newssites4k.onepage.me/
301 Moved Permanently 175 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 27d3037d4815f88b7bb724cb258524e1
092678ca1f61e13d97f37f7be9438e7b32b722e9
0c0a343c76a265d5b6b5b3708383afaf77f187eaa7f3fa8f1fec18cdf4ebe198
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET / HTTP/1.1
Host: newssites4k.onepage.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: openresty/1.19.9.1
Date: Sat, 05 Nov 2022 03:44:50 GMT
Content-Type: text/html
Content-Length: 175
Connection: keep-alive
Location: https://newssites4k.onepage.me/
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b7be8442ec1e518ccc80739495f6d047
7a9d24b9d4046262c7753c49afaf9c19f4840626
b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7225
Expires: Sat, 05 Nov 2022 05:45:15 GMT
Date: Sat, 05 Nov 2022 03:44:50 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash cd02b32dbc8416dcb10b468af2166c33
503a9c4cabdb19dfde769f5e2d3ef919c818c364
46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2442
Cache-Control: max-age=109617
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 03:44:50 GMT
Etag: "6364dbd9-1d7"
Expires: Sun, 06 Nov 2022 10:11:47 GMT
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6578
Expires: Sat, 05 Nov 2022 05:34:28 GMT
Date: Sat, 05 Nov 2022 03:44:50 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: gfNFjs4nUZ+JIECBA5gU+JzC1vKcXVYiXQ4mE6vI9HCiVd7aAtljpT409bUG8MhwsaJIF+I5xPw=
x-amz-request-id: R7Z13MDHMMS8B4Z8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 05 Nov 2022 03:09:51 GMT
age: 2099
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 03:44:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 0f757102dc5c0d9f6c2f484734a2d146
9f615dc7a618e1fc953a1341dfee393963924303
f1cc78b7683cd2ad140c9f74b3fa55543ef84543ee8ceb59a74c7e3ab7ed95ad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=157222
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 03:44:50 GMT
Etag: "63659f58-1d7"
Expires: Sun, 06 Nov 2022 23:25:12 GMT
Last-Modified: Fri, 04 Nov 2022 23:25:12 GMT
Server: nginx
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 3bb80fc5817f971a55873e183f607350
bb71f0106a1e007c58db66e8e935e6676a2290a7
5097cc87d9f786ac2aa5741e9fa52b428be20cbfbdb8eacc5d7ea9550c109f38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2144
Cache-Control: max-age=103165
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 03:44:50 GMT
Etag: "6364c3cf-1d7"
Expires: Sun, 06 Nov 2022 08:24:15 GMT
Last-Modified: Fri, 04 Nov 2022 07:48:31 GMT
Server: ECS (amb/6B8B)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 3bb80fc5817f971a55873e183f607350
bb71f0106a1e007c58db66e8e935e6676a2290a7
5097cc87d9f786ac2aa5741e9fa52b428be20cbfbdb8eacc5d7ea9550c109f38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=101021
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 03:44:50 GMT
Etag: "6364c3cf-1d7"
Expires: Sun, 06 Nov 2022 07:48:31 GMT
Last-Modified: Fri, 04 Nov 2022 07:48:31 GMT
Server: nginx
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 3bb80fc5817f971a55873e183f607350
bb71f0106a1e007c58db66e8e935e6676a2290a7
5097cc87d9f786ac2aa5741e9fa52b428be20cbfbdb8eacc5d7ea9550c109f38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=101021
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 03:44:50 GMT
Etag: "6364c3cf-1d7"
Expires: Sun, 06 Nov 2022 07:48:31 GMT
Last-Modified: Fri, 04 Nov 2022 07:48:31 GMT
Server: nginx
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 3bb80fc5817f971a55873e183f607350
bb71f0106a1e007c58db66e8e935e6676a2290a7
5097cc87d9f786ac2aa5741e9fa52b428be20cbfbdb8eacc5d7ea9550c109f38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=101020
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 03:44:51 GMT
Etag: "6364c3cf-1d7"
Expires: Sun, 06 Nov 2022 07:48:31 GMT
Last-Modified: Fri, 04 Nov 2022 07:48:31 GMT
Server: nginx
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 3bb80fc5817f971a55873e183f607350
bb71f0106a1e007c58db66e8e935e6676a2290a7
5097cc87d9f786ac2aa5741e9fa52b428be20cbfbdb8eacc5d7ea9550c109f38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=101020
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 03:44:51 GMT
Etag: "6364c3cf-1d7"
Expires: Sun, 06 Nov 2022 07:48:31 GMT
Last-Modified: Fri, 04 Nov 2022 07:48:31 GMT
Server: nginx
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 42a0adacced30df52cf7cad3e200036d
f7b4114defc61f806dbb74fd228bca155d52362a
e4928481739a2a75dce86c03b355c6dff507426e8d851cba5ca8537b1be87c20
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5568
Cache-Control: max-age=107684
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 03:44:51 GMT
Etag: "6364c817-1d7"
Expires: Sun, 06 Nov 2022 09:39:35 GMT
Last-Modified: Fri, 04 Nov 2022 08:06:47 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
static.onepage.io/b/client/1666176905872/modern/js/bootstrap.bundle.js
200 OK 222 kB URL HTTP/2 static.onepage.io/b/client/1666176905872/modern/js/bootstrap.bundle.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Size 222 kB (221641 bytes)
Hash 4e843afb969faff2933a9ee755d0f956
ee699ba7db27953425627d1505fdaf9d374c0012
59575f6e873bdfbffc8dc4dd5cab11b00f19b55933fe2c5bf2abaabfc6ccd514
GET /b/client/1666176905872/modern/js/bootstrap.bundle.js HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newssites4k.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 03:44:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=898055
etag: W/"3a6350835ea8b9234b119ee848de2a2d"
last-modified: Wed, 19 Oct 2022 11:00:22 GMT
x-amz-id-2: VUKw1m1hr1htTHiQkcJV9fIGOBPjxFh24pyPHjFuk3OmkcdsXw9ekMKYRJDt4oOhZtXVpgqLS5M=
x-amz-request-id: BQS6AFQ1Y827WJ4M
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1440301
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t7ZblKRKoVbelyJYyAei3iZNmcEvUZVa4Iw%2BJxxiKzZE76uHMs0pKTu9Nnj2orchHr9HVrBLVz0afYj1iAa591AzxY2JZoNMeD2T1vBTV%2BsPkxKUb%2BpxGnvaUGtSmxV5j8h6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 765297de9faeb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b881ad6b945af460cec27029e5b08997
6b9312a0462238f2fe14ca87486f3daa315dd91e
ff7de7a52e6f5f91ae643642b802615d22304c870d9e63e46a747630a535066e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FF7DE7A52E6F5F91AE643642B802615D22304C870D9E63E46A747630A535066E"
Last-Modified: Fri, 04 Nov 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 05 Nov 2022 09:44:51 GMT
Date: Sat, 05 Nov 2022 03:44:51 GMT
Connection: keep-alive
static.onepage.io/umd/react-dom/experimental/react-dom.production.min.js
200 OK 43 kB URL HTTP/2 static.onepage.io/umd/react-dom/experimental/react-dom.production.min.js
IP
File type ASCII text, with very long lines (732)
Hash 69f811d1017428abe3f727aa7e2a2895
0976db0dc77d37facfd70f6fe3217d46a5f743f3
9e855f04a689d467204c33325fc8620d1ef373c5316aa0ecf9767e6f7226f942
GET /umd/react-dom/experimental/react-dom.production.min.js HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newssites4k.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 03:44:51 GMT
content-type: application/javascript
x-amz-id-2: hhGTrzIcLSj4nU+YgappD9E7nh4qEeQTNvv9zJGVsit3khNouIisOjTrY1A7wAmLkaOeuvyNiBy4Y8yWJJQouQ==
x-amz-request-id: 5SJ3EPKRSEWN3Z2F
last-modified: Mon, 21 Dec 2020 12:33:00 GMT
etag: W/"5847db660713a8c221c220cfac3c0852"
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1865833
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKr8gFycTbzlo565Rx0qF44M0Po6mnbk5%2Ft%2BR2QE6H1htcrIZDLpVGKDO3gVHhOx72I4Dns9YKQYH2jXdXnd%2B5izDR5T2xt5yYg35z%2FZ%2FITTkY%2BvIfvGKErTE1V%2BGTjwL7I8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 765297decfc8b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3SENJuLzdkiRHoWbCAanew==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZEb8XWZ0UZuTNTHALQGh6EvwnJE=
mxsites4k.com/?api=1&lan=twthk&ht=2&counter0=aury1991
200 OK 512 kB URL HTTP/1.1 mxsites4k.com/?api=1&lan=twthk&ht=2&counter0=aury1991
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63717), with CRLF line terminators
Size 512 kB (512224 bytes)
Hash 41618008088cafc16ce101867aa1a29d
e8b983c2f220867c3235cb4b938de123e28e09b4
554343248fcd378a1aa9fbd6e095709cf614a012774f248a1bac450aa07fa4cb
GET /?api=1&lan=twthk&ht=2&counter0=aury1991 HTTP/1.1
Host: mxsites4k.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newssites4k.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Nov 2022 03:44:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=l58ndm2nq2h2f1amcgvkt4si7a; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
mxsites4k.com/location
301 Moved Permanently 239 B IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9a8ce3fe494e2effd0fbba3ebed695c7
c76eb2c29cd79b96adcbff400a31116a1bcd3caa
819ad379aca07f77e9be09f71ac1a1fced0ad7710dde8cd5e436d14d6a58d62a
Analyzer Verdict Alert fortinet Malware
GET /location HTTP/1.1
Host: mxsites4k.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newssites4k.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 05 Nov 2022 03:44:52 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 239
Connection: keep-alive
Location: https://mxsites4k.com/location/
mxsites4k.com/location/
200 OK 468 B IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Hash 6f1497d5364a6cfda0e81dd10d409ebf
4db66111b55d4b33203ba3a888e12ba6163cdfdf
3cf8f3dd6ae89d4970edad8007c999d712327c53c1da0998db6f32c7ad99c4e2
Analyzer Verdict Alert fortinet Malware
GET /location/ HTTP/1.1
Host: mxsites4k.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newssites4k.onepage.me/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Nov 2022 03:44:52 GMT
Content-Type: application/javascript
Content-Length: 468
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
widgets.amung.us/classic/00/3.png
200 OK 1.4 kB URL HTTP/2 widgets.amung.us/classic/00/3.png
IP
File type PNG image data, 81 x 29, 8-bit colormap, non-interlaced\012- data
Hash 41d4f6620e4a9aa9d0ab8e6e64f6806f
77a757081252263a6c8d45d5572ffd91d1d3ec6b
ec05bbdc9c3173963a0443eb265cc294f9e30737e17c85b662643765803e453c
GET /classic/00/3.png HTTP/1.1
Host: widgets.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newssites4k.onepage.me/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 03:44:52 GMT
content-type: image/png
content-length: 1386
last-modified: Sun, 13 Jun 2010 09:03:09 GMT
etag: "4c149ecd-56a"
expires: Sat, 15 Oct 2022 05:46:11 GMT
cache-control: max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 1893521
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 765297e7efed992a-ARN
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9125
Expires: Sat, 05 Nov 2022 06:16:57 GMT
Date: Sat, 05 Nov 2022 03:44:52 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9125
Expires: Sat, 05 Nov 2022 06:16:57 GMT
Date: Sat, 05 Nov 2022 03:44:52 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9125
Expires: Sat, 05 Nov 2022 06:16:57 GMT
Date: Sat, 05 Nov 2022 03:44:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52bfe915-baee-403a-9240-12d17207ec94.jpeg
200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52bfe915-baee-403a-9240-12d17207ec94.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d12961439cd33c86c7b8041ed9d42321
ddb7b18fae0082ce22d8ffa537c7367e1da404a5
d2cc0f7735f04a07c681eb2eae7c52e9f4c75b6d475b3ad4de587899089850a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52bfe915-baee-403a-9240-12d17207ec94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4662
x-amzn-requestid: 32199e11-d856-4403-ad55-65076eac83ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: amd5UFJQIAMFf-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358dd08-1761126e37ed504e46896b4d;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 07:08:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Nu2uC3we8aHv4ERvh7QcmiErm4Ax-NNmdWFovpdU9Or9DguzrIcn5g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 22:00:38 GMT
age: 20654
etag: "ddb7b18fae0082ce22d8ffa537c7367e1da404a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff202f1f7-a6da-431c-9f04-b00a53780a8c.jpeg
200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff202f1f7-a6da-431c-9f04-b00a53780a8c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 683264508686ad18ae519baac54d3b05
1897c9fcad301764736ab867491beb18526af153
e8beb5d336ca424e36725ab87b98b4dedcf32a5b01c43b9c06363a7be25522fa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff202f1f7-a6da-431c-9f04-b00a53780a8c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5754
x-amzn-requestid: df2c5b88-0444-44b1-81ef-04e565d25b36
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bAS--GiUoAMFTjg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636331f9-0ec90f4d5f0c6fcf2d6e4a8b;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 03:14:01 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7CdkFTu--etXnoftDB8IYx3G6NIDBbKNiomZXVQQpr8et2Qh9yUGoQ==
via: 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 03:37:11 GMT
age: 461
etag: "1897c9fcad301764736ab867491beb18526af153"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe9d0595-2606-4462-8dd8-11c0a267de65.jpeg
200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe9d0595-2606-4462-8dd8-11c0a267de65.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash df11af332512d94d34a88a4671b2fbe1
0db58fda3dec787d0d979f8398d90b2b8d7e2c2f
7c561aed53b57db2039031c79453fc3f7cead944c60dd087487a9998c2df5a30
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe9d0595-2606-4462-8dd8-11c0a267de65.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4413
x-amzn-requestid: b6f0aa99-437e-4e3d-b300-0a0ab1563c42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bGHm_HhVIAMFdUA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6365862c-3eacf2f4114f5ae22a140480;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tfZ_BvuASWOZmTXu843gBNpGSe4T0CUCaymoVUMzYFWaILLZX-vPmg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 22:07:33 GMT
age: 20239
etag: "0db58fda3dec787d0d979f8398d90b2b8d7e2c2f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f29b126-c6e5-4528-8307-e3c7fe12e225.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f29b126-c6e5-4528-8307-e3c7fe12e225.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 308da46611df43543d31ca502986bea2
0bf4de356c3a64785fe116161cb931b3b2476f5d
63996962e2763dcf2e0ae5e43aa12dfd8f8677082bb1cdf63528dfd00404f3e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f29b126-c6e5-4528-8307-e3c7fe12e225.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7619
x-amzn-requestid: 67308248-e660-4294-aafe-5f178970f822
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bGHlcHHfIAMFyGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63658622-5b1ee875554a05eb1e8a6f16;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 21:37:38 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Qn6QTO-5bR2vT6wtmHT2zVZX556_FUz6ImAWK3O8hc8xSJ9XmNM96w==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 21:48:46 GMT
age: 21366
etag: "0bf4de356c3a64785fe116161cb931b3b2476f5d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28a5f5ce-bd81-4e56-bd1b-460e13379581.jpeg
200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28a5f5ce-bd81-4e56-bd1b-460e13379581.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7a3b1551512640bb8f5e7deb80c32272
75805b9f03aef14cfad025259936ae5f217d25ca
5baa90853202e78cf9b59e9ab597e16ccfbf143d7e124583e64dc1ad1ee2c2df
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28a5f5ce-bd81-4e56-bd1b-460e13379581.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7783
x-amzn-requestid: c8f73eac-612d-48e3-a655-41525e97331c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apxM8H7aoAMFT3w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a2f1f-5470c77a30a11b9423f56837;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 07:11:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FLFsF-1gAeN0HiZnS03oNMNajnwk12P-5Aro-QOcQNFtkjknh9g5FA==
via: 1.1 0c04e836dfe22246a870a0f54a2d4746.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 19:19:17 GMT
age: 30335
etag: "75805b9f03aef14cfad025259936ae5f217d25ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bd006407a4ea0fbeec2f1351a71f30bc
d1625420cdc79643e759247b0e9ac89dadfbe956
fd461665ee463fad26300630684a11e3c520485e3b001c2f08439d50589ddbb7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10527
x-amzn-requestid: 1b709c25-8424-49d8-bc0e-dac3fbc154ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apNEzH5ZoAMFWdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359f551-3fb0703f27b571cf7f85e59e;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 03:04:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 9A2gds6rdrlTJCrN3m05Yl3azoOYGCEaCd2OBH8qq21wHR8WgqI3CA==
via: 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 02:50:14 GMT
age: 3278
etag: "d1625420cdc79643e759247b0e9ac89dadfbe956"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
newssites4k.onepage.me/
200 OK 0 B IP
ASN #396982 GOOGLE-CLOUD-PLATFORM
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET / HTTP/1.1
Host: newssites4k.onepage.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Sat, 05 Nov 2022 03:44:50 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: Express
x-envoy-upstream-service-time: 52
x-envoy-decorator-operation: client-manager-service.default.svc.cluster.local:80/*
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
static.onepage.io/font-storage/fonts/manrope/manrope.css
200 OK 0 B URL HTTP/2 static.onepage.io/font-storage/fonts/manrope/manrope.css
IP
GET /font-storage/fonts/manrope/manrope.css HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newssites4k.onepage.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 03:44:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1645
etag: W/"28c1e4cbc0191c338e23805d955c08fe"
last-modified: Wed, 04 May 2022 13:35:33 GMT
x-amz-id-2: Tb/BvtLGOyZltQ3XBmM5QzKeTLe/x1TxYi2Ruf/dKMhslGzOtn6lZWyk619AxAF0nX3pdogjJaA=
x-amz-request-id: K27FJ0QJEHQ7C0ZR
cache-control: max-age=16070400
cf-cache-status: HIT
age: 191177
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PnuuYv6LaW%2BP5%2BZnm%2FXl2E%2Fe8wGuqXH%2BtQrL14P0E%2BPEOTJrovWU0oratXaW0k1h9IG3Ykgn1xAWNIjRaB1psI%2Ft1HTQVTQX4NWowtQGPYRmH4hsmz9NyCMqADHmevSC014z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 765297de9facb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.onepage.io/b/client/1666176905872/modern/js/main.bundle.js
200 OK 0 B URL HTTP/2 static.onepage.io/b/client/1666176905872/modern/js/main.bundle.js
IP
GET /b/client/1666176905872/modern/js/main.bundle.js HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newssites4k.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 03:44:50 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=437579
etag: W/"51528bdd762a09555241f3253bbe5ef9"
last-modified: Wed, 19 Oct 2022 11:00:22 GMT
x-amz-id-2: 7zVQ1YkOAyC8oBeeXPhzZuRD5OXMEU/sYJkH6E35ObWWyJSCyS4Xhvo1vUeK3VA+2n7gYrWS+fg=
x-amz-request-id: BQSB0XRJ2WKHGYE2
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1440301
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2FA9Z0D%2BfiL2FrqAA1dipoHxMgsa%2Br8G60q0tXtOzuslRGfOZV0XawXLQRMoROzk5W8NCHeUN7PVF7vSNZnI7wqmbq0dRkbOf9YUVXewr7Aicr%2F5pc0cD0J5I8T0NGfNRk1S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 765297de9fadb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.onepage.io/umd/react/experimental/react.production.min.js
200 OK 0 B URL HTTP/2 static.onepage.io/umd/react/experimental/react.production.min.js
IP
GET /umd/react/experimental/react.production.min.js HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newssites4k.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 03:44:51 GMT
content-type: application/javascript
x-amz-id-2: FbDSSlVwReN2mkpbvLKmiYR5QoIcKqAnwv0oVeQvDVWqOOUUmBQgaUl/LRf+7eFzPdd2nE4ghnY=
x-amz-request-id: 5SJDMX8ZGK7N46RJ
last-modified: Mon, 21 Dec 2020 12:32:15 GMT
etag: W/"eba6573728f039c397bd316647d53a46"
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1865833
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R6CDJWWUtYXEvbklRjAK8RL4OkHv5uNWQ1xn3JOaj%2FVZl%2F657IzIxe9stvn5%2ByI7Vl8Mh0rmUVVAh2OvqYUDXQBiSOyiI4HxNcsee%2Bh%2B%2Fk%2BWcHXxKWLrJeYb2MHZ9WApX173"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 765297decfc7b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
api-eu.onepage.io/api/v1/stats-service?_collect.event
200 OK 0 B URL HTTP/2 api-eu.onepage.io/api/v1/stats-service?_collect.event
IP
POST /api/v1/stats-service?_collect.event HTTP/1.1
Host: api-eu.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newssites4k.onepage.me/
Content-Type: application/json
Origin: https://newssites4k.onepage.me
Content-Length: 418
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 03:44:51 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
etag: W/"4b-E87aI5LGDa32hG6NztVfHxPYapI"
x-envoy-upstream-service-time: 4
access-control-allow-origin: https://newssites4k.onepage.me
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: Accept, Authorization, Content-Type, Origin, User-Agent, X-REQUEST-ID, X-USER
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wrELLqNZRSj5cLrBjT6ubw314a66BBvMi98Ra8GCiBSifWMu3I9vIe8uQxi08f5T5VsXsjKcs6wKipDBWiRJw%2FhCDQu6lu2lJdQ6ZJXzOsGZs1ACnHnavUCkZtDrtZ7aBi%2Fu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765297e17cd3b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
whos.amung.us/widget/aury1991
307 Temporary Redirect 0 B URL HTTP/2 whos.amung.us/widget/aury1991
IP
GET /widget/aury1991 HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newssites4k.onepage.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Sat, 05 Nov 2022 03:44:52 GMT
content-type: text/html; charset=UTF-8
location: https://widgets.amung.us/classic/00/3.png
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 765297e71fb5992a-ARN
X-Firefox-Spdy: h2
api-eu.onepage.io/api/v1/stats-service?_collect.event
200 OK 0 B URL HTTP/2 api-eu.onepage.io/api/v1/stats-service?_collect.event
IP
POST /api/v1/stats-service?_collect.event HTTP/1.1
Host: api-eu.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newssites4k.onepage.me/
Content-Type: application/json
Origin: https://newssites4k.onepage.me
Content-Length: 414
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 03:44:51 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
etag: W/"4b-U8W1uwR0qEvw5wkrBBGFCiXdIkA"
x-envoy-upstream-service-time: 4
access-control-allow-origin: https://newssites4k.onepage.me
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: Accept, Authorization, Content-Type, Origin, User-Agent, X-REQUEST-ID, X-USER
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ys9HMGga38q9n%2F1dcjmYAqlMzn5ER2wxsyrgrmZ2e7oa5Q05fBWj9ga0HFtGXWT8%2FpaWmO8U9QAhxycWSHx6tWqS38KuFMds%2Bt59ONOqRtK%2Be%2BZaPUtXVAYqcjosN4ZwXIwM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765297e17cd5b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
api-eu.onepage.io/api/v1/stats-service?_collect.event
200 OK 0 B URL HTTP/2 api-eu.onepage.io/api/v1/stats-service?_collect.event
IP
POST /api/v1/stats-service?_collect.event HTTP/1.1
Host: api-eu.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newssites4k.onepage.me/
Content-Type: application/json
Origin: https://newssites4k.onepage.me
Content-Length: 414
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 03:44:52 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
etag: W/"4b-glI757Ctu1oqDSb/iUINVnTwfDI"
x-envoy-upstream-service-time: 4
access-control-allow-origin: https://newssites4k.onepage.me
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: Accept, Authorization, Content-Type, Origin, User-Agent, X-REQUEST-ID, X-USER
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hO%2F4k0veQyS%2Bpw5zQfEScqjv0J3Z4dkhYGazfZi5soV3NHmocIKeK%2FcpeP2gbqmoDCrvaHa%2FG4aYxU11LTiHZ8qyCnpJ3VTbs5jzpUtCukaWhr4vZPzz9yysvMhwo6pNv97d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765297e72f34b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.onepage.io/umd/leaflet/1.3.1/leaflet.css
200 OK 0 B URL HTTP/2 static.onepage.io/umd/leaflet/1.3.1/leaflet.css
IP
GET /umd/leaflet/1.3.1/leaflet.css HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newssites4k.onepage.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 03:44:51 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=10620
etag: W/"bc9d12159cd3502d4178b4d1557ccbcd"
last-modified: Thu, 20 Aug 2020 15:23:52 GMT
x-amz-id-2: WhjbCJqBHm2tb6rs4QMGfwVh5PvHFAP/vZTVDtswpPFGQIbppkePeG/+wzC9/wqooSEpO2nj2vA=
x-amz-request-id: 5SJF57XRPCPY33EK
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1865834
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IkVhj2mGI%2Bs74hJpVcyrsIkEBJMguHkyoI2vdQ%2B7R7vqY5JnAJ6GrLbvQzBa5Lqs9uBSDMhtia9RAQBTxEZoiDJ67wjvCJ2XwpF5lcpq8TCm7wEI12cpU2QP67EczvL83A18"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 765297df5ff5b509-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.onepage.io/umd/lazysizes/5.2.0/lazysizes.min.js
200 OK 0 B URL HTTP/2 static.onepage.io/umd/lazysizes/5.2.0/lazysizes.min.js
IP
GET /umd/lazysizes/5.2.0/lazysizes.min.js HTTP/1.1
Host: static.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newssites4k.onepage.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 03:44:51 GMT
content-type: application/javascript
x-amz-id-2: sEwM+N0b/ugSIFRTJ+s5oGa9s1lqfzFpHPtlzg51UL+5QTs4ZkRH4lFhWPEQk4szHH3JH6FfMLI=
x-amz-request-id: 5SJ2262CK0YPS13Y
last-modified: Thu, 20 Aug 2020 17:34:06 GMT
etag: W/"0812d0f17b90a4aefd97bb91085ad252"
cache-control: max-age=16070400
cf-cache-status: HIT
age: 1865834
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hZS%2BrVXlNddqjpnZ%2Bx5sNx7Dbbk5l0z9PHBXsgjysmYWoaFlPwdR%2Br7%2Fpc4pQJxjip6SiyYSj8JLgdj%2FPvTu8MjAinH5bt%2BTZYp25J81cFlf2R6oi4iwkkiM3PIWg5b17PxW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 765297dfa80ab509-OSL
content-encoding: br
X-Firefox-Spdy: h2
app.onepage.io/favicon_144x144.png
200 OK 0 B URL HTTP/2 app.onepage.io/favicon_144x144.png
IP
GET /favicon_144x144.png HTTP/1.1
Host: app.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://newssites4k.onepage.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 03:44:51 GMT
content-type: text/plain
last-modified: Wed, 19 Oct 2022 11:04:10 GMT
etag: W/"634fd9aa-7f0"
x-envoy-upstream-service-time: 1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mY2heBWoUY%2B5CzOdFmRk3pKzLWwHVJTJBGDFaPunqX9QA7vYDnKVITNDd1cQSwr05jxJYp9QcdvsNfDQ%2BaAC7DTYpKBqcehdLmG9V3YZFkRhP3RXCYuwg%2BsnuEGvki25"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765297e2791cb509-OSL
content-encoding: br
X-Firefox-Spdy: h2
api-eu.onepage.io/api/v1/stats-service?_collect.event
200 OK 0 B URL HTTP/2 api-eu.onepage.io/api/v1/stats-service?_collect.event
IP
POST /api/v1/stats-service?_collect.event HTTP/1.1
Host: api-eu.onepage.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://newssites4k.onepage.me/
Content-Type: application/json
Origin: https://newssites4k.onepage.me
Content-Length: 418
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 03:44:52 GMT
content-type: application/json; charset=utf-8
x-powered-by: Express
etag: W/"4b-uVYOL/mZX+ForblwEXUkjuzwvjk"
x-envoy-upstream-service-time: 4
access-control-allow-origin: https://newssites4k.onepage.me
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: Accept, Authorization, Content-Type, Origin, User-Agent, X-REQUEST-ID, X-USER
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=24A8BgALkXN3t7GgDaymfjt8CREEETEzz3EEDBfsBRP76b%2FS5DXbqrGFYCn8w95Tjh8KTmcOL6NubJHWCrXKf%2BcviiYyUdm86Mx7k7rlugXdne2Ie214ER47xxaCKARtvb6v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765297e72f32b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
34.89.236.29
23.36.76.226
34.160.144.191
142.93.150.145
104.22.75.171
93.184.220.29