	193.108.118.196
3.news-ziperu.com	unknown	2023-02-08T21:50:26Z	2023-03-29T22:17:39Z	3.3 kB	551 kB	149.7.16.217
l1kbg.webout.life	unknown	2022-06-12T13:18:33Z	2023-03-31T09:32:24Z	2.2 kB	154 kB	136.243.92.2

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-31 13:44:52	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-03-31 13:44:52	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-31	medium	news-donidi.com/lands/53/js/device.js	Phishing
2023-03-31	medium	news-donidi.com/revopush.js?v=4	Phishing
2023-03-31	medium	news-donidi.com/lands/53/images/spinning-circles2.svg	Phishing
2023-03-31	medium	news-ziperu.com/revopush.js?v=4	Phishing
2023-03-31	medium	news-ziperu.com/lands/53/images/spinning-circles2.svg	Phishing
2023-03-31	medium	news-ziperu.com/lands/53/js/device.js	Phishing
2023-03-31	medium	news-ziperu.com/sw.js	Phishing
2023-03-31	medium	1.news-ziperu.com/lands/53/images/spinning-circles2.svg	Phishing
2023-03-31	medium	1.news-ziperu.com/lands/53/js/device.js	Phishing
2023-03-31	medium	1.news-ziperu.com/sw.js	Phishing
2023-03-31	medium	2.news-ziperu.com/lands/53/js/device.js	Phishing
2023-03-31	medium	2.news-ziperu.com/sw.js	Phishing
2023-03-31	medium	3.news-ziperu.com/lands/53/images/spinning-circles2.svg	Phishing
2023-03-31	medium	3.news-ziperu.com/lands/53/js/device.js	Phishing
2023-03-31	medium	4.news-ziperu.com/lands/53/images/spinning-circles2.svg	Phishing
2023-03-31	medium	4.news-ziperu.com/lands/53/js/device.js	Phishing
2023-03-31	medium	4.news-ziperu.com/sw.js	Phishing
2023-03-31	medium	eighter.fun/6mdkxB29	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	l1kbg.webout.life/js/jquery.js	87 kB	2023-03-07	2024-04-18
Pretty URL l1kbg.webout.life/js/jquery.js IP 136.243.92.2 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:32 Last Seen2024-04-18 08:31:54 Times Seen2963 Hash 378087a64e1394fc51f300bb9c11878c 0c3192b500a4fd550e483cf77a49806a5872185b 4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de Loading...

	news-donidi.com/lands/53/js/device.js	7.4 kB	2023-03-07	2024-04-14
Pretty URL news-donidi.com/lands/53/js/device.js IP 193.108.117.25 ASN #61003 GlobalTeleHost Corp. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:25 Last Seen2024-04-14 19:54:14 Times Seen1071 Hash 46ce7a0522431a9a972b55b01bf0c1f1 263694d7c99de62fb4e9f4e9215ec9df92f16dc2 8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033 Loading...

	news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=	432 B	2023-04-01	2023-04-01
Pretty URL news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4= IP 193.108.118.196 ASN #61003 GlobalTeleHost Corp. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:59:23 Last Seen2023-04-01 10:59:23 Times Seen1 Hash d466a0b45735ef13adf8183a0907268a 8fe9a604251abb437a9db93d35fdaed87565cdbf 04765aae7dce414b3aceecb73ce9ebd1f6a60a1aeef4066d3935ca6966cf6ba3 Loading...

	1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=	432 B	2023-04-01	2023-04-01
Pretty URL 1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:59:23 Last Seen2023-04-01 10:59:23 Times Seen1 Hash 1cd1cc63b1d21ba3020deac7dd800d26 bcd8675cf07ed6246012d013c456c8577b17c5b0 c5806087bde5ecbf06ae657343b379b93c1597bc569de01f3cb6e5b2fc7984ee Loading...

	2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=	432 B	2023-04-01	2023-04-01
Pretty URL 2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4= IP 149.7.16.217 ASN #63023 AS-GLOBALTELEHOST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:59:23 Last Seen2023-04-01 10:59:23 Times Seen1 Hash 6e09f980f9d657fb8c767d3313ab9afd 66275b51c51da8ba9d854b0129372979147e8269 35ee0f47b4553c74375bd011fab12c8297ddcf57e2273baadd7445866196434e Loading...

	3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=	432 B	2023-04-01	2023-04-01
Pretty URL 3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4= IP 149.7.16.217 ASN #63023 AS-GLOBALTELEHOST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:59:23 Last Seen2023-04-01 10:59:23 Times Seen1 Hash 0fee49e91b03148eaf8679629011898f b18b94f5b5a39a0f4a5d7b55655bc22c8929efd8 5c502630168867f569ec02dd5855f8ca8482c9a17a90732a017c74928cdb9117 Loading...

	4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=	432 B	2023-04-01	2023-04-01
Pretty URL 4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:59:23 Last Seen2023-04-01 10:59:23 Times Seen1 Hash 781d1237ff059211a06a5b4671f049d6 d4a2b77913f2c87bb170ae8bad990e69827307d4 63cb3bf045234884d266f3e18e7f85ec1cc21a383acbf50f2d11a888d3510291 Loading...

	news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4	431 B	2023-04-01	2023-04-01
Pretty URL news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4 IP 193.108.117.25 ASN #61003 GlobalTeleHost Corp. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:59:23 Last Seen2023-04-01 10:59:23 Times Seen1 Hash 02301d85c864625c3a105fc09d7ba209 11bc98f0776a21948fceb348cbd7795cab2cdb55 9a4b911bafe155b92caa3c398dc0fa762448b4490225cd0f2356626a3a41641c Loading...

	news-donidi.com/revopush.js?v=4	10 kB	2023-03-09	2024-02-20
Pretty URL news-donidi.com/revopush.js?v=4 IP 193.108.117.25 ASN #61003 GlobalTeleHost Corp. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 11:48:00 Last Seen2024-02-20 08:46:21 Times Seen5751 Hash fc284a0e5d580856ae4863715ad6733e eb69f303c80ff8e44abc9601b8616c0cf92faafa 2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0 Loading...

	news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4	3.7 kB	2023-03-07	2023-04-05
Pretty URL news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4 IP 193.108.117.25 ASN #61003 GlobalTeleHost Corp. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:38 Last Seen2023-04-05 01:47:52 Times Seen23 Hash e9ac9c581cce652ac833478c3d0e23c8 a709118f044dd45acf74619ae5b9d2ecfa1af452 3cdc1de5cff054c2a93bc4eb8bf772c24decc444d275b7d728a6429d005542f1 Loading...

	l1kbg.webout.life/	3.9 kB	2023-04-01	2023-04-01
Pretty URL l1kbg.webout.life/ IP 136.243.92.2 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:59:23 Last Seen2023-04-01 10:59:23 Times Seen1 Hash 01458247c6ee67e28bc7ed798bbc2eba eff7037ef0ad2afffb6ba990a7c03bf23fec1523 ca0a90edd20fc6332fe0f02c3eed4ad664bf73e0c03a4526eee297644105e430 Loading...

	realrb.bid/pushJs/Ae7lrjHov.js	35 kB	2023-03-13	2023-04-05
Pretty URL realrb.bid/pushJs/Ae7lrjHov.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 21:09:56 Last Seen2023-04-05 01:47:52 Times Seen11 Hash 32b51a63f09be98594de3508c6db2a72 0b22deecc0775c1f5c1f947af76d895ac1a0e596 081519ac0d1effeab47ee34f111d59e75572dc43805980c27bbed6117dbabfca Loading...

HTTP Transactions (81)

URL IP Response Size

news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4

193.108.117.25

200 OK

7.1 kB

URL HTTP/1.1
news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
IP
193.108.117.25:0
ASN
#61003 GlobalTeleHost Corp.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2071)
Size
7.1 kB (7136 bytes)
Hash
9c9f9bdfc442cf0cf288dd9b290dbcff
7700e792d219beefb338a9e5910ce2f5655e0477
bac222343878d6ca6880687d132221b016c935943a8b198762c9fb6186ea8ae6

HTTP Headers

GET /lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4 HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D; expires=Fri, 31-Mar-2023 14:44:47 GMT; Max-Age=3600; path=/
Content-Encoding: gzip

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7504
Expires: Fri, 31 Mar 2023 15:49:52 GMT
Date: Fri, 31 Mar 2023 13:44:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b93010cbf31ba3ec785b4088e5d0f529
c0f1ab8a2aae3c445a8f24959a4eea433a345caf
2cc1a5865dee7636b82a68deddd3aff8b697e846e37789a694cc3c7c47340590

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CC1A5865DEE7636B82A68DEDDD3AFF8B697E846E37789A694CC3C7C47340590"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9614
Expires: Fri, 31 Mar 2023 16:25:02 GMT
Date: Fri, 31 Mar 2023 13:44:48 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Length, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 31 Mar 2023 13:16:12 GMT
content-type: application/json
age: 1716
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
76218c893040d958ae1c4231cdd2133c
6a7b336dee91d4aec26ace0a5883ecdfac52e68f
d35492b04d16ed00e9e195e7c84c99aa6a2b8a93abeb656baae0918986f0a7e4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D35492B04D16ED00E9E195E7C84C99AA6A2B8A93ABEB656BAAE0918986F0A7E4"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3678
Expires: Fri, 31 Mar 2023 14:46:06 GMT
Date: Fri, 31 Mar 2023 13:44:48 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: WLvLiyAuavVinPUhOohL0doG9d0gqHelU+ehNxO7Iu5tjE0xN53aCuokLk0CPe/67TnLXo99HWJbfa0UohB2eQ==
x-amz-request-id: VMGSWC7RNRC98964
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 31 Mar 2023 13:03:21 GMT
age: 2487
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:48 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

news-donidi.com/lands/53/css/style.css

193.108.117.25

200 OK

6.8 kB

URL HTTP/1.1
news-donidi.com/lands/53/css/style.css
IP
193.108.117.25:0
ASN
#61003 GlobalTeleHost Corp.

File type
ASCII text
Size
6.8 kB (6750 bytes)
Hash
e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4

HTTP Headers

GET /lands/53/css/style.css HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:48 GMT
Content-Type: text/css
Content-Length: 6750
Last-Modified: Fri, 20 Aug 2021 13:24:46 GMT
Connection: keep-alive
ETag: "611fad1e-1a5e"
Accept-Ranges: bytes

news-donidi.com/lands/53/js/device.js

193.108.117.25

200 OK

7.4 kB

URL HTTP/1.1
news-donidi.com/lands/53/js/device.js
IP
193.108.117.25:0
ASN
#61003 GlobalTeleHost Corp.

File type
HTML document, ASCII text
Size
7.4 kB (7364 bytes)
Hash
46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lands/53/js/device.js HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:48 GMT
Content-Type: application/javascript
Content-Length: 7364
Last-Modified: Fri, 20 Aug 2021 13:24:46 GMT
Connection: keep-alive
ETag: "611fad1e-1cc4"
Accept-Ranges: bytes

news-donidi.com/revopush.js?v=4

193.108.117.25

200 OK

10 kB

URL HTTP/1.1
news-donidi.com/revopush.js?v=4
IP
193.108.117.25:0
ASN
#61003 GlobalTeleHost Corp.

File type
ASCII text, with very long lines (9954), with no line terminators
Size
10 kB (9954 bytes)
Hash
fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /revopush.js?v=4 HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:48 GMT
Content-Type: application/javascript
Content-Length: 9954
Last-Modified: Thu, 15 Dec 2022 09:31:10 GMT
Connection: keep-alive
ETag: "639ae95e-26e2"
Accept-Ranges: bytes

news-donidi.com/lands/53/images/spinning-circles2.svg

193.108.117.25

200 OK

503 B

URL HTTP/1.1
news-donidi.com/lands/53/images/spinning-circles2.svg
IP
193.108.117.25:0
ASN
#61003 GlobalTeleHost Corp.

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
503 B (503 bytes)
Hash
14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:48 GMT
Content-Type: image/svg+xml
Content-Length: 503
Last-Modified: Fri, 20 Aug 2021 13:24:46 GMT
Connection: keep-alive
ETag: "611fad1e-1f7"
Accept-Ranges: bytes

news-donidi.com/traffback-reject.php?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4&land=53

193.108.117.25

200 OK

48 B

URL HTTP/1.1
news-donidi.com/traffback-reject.php?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4&land=53
IP
193.108.117.25:0
ASN
#61003 GlobalTeleHost Corp.

File type
ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
ee3967fa9cbb786093ab5ab35e33e166
df282d0e02f3d54b038694c8270f88080a2d1c24
d6c4aa081dcd752e5d4d511907fdd040404578833c4cb31dcc299cf22dab8186

HTTP Headers

GET /traffback-reject.php?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4&land=53 HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
Connection: keep-alive
Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip

news-donidi.com/lands/53/images/video.gif

193.108.117.25

200 OK

500 kB

URL HTTP/1.1
news-donidi.com/lands/53/images/video.gif
IP
193.108.117.25:0
ASN
#61003 GlobalTeleHost Corp.

File type
GIF image data, version 89a, 320 x 180\012- data
Size
500 kB (500082 bytes)
Hash
2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433

HTTP Headers

GET /lands/53/images/video.gif HTTP/1.1
Host: news-donidi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-donidi.com/lands/53/?site=8056565&sub1=2biut6kt7q9il&sub2&sub3&sub4
Cookie: clickdata=ODA1NjU2NXw6fDUzfDp8MmJpdXQ2a3Q3cTlpbHw6fHw6fHw6fA%3D%3D

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 31 Mar 2023 13:44:48 GMT
Content-Type: image/gif
Content-Length: 500082
Last-Modified: Fri, 20 Aug 2021 13:24:46 GMT
Connection: keep-alive
ETag: "611fad1e-7a172"
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae064c74a3769d42109473ad05d56fb9
d48029ab8568cee6ab7416d3b476ed792d780a56
9852216f395a42f7b4792e852f9f9fa83e07d917a979237d5d7406a1d74edc4f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9852216F395A42F7B4792E852F9F9FA83E07D917A979237D5D7406A1D74EDC4F"
Last-Modified: Wed, 29 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11481
Expires: Fri, 31 Mar 2023 16:56:09 GMT
Date: Fri, 31 Mar 2023 13:44:48 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Backoff, Last-Modified, Alert, Content-Length, Pragma, Cache-Control, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 31 Mar 2023 13:14:39 GMT
age: 1809
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.117.65.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lnlHqRTULdyygEyl1/kFjQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: AlXMtQ5OZelLZfFprXN+//1XG3s=
Date: Fri, 31 Mar 2023 13:44:48 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

news-ziperu.com/revopush.js?v=4

193.108.118.196

200 OK

10 kB

URL HTTP/2
news-ziperu.com/revopush.js?v=4
IP
193.108.118.196:0
ASN
#61003 GlobalTeleHost Corp.

File type
ASCII text, with very long lines (9954), with no line terminators
Size
10 kB (9954 bytes)
Hash
fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /revopush.js?v=4 HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:10 GMT
etag: "639ae95e-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15599
Expires: Fri, 31 Mar 2023 18:04:49 GMT
Date: Fri, 31 Mar 2023 13:44:50 GMT
Connection: keep-alive

news-ziperu.com/lands/53/css/style.css

193.108.118.196

200 OK

6.8 kB

URL HTTP/2
news-ziperu.com/lands/53/css/style.css
IP
193.108.118.196:0
ASN
#61003 GlobalTeleHost Corp.

File type
ASCII text
Size
6.8 kB (6750 bytes)
Hash
e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4

HTTP Headers

GET /lands/53/css/style.css HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: text/css
content-length: 6750
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1a5e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

news-ziperu.com/lands/53/images/spinning-circles2.svg

193.108.118.196

200 OK

503 B

URL HTTP/2
news-ziperu.com/lands/53/images/spinning-circles2.svg
IP
193.108.118.196:0
ASN
#61003 GlobalTeleHost Corp.

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
503 B (503 bytes)
Hash
14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15599
Expires: Fri, 31 Mar 2023 18:04:49 GMT
Date: Fri, 31 Mar 2023 13:44:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15599
Expires: Fri, 31 Mar 2023 18:04:49 GMT
Date: Fri, 31 Mar 2023 13:44:50 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6380 bytes)
Hash
8a2b8f737604b7983cf686c82599dc73
aa63be93c4cd641f09ce0d5144ef60aab21caed1
78835586bfd170fee7e6f70b2b426ed186f5aeae969459c6dcbf527ba9c0deec

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6380
x-amzn-requestid: 0a129a69-0720-47a0-8b0e-b3200de24204
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUn6E19IAMF9SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260165-564474a42e79d1dc4eb9558f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 3paQf8BhyRcZoZNox8660Zyzz0WaiQxJuHmDbj4wpo-rgbDdkxrYgQ==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:47:23 GMT
age: 57447
etag: "aa63be93c4cd641f09ce0d5144ef60aab21caed1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11061 bytes)
Hash
39bdd16276747b1445a79e674a2a3347
d0676f63738484298a78b7abf7e4934c3d256065
67aa526299060c2a39c4baa10fd03f121497dccd5e765676639ed73ac529c34b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11061
x-amzn-requestid: 428128ec-c441-4ff7-9c84-880a01672b00
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnVFnFf0IAMFTvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260223-185c48300f161931310fa35f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:41:55 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: gc77o7y-moH1HuMEZFe9-00DVAda9baa-5VEPlMA4SIZDJNzQ8jUlA==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:49:08 GMT
etag: "d0676f63738484298a78b7abf7e4934c3d256065"
content-type: image/jpeg
age: 57342
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F008df6b4-92c5-423a-a32e-4ab5016464ba.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6970 bytes)
Hash
e5d955ec5d3a9f655e4ca0523acfd039
e8b2cd28a02a2cee1b4e57c57570f2598721ff57
e7753ef91d6f04dce00f83cb1ba3ea4f1abb52140993fbee375e506597cee529

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F008df6b4-92c5-423a-a32e-4ab5016464ba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6970
x-amzn-requestid: 9f7a82d7-dbba-4c67-a330-6a7f2b68177d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cdn3zGn7oAMFwNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64222031-1d97c16f7a9c163c02fe72ac;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 23:01:05 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: JMvV8caOiRMRcDrT78aodKrihx7EcnIjnvOfbFIptyCxV-PB0_zfuA==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 04:19:18 GMT
age: 33932
etag: "e8b2cd28a02a2cee1b4e57c57570f2598721ff57"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=

193.108.118.196

200 OK

13 kB

URL HTTP/2
news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
IP
193.108.118.196:0
ASN
#61003 GlobalTeleHost Corp.

File type
data
Size
13 kB (12945 bytes)
Hash
0baaea3cb11aa778fad77038e9289131
17675ad1de96e34a6d2021fa6258c55c5e5e21aa
fb0849380713f16d90cdcb1115bb20630dd61eb40e072d58d89279f4a78b3080

HTTP Headers

GET /lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4= HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://news-donidi.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
set-cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D; expires=Fri, 31-Mar-2023 14:44:50 GMT; Max-Age=3600; path=/
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13775 bytes)
Hash
876e5464aba1639f3b07b07d1d694514
93885a6205be71d16187782b1803f53d5c8538cb
6e2b6b15f462922a9e8260f55cfcd94d488d1a48435458db43270ea3b825d8c4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F067b6c49-6e52-4dcc-af72-f7292299f912.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13775
x-amzn-requestid: 43d1a1f3-b189-4fcd-a298-429123d1921b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUloF9woAMFU4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-13778451622503253ea252eb;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: bXA995GxGti4_AzSi9F19ZNvUwm5_ZSBw0BB0lRIfNHcmX7Ajt6bSg==
via: 1.1 8731d2a1a7d15f67b588bf58f652f9f0.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:46:36 GMT
age: 57494
etag: "93885a6205be71d16187782b1803f53d5c8538cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

news-ziperu.com/lands/53/js/device.js

193.108.118.196

200 OK

7.4 kB

URL HTTP/2
news-ziperu.com/lands/53/js/device.js
IP
193.108.118.196:0
ASN
#61003 GlobalTeleHost Corp.

File type
HTML document, ASCII text
Size
7.4 kB (7364 bytes)
Hash
46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lands/53/js/device.js HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9859 bytes)
Hash
da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: c00efe5b-7fdb-445a-a924-75ddd461b72b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: COQPtHizoAMF7-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bfa64-3eb90ae703b78e8a06130540;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 07:06:12 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: nZfXy-IsoHliuLodEocEZlH-IvmIV9G-noSmSEU1wmuMPfBx3rLJ9w==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 00:11:32 GMT
age: 48798
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

news-ziperu.com/lands/53/images/video.gif

193.108.118.196

200 OK

500 kB

URL HTTP/2
news-ziperu.com/lands/53/images/video.gif
IP
193.108.118.196:0
ASN
#61003 GlobalTeleHost Corp.

File type
GIF image data, version 89a, 320 x 180\012- data
Size
500 kB (500082 bytes)
Hash
2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433

HTTP Headers

GET /lands/53/images/video.gif HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-7a172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

news-ziperu.com/sw.js

193.108.118.196

200 OK

4.3 kB

URL HTTP/2
news-ziperu.com/sw.js
IP
193.108.118.196:0
ASN
#61003 GlobalTeleHost Corp.

File type
ASCII text, with very long lines (4286), with no line terminators
Size
4.3 kB (4286 bytes)
Hash
5a725e8f3453d50e7d5105d015eaad7e
60b9e2d121650005f4c0c0e4e01638f3c22f8225
f70f159259ede98f8a95bc29f27b230c3eb9b9fa3099992bc600e1c4656e70c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sw.js HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: application/javascript
content-length: 4286
last-modified: Fri, 24 Feb 2023 15:11:00 GMT
etag: "63f8d384-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

news-ziperu.com/favicon.ico

193.108.118.196

200 OK

1.2 kB

URL HTTP/2
news-ziperu.com/favicon.ico
IP
193.108.118.196:0
ASN
#61003 GlobalTeleHost Corp.

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 20 Jul 2019 16:00:28 GMT
etag: "5d333a9c-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

browser.sentry-cdn.com/7.19.0/bundle.es5.min.js

151.101.194.217

200 OK

20 kB

URL HTTP/2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP
151.101.194.217:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (62031)
Size
20 kB (20174 bytes)
Hash
1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44

HTTP Headers

GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-ziperu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Fri, 31 Mar 2023 13:44:50 GMT
age: 6320223
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2

1.news-ziperu.com/revopush.js?v=4

149.7.16.217

200 OK

10 kB

URL HTTP/2
1.news-ziperu.com/revopush.js?v=4
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
ASCII text, with very long lines (9954), with no line terminators
Size
10 kB (9954 bytes)
Hash
fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0

HTTP Headers

GET /revopush.js?v=4 HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:18 GMT
etag: "639ae966-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

1.news-ziperu.com/lands/53/css/style.css

149.7.16.217

200 OK

6.8 kB

URL HTTP/2
1.news-ziperu.com/lands/53/css/style.css
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
ASCII text
Size
6.8 kB (6750 bytes)
Hash
e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4

HTTP Headers

GET /lands/53/css/style.css HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: text/css
content-length: 6750
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1a5e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

1.news-ziperu.com/lands/53/images/spinning-circles2.svg

149.7.16.217

200 OK

503 B

URL HTTP/2
1.news-ziperu.com/lands/53/images/spinning-circles2.svg
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
503 B (503 bytes)
Hash
14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

1.news-ziperu.com/lands/53/js/device.js

149.7.16.217

200 OK

7.4 kB

URL HTTP/2
1.news-ziperu.com/lands/53/js/device.js
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
HTML document, ASCII text
Size
7.4 kB (7364 bytes)
Hash
46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lands/53/js/device.js HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

1.news-ziperu.com/sw.js

149.7.16.217

200 OK

4.3 kB

URL HTTP/2
1.news-ziperu.com/sw.js
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
ASCII text, with very long lines (4286), with no line terminators
Size
4.3 kB (4286 bytes)
Hash
5a725e8f3453d50e7d5105d015eaad7e
60b9e2d121650005f4c0c0e4e01638f3c22f8225
f70f159259ede98f8a95bc29f27b230c3eb9b9fa3099992bc600e1c4656e70c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sw.js HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: application/javascript
content-length: 4286
last-modified: Fri, 24 Feb 2023 16:07:29 GMT
etag: "63f8e0c1-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

1.news-ziperu.com/lands/53/images/video.gif

149.7.16.217

200 OK

500 kB

URL HTTP/2
1.news-ziperu.com/lands/53/images/video.gif
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
GIF image data, version 89a, 320 x 180\012- data
Size
500 kB (500082 bytes)
Hash
2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433

HTTP Headers

GET /lands/53/images/video.gif HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-7a172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

1.news-ziperu.com/favicon.ico

149.7.16.217

200 OK

1.2 kB

URL HTTP/2
1.news-ziperu.com/favicon.ico
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 20 Jul 2019 16:00:28 GMT
etag: "5d333a9c-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

browser.sentry-cdn.com/7.19.0/bundle.es5.min.js

151.101.194.217

200 OK

20 kB

URL HTTP/2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP
151.101.194.217:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (62031)
Size
20 kB (20174 bytes)
Hash
1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44

HTTP Headers

GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Fri, 31 Mar 2023 13:44:51 GMT
age: 6320224
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2

2.news-ziperu.com/revopush.js?v=4

149.7.16.217

200 OK

10 kB

URL HTTP/2
2.news-ziperu.com/revopush.js?v=4
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
ASCII text, with very long lines (9954), with no line terminators
Size
10 kB (9954 bytes)
Hash
fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0

HTTP Headers

GET /revopush.js?v=4 HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:18 GMT
etag: "639ae966-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

1.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53

149.7.16.217

200 OK

6.8 kB

URL HTTP/2
1.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
data
Size
6.8 kB (6846 bytes)
Hash
6be721bf9da66ed3e5ba9ef44001bd85
6cb0665ec519565ecd917864fa116cc80b16489f
a0e6d8e8ac6cb38c58318993257b82fec78756f45f87664d914c875c092e616e

HTTP Headers

GET /traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53 HTTP/1.1
Host: 1.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=

149.7.16.217

200 OK

7.6 kB

URL HTTP/2
2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
data
Size
7.6 kB (7641 bytes)
Hash
fb340393b0e8a92d676abb18479c6a12
de017a7362c2919de131f99244d6337c72b58df9
e6f3eea26ef1f29281b040f3be15f7ba799534eca2feacdad3caada51ef51745

HTTP Headers

GET /lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4= HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-ziperu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
set-cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D; expires=Fri, 31-Mar-2023 14:44:51 GMT; Max-Age=3600; path=/
content-encoding: gzip
X-Firefox-Spdy: h2

2.news-ziperu.com/lands/53/images/video.gif

149.7.16.217

200 OK

500 kB

URL HTTP/2
2.news-ziperu.com/lands/53/images/video.gif
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
GIF image data, version 89a, 320 x 180\012- data
Size
500 kB (500082 bytes)
Hash
2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433

HTTP Headers

GET /lands/53/images/video.gif HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-7a172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

2.news-ziperu.com/lands/53/js/device.js

149.7.16.217

200 OK

7.4 kB

URL HTTP/2
2.news-ziperu.com/lands/53/js/device.js
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
HTML document, ASCII text
Size
7.4 kB (7364 bytes)
Hash
46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lands/53/js/device.js HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

2.news-ziperu.com/sw.js

149.7.16.217

200 OK

4.3 kB

URL HTTP/2
2.news-ziperu.com/sw.js
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
ASCII text, with very long lines (4286), with no line terminators
Size
4.3 kB (4286 bytes)
Hash
5a725e8f3453d50e7d5105d015eaad7e
60b9e2d121650005f4c0c0e4e01638f3c22f8225
f70f159259ede98f8a95bc29f27b230c3eb9b9fa3099992bc600e1c4656e70c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sw.js HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: application/javascript
content-length: 4286
last-modified: Fri, 24 Feb 2023 16:07:29 GMT
etag: "63f8e0c1-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

2.news-ziperu.com/favicon.ico

149.7.16.217

200 OK

1.2 kB

URL HTTP/2
2.news-ziperu.com/favicon.ico
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:51 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 20 Jul 2019 16:00:28 GMT
etag: "5d333a9c-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

browser.sentry-cdn.com/7.19.0/bundle.es5.min.js

151.101.194.217

200 OK

20 kB

URL HTTP/2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP
151.101.194.217:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (62031)
Size
20 kB (20174 bytes)
Hash
1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44

HTTP Headers

GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ziperu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Fri, 31 Mar 2023 13:44:51 GMT
age: 6320224
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2

3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=

149.7.16.217

200 OK

17 kB

URL HTTP/2
3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
data
Size
17 kB (17095 bytes)
Hash
2ce3798636e7acb5f1bc822652dcec90
52374a491f49134e2312c04fac669d1433ee6a8f
d619649ac856dc45816df95f597cf0318aba042a13a30522c816c4cfa2a721b3

HTTP Headers

GET /lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4= HTTP/1.1
Host: 3.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-ziperu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
set-cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D; expires=Fri, 31-Mar-2023 14:44:52 GMT; Max-Age=3600; path=/
content-encoding: gzip
X-Firefox-Spdy: h2

3.news-ziperu.com/lands/53/css/style.css

149.7.16.217

200 OK

6.8 kB

URL HTTP/2
3.news-ziperu.com/lands/53/css/style.css
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
ASCII text
Size
6.8 kB (6750 bytes)
Hash
e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4

HTTP Headers

GET /lands/53/css/style.css HTTP/1.1
Host: 3.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: text/css
content-length: 6750
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1a5e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

3.news-ziperu.com/lands/53/images/spinning-circles2.svg

149.7.16.217

200 OK

503 B

URL HTTP/2
3.news-ziperu.com/lands/53/images/spinning-circles2.svg
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
503 B (503 bytes)
Hash
14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: 3.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

3.news-ziperu.com/lands/53/images/video.gif

149.7.16.217

200 OK

500 kB

URL HTTP/2
3.news-ziperu.com/lands/53/images/video.gif
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
GIF image data, version 89a, 320 x 180\012- data
Size
500 kB (500082 bytes)
Hash
2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433

HTTP Headers

GET /lands/53/images/video.gif HTTP/1.1
Host: 3.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-7a172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

3.news-ziperu.com/lands/53/js/device.js

149.7.16.217

200 OK

7.4 kB

URL HTTP/2
3.news-ziperu.com/lands/53/js/device.js
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
HTML document, ASCII text
Size
7.4 kB (7364 bytes)
Hash
46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lands/53/js/device.js HTTP/1.1
Host: 3.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

2.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53

149.7.16.217

200 OK

4.4 kB

URL HTTP/2
2.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
data
Size
4.4 kB (4382 bytes)
Hash
835de90ed531f956e6eb79d286ca5092
10240fdcdb1faf02827b72a2b3b51c95b48c86b3
ac339323bcd5056ef8a256126c311ae36ab303aa9c8b5efe70c13926c1088e8a

HTTP Headers

GET /traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53 HTTP/1.1
Host: 2.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53

193.108.118.196

200 OK

8.4 kB

URL HTTP/2
news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
IP
193.108.118.196:0
ASN
#61003 GlobalTeleHost Corp.

File type
data
Size
8.4 kB (8386 bytes)
Hash
56624580ba0895d631c45767867e6487
51b04bc6ed7fedc348a7d4cb20c2b9ffa7c6bf34
874bfe728ae2234889f636414bfc90c32a6b4eb86b130d8b14f89bc2b2c273fa

HTTP Headers

GET /traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53 HTTP/1.1
Host: news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:50 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

browser.sentry-cdn.com/7.19.0/bundle.es5.min.js

151.101.194.217

200 OK

20 kB

URL HTTP/2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP
151.101.194.217:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (62031)
Size
20 kB (20174 bytes)
Hash
1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44

HTTP Headers

GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-ziperu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Fri, 31 Mar 2023 13:44:52 GMT
age: 6320224
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2

3.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53

149.7.16.217

200 OK

17 kB

URL HTTP/2
3.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
data
Size
17 kB (17189 bytes)
Hash
13d4e0a1e1c16b4870444bf151d03022
7da93902502603da449494d0ef722bcf0ce2ae55
6c91ed4850bf43dd0b2dd4a606e566c103729cf1560e809e78fa95c66c9d19ed

HTTP Headers

GET /traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53 HTTP/1.1
Host: 3.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

4.news-ziperu.com/lands/53/css/style.css

149.7.16.217

200 OK

6.8 kB

URL HTTP/2
4.news-ziperu.com/lands/53/css/style.css
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
ASCII text
Size
6.8 kB (6750 bytes)
Hash
e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4

HTTP Headers

GET /lands/53/css/style.css HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: text/css
content-length: 6750
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1a5e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

4.news-ziperu.com/lands/53/images/spinning-circles2.svg

149.7.16.217

200 OK

503 B

URL HTTP/2
4.news-ziperu.com/lands/53/images/spinning-circles2.svg
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
503 B (503 bytes)
Hash
14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

4.news-ziperu.com/lands/53/images/video.gif

149.7.16.217

200 OK

500 kB

URL HTTP/2
4.news-ziperu.com/lands/53/images/video.gif
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
GIF image data, version 89a, 320 x 180\012- data
Size
500 kB (500082 bytes)
Hash
2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433

HTTP Headers

GET /lands/53/images/video.gif HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-7a172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

4.news-ziperu.com/lands/53/js/device.js

149.7.16.217

200 OK

7.4 kB

URL HTTP/2
4.news-ziperu.com/lands/53/js/device.js
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
HTML document, ASCII text
Size
7.4 kB (7364 bytes)
Hash
46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /lands/53/js/device.js HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

4.news-ziperu.com/sw.js

149.7.16.217

200 OK

4.3 kB

URL HTTP/2
4.news-ziperu.com/sw.js
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
ASCII text, with very long lines (4286), with no line terminators
Size
4.3 kB (4286 bytes)
Hash
5a725e8f3453d50e7d5105d015eaad7e
60b9e2d121650005f4c0c0e4e01638f3c22f8225
f70f159259ede98f8a95bc29f27b230c3eb9b9fa3099992bc600e1c4656e70c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sw.js HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: application/javascript
content-length: 4286
last-modified: Fri, 24 Feb 2023 16:07:29 GMT
etag: "63f8e0c1-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

4.news-ziperu.com/favicon.ico

149.7.16.217

200 OK

1.2 kB

URL HTTP/2
4.news-ziperu.com/favicon.ico
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 20 Jul 2019 16:00:28 GMT
etag: "5d333a9c-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

browser.sentry-cdn.com/7.19.0/bundle.es5.min.js

151.101.194.217

200 OK

20 kB

URL HTTP/2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP
151.101.194.217:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (62031)
Size
20 kB (20174 bytes)
Hash
1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44

HTTP Headers

GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-ziperu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Fri, 31 Mar 2023 13:44:52 GMT
age: 6320225
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2

l1kbg.webout.life/

136.243.92.2

200 OK

1.6 kB

URL HTTP/2
l1kbg.webout.life/
IP
136.243.92.2:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.6 kB (1563 bytes)
Hash
67c4a8a84684c5023da1903f9c25808c
dac8aa65f59ccb01aaf2686a051c6fef70dddcfd
2ab6f87d5d49e4e154c64d12916f1918fc55503cffead114a2401a8378a3c65b

HTTP Headers

GET / HTTP/1.1
Host: l1kbg.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4.news-ziperu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:53 GMT
content-type: text/html; charset=UTF-8
content-length: 1563
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7117d0725779b203269d6c54c3ccedcf
24f4e806fd15c39484288a88c67117c918ce0829
ecfdfee4723c973d404d5e580a8cead357de755354328bfa40c1041350a76504

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 13:44:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7117d0725779b203269d6c54c3ccedcf
24f4e806fd15c39484288a88c67117c918ce0829
ecfdfee4723c973d404d5e580a8cead357de755354328bfa40c1041350a76504

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 13:44:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bf29feb5d124115ffaf0b00e89ab0309
693d2ad3694d3171af6545ef4758855127b2e669
40c67d04ae6c3d13fd0a77cf0c804660a5498d0c24425162f8e21c86d9e85eb1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 13:44:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bf29feb5d124115ffaf0b00e89ab0309
693d2ad3694d3171af6545ef4758855127b2e669
40c67d04ae6c3d13fd0a77cf0c804660a5498d0c24425162f8e21c86d9e85eb1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 13:44:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l1kbg.webout.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:10 GMT
expires: Wed, 27 Mar 2024 10:31:10 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 270823
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://l1kbg.webout.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:23 GMT
expires: Wed, 27 Mar 2024 10:31:23 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 270810
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

l1kbg.webout.life/images/simple/adult/background.jpg

136.243.92.2

200 OK

151 kB

URL HTTP/2
l1kbg.webout.life/images/simple/adult/background.jpg
IP
136.243.92.2:0
ASN
#24940 Hetzner Online GmbH

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=2667, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=4000], baseline, precision 8, 4000x2667, components 3\012- data
Size
151 kB (151270 bytes)
Hash
d06243db5eaed3c22dd6794f0384be16
752c841153c3fc67482180d49c8492021def9817
9f4e5aae6461b0d857a26e03d10a44ccc41db096b257a33c5c58f6961b32ad30

HTTP Headers

GET /images/simple/adult/background.jpg HTTP/1.1
Host: l1kbg.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://l1kbg.webout.life/css/simple/adult.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:53 GMT
content-type: image/jpeg
content-length: 151270
last-modified: Tue, 29 Mar 2022 11:54:01 GMT
etag: "6242f359-24ee6"
expires: Mon, 03 Apr 2023 13:44:53 GMT
cache-control: max-age=259200, public, must_revalidate
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bf29feb5d124115ffaf0b00e89ab0309
693d2ad3694d3171af6545ef4758855127b2e669
40c67d04ae6c3d13fd0a77cf0c804660a5498d0c24425162f8e21c86d9e85eb1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 13:44:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

l1kbg.webout.life/site/set-cache

136.243.92.2

200 OK

1 B

URL HTTP/2
l1kbg.webout.life/site/set-cache
IP
136.243.92.2:0
ASN
#24940 Hetzner Online GmbH

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /site/set-cache HTTP/1.1
Host: l1kbg.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://l1kbg.webout.life/
Content-Type: application/json
Origin: https://l1kbg.webout.life
Content-Length: 226
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:53 GMT
content-type: text/html; charset=UTF-8
content-length: 1
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: content-type
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10490 bytes)
Hash
0530376e431b6563796e4abb0db0bc4e
6921f4bd83a806e1ea8247854ad4c045fa7ee298
d6371c81d5494d5e50fd5cc1cfe1ce28213dfa70ea5a94df82c9f4b3e6430a53

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 10490
x-amzn-requestid: 0525e5c4-485e-47eb-ab95-1136e4d5c29a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUnTEztoAMFzMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260161-54b47454475ff6ee4d880534;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:41 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: AdbJgoCBGJGvjP53lBj3_GWyuRF8O_fgNTPPEjUmFmyRxMQl2pgTzw==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:54:29 GMT
age: 57028
etag: "6921f4bd83a806e1ea8247854ad4c045fa7ee298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

eighter.fun/6mdkxB29

104.21.59.197

302 Found

0 B

URL HTTP/2
eighter.fun/6mdkxB29
IP
104.21.59.197:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /6mdkxB29 HTTP/1.1
Host: eighter.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news-donidi.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 31 Mar 2023 13:44:48 GMT
content-type: text/html; charset=UTF-8
location: https://news-ziperu.com/tds.php?sid=8060051&p1=s8hnpa108pvu1&domain=news-ziperu.com
cache-control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
expires: 0
last-modified: Fri, 31 Mar 2023 13:44:48 GMT
pragma: no-cache
set-cookie: _subid=s8hnpa108pvu1;Expires=Monday, 01-May-2023 13:44:48 GMT;Max-Age=2678400;Path=/
_token=uuid_s8hnpa108pvu1_s8hnpa108pvu16426e3d0acd461.65399676;Expires=Monday, 01-May-2023 13:44:48 GMT;Max-Age=2678400;Path=/
330d8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwNjVcIjoxNjgwMjcwMjg4fSxcImNhbXBhaWduc1wiOntcIjIzMFwiOjE2ODAyNzAyODh9LFwidGltZVwiOjE2ODAyNzAyODh9In0.7ExX7cn1_jQifMHirFIC6qcnkGcaBA_OFnptYRGgCV8;Expires=Monday, 29-Jun-2076 03:29:36 GMT;Max-Age=1680356688;Path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hg9mqLR4jZVHrtwzrd%2BrQzWulxhuGWDHK06IBrH9SGi8WSZzgR16P7AER8pRAwGtkFvku3FRwPISWDNeDduEMood%2B8R3vMv63Wi54nXOUKmH1sDdVQ1c8%2BUTdPC2zw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b090777ef1ab4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

4.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53

149.7.16.217

200 OK

0 B

URL HTTP/2
4.news-ziperu.com/traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53
IP
149.7.16.217:0
ASN
#63023 AS-GLOBALTELEHOST

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /traffback.php?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=&land=53 HTTP/1.1
Host: 4.news-ziperu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4.news-ziperu.com/lands/53/?site=8060051&sub1=s8hnpa108pvu1&sub2=&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA2MDA1MXw6fDUzfDp8czhobnBhMTA4cHZ1MXw6fHw6fHw6fA%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:52 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

l1kbg.webout.life/css/simple/adult.css

136.243.92.2

200 OK

0 B

URL HTTP/2
l1kbg.webout.life/css/simple/adult.css
IP
136.243.92.2:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/simple/adult.css HTTP/1.1
Host: l1kbg.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://l1kbg.webout.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:53 GMT
content-type: text/css
last-modified: Tue, 29 Mar 2022 11:54:01 GMT
etag: W/"6242f359-db2"
expires: Mon, 03 Apr 2023 13:44:53 GMT
cache-control: max-age=259200, public, must_revalidate
content-encoding: br
X-Firefox-Spdy: h2

l1kbg.webout.life/js/jquery.js

136.243.92.2

200 OK

0 B

URL HTTP/2
l1kbg.webout.life/js/jquery.js
IP
136.243.92.2:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/jquery.js HTTP/1.1
Host: l1kbg.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://l1kbg.webout.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 13:44:53 GMT
content-type: application/javascript
last-modified: Tue, 29 Mar 2022 11:54:01 GMT
etag: W/"6242f359-15391"
expires: Mon, 03 Apr 2023 13:44:53 GMT
cache-control: max-age=259200, public, must_revalidate
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:300,400,700,400i&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://l1kbg.webout.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 31 Mar 2023 13:44:53 GMT
date: Fri, 31 Mar 2023 13:44:53 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML