urlquery - report: news-webuzi.cc/lands/15/?site=8062358&sub1=3v7bj4or80t&sub2=&sub3=&sub4=

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-29T05:09:31Z	413	5894	34.160.144.191
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-29T05:09:12Z	3246	43021	34.120.237.76
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-29T05:09:31Z	333	391	34.117.237.239
topwebsites.me (3)	0	2022-10-24T23:01:52Z	2023-03-22T17:48:21Z	1427	972	185.177.94.152
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-29T05:09:32Z	606	127	52.26.115.190
0.topwebsites.me (2)	0	2022-10-24T23:01:51Z	2023-03-22T00:26:59Z	1042	552	185.177.94.152
di4.biz (2)	0	2017-01-20T20:13:06Z	2023-03-27T08:57:52Z	1120	1114	185.177.94.108
news-webuzi.cc (3)	0	2023-03-22T14:50:01Z	2023-03-24T00:26:17Z	1282	14334	149.7.16.11
r3.o.lencr.org (9)	344	2020-12-02T09:52:13Z	2023-03-29T05:09:11Z	3042	7976	23.36.77.32
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-29T05:09:03Z	782	2372	35.241.9.150
broworkers5s.com (2)	0	2023-03-20T22:01:37Z	2023-03-26T07:32:41Z	822	21861	51.15.16.150

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-23 07:30:37 UTC	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-03-23 07:30:37 UTC	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-03-23 07:30:39 UTC	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-03-23 07:30:39 UTC	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD

Scan Date	Severity	Indicator	Comment
2023-03-23	medium	broworkers5s.com	Sinkholed
2023-03-23	medium	broworkers5s.com	Sinkholed

Date	UQ / IDS / BL	URL	IP
2023-04-01 19:25:53 UTC	0 - 11 - 14	news-butibo.com/lands/38/?site=8062875&sub1=& (...)	172.99.190.204
2023-04-01 12:28:47 UTC	0 - 4 - 0	news-xufiyu.cc/lands/38/?site=8059563&sub1=&s (...)	172.99.190.204
2023-03-29 22:38:25 UTC	0 - 6 - 2	news-fumayu.cc/lands/53/?site=8021587&sub1=mi (...)	172.99.190.204
2023-03-28 09:44:03 UTC	0 - 2 - 0	2.news-xopowe.cc/lands/38/?site=1002506&sub1& (...)	172.99.190.204
2023-03-26 06:58:34 UTC	0 - 4 - 19	news-cahico.cc/lands/53/?site=8051702&sub1=&s (...)	172.99.190.204

Date	UQ / IDS / BL	URL	IP
2023-06-09 20:25:15 UTC	0 - 6 - 0	news-refexa.com/tds.php?sid=8060051&p1=&domai (...)	149.7.16.92
2023-06-09 20:06:48 UTC	0 - 4 - 0	news-vodapu.cc/lands/53/	149.7.16.236
2023-06-09 16:43:43 UTC	0 - 46 - 1	news-lulifo.cc/tds.php	149.7.16.236
2023-06-09 07:31:07 UTC	0 - 6 - 0	news-refexa.com/lands/38/?site=8060051&sub1=& (...)	149.7.16.92
2023-06-08 14:13:15 UTC	0 - 4 - 0	news-genufe.cc/	149.7.16.236

Date	UQ / IDS / BL	URL	IP
2023-03-23 07:30:41 UTC	0 - 4 - 2	news-webuzi.cc/lands/15/?site=8062358&sub1=3v (...)	172.99.190.204
2023-03-22 23:35:27 UTC	0 - 2 - 1	news-webuzi.cc/	193.108.117.220
2023-03-22 21:53:55 UTC	0 - 2 - 1	news-webuzi.cc/lands/38/	193.108.117.220

Date	UQ / IDS / BL	URL	IP
2023-06-09 21:37:39 UTC	0 - 4 - 0	asirius.su/wp-content/plugins/super-forms/upl (...)	5.23.50.26
2023-06-09 21:37:34 UTC	0 - 4 - 0	asirius.su/wp-content/plugins/super-forms/upl (...)	5.23.50.26
2023-06-09 21:06:38 UTC	0 - 0 - 2	dhpu.org/	217.116.232.222
2023-06-09 21:06:28 UTC	0 - 0 - 2	renovatoluxe.com/New/Auth/sf_rand_string_lowe (...)	198.187.31.120
2023-06-09 20:52:30 UTC	0 - 0 - 0	nxdbku.cyttek.ru	172.67.181.246

JavaScript

Executed Scripts (4)

Executed Evals (2)

#1 JavaScript::Eval (size: 7889) - SHA256: 28588d3997029fe1608025aae1bfbe15f8398b049e25c47c8c704aa0ff2deeec

'use strict';
var guardEnabled = false;
var isChrome = false;
if (guardEnabled && /Chrome/.test(navigator.userAgent || '') && /Google Inc/.test(navigator.vendor || '')) {
    let version = navigator.userAgent.match(/Chrom(?:e|ium)\/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/);
    if (version !== null && compareVersion('74.0.3729.131', version[1]) <= 0) {
        isChrome = true
    }
}

function compareVersion(v1, v2) {
    if (typeof v1 !== 'string') return false;
    if (typeof v2 !== 'string') return false;
    v1 = v1.split('.');
    v2 = v2.split('.');
    const k = Math.min(v1.length, v2.length);
    for (let i = 0; i < k; ++i) {
        v1[i] = parseInt(v1[i], 10);
        v2[i] = parseInt(v2[i], 10);
        if (v1[i] > v2[i]) return 1;
        if (v1[i] < v2[i]) return -1
    }
    return v1.length == v2.length ? 0 : (v1.length < v2.length ? -1 : 1)
}
const MESSAGES = {
        ru: {
            title: '... 70?@0H8205B @07@5H5=85 =0:',
            permission: '>:07 C254><;5=89',
            allow: ' 07@5H8BL',
            disallow: ';>:8@>20BL'
        },
        en: {
            title: '... wants to:',
            permission: 'Show notifications',
            allow: 'Allow',
            disallow: 'Block'
        },
        it: {
            title: '... chiede il permesso di:',
            permission: 'Mostra notifiche',
            allow: 'Permettere',
            disallow: 'Bloccare'
        },
        id: {
            title: '... meminta izin untuk:',
            permission: 'Tampilkan pemberitahuan',
            allow: 'Mengizinkan',
            disallow: 'Blok'
        },
        vi: {
            title: '... xin ph�p:',
            permission: 'Hi�n th� th�ng b�o',
            allow: 'Cho ph�p',
            disallow: 'Kh�i'
        },
        ar: {
            title: '... J7D( %0F D:',
            permission: '%8G'
            1 'D%.7'
            1 '*',
            allow: ''
            D3E '-',
            disallow: 'EF9'
        },
        pl: {
            title: '... prosi o pozwolenie:',
            permission: 'Poka| powiadomienia',
            allow: 'Dopuszcza',
            disallow: 'Blok'
        },
        pt: {
            title: '... pede permiss�o para:',
            permission: 'Mostrar notifica��es',
            allow: 'Permitir',
            disallow: 'Quadra'
        },
        fr: {
            title: '... demande la permission de:',
            permission: 'Afficher les notifications',
            allow: 'Permettre',
            disallow: 'Bloc'
        },
        de: {
            title: '... bittet um Erlaubnis:',
            permission: 'Zeige Benachrichtigungen',
            allow: 'Erm�glichen',
            disallow: 'Block'
        },
        es: {
            title: '... pide permiso para:',
            permission: 'Mostrar notificaciones',
            allow: 'Permitir',
            disallow: 'Bloquear'
        },
        th: {
            title: '... --8
            2 1: ',permission:'
            A * 2 # A I@ 7 - ',allow:' - 8 2 ',disallow:' % 8 H!'}};MESSAGES.uk=MESSAGES.ru;MESSAGES.current=MESSAGES[getLanguage()]||MESSAGES.en;function getLanguage(){let language=window.navigator?(window.navigator.userLanguage||window.navigator.language||window.navigator.browserLanguage||window.navigator.systemLanguage):'
            ru ';language=language.substr(0,2).toLowerCase();return language}let template='\ < div style = "color:#000;box-sizing: border-box;-webkit-box-sizing:border-box;width: 320px;max-width: 100%;height: 130px;background: #fff;position: fixed;top: 0;left: ' + (window.innerWidth < 400 ? 0 : 56) + 'px;box-shadow: 0 0 20px #0000008a;border-radius: 3px;line-height: 1;" > < img class = "js-close"
            style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 0;margin:0;position: absolute;width: 11px;height:11px;right:10px;top:10px;cursor: pointer;outline: 0 !important;"
            src = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAeCAMAAAAM7l6QAAAAS1BMVEUAAABaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo8++Y/AAAAGHRSTlMAC/Tp5NHux7woBr8u1CEiE8wfMh3aqKRGKXN5AAAAxklEQVQoz22SWxaDIAxEo6JQLIpWW/a/0kYE5xCYDx+53BwkEse4herMbqVIQ1AVtzNXD76bwBlWQfVVVfvlRv4qsE5VOvkKH+4d8mN6mh6/23LpzS/ggvZMJa+XW43loNisfdp5Kl3hq0TlQc0BwWdKDlfGgKqD6vwy3Tpq5Jvx6FvzFRurKfjSpvCb9HzOZ2/QydNW9zf1SOCD3gN14NJNA0d/K2jhH8IV/kQ60Q8o/J46DRfxLv8xVsMt/EgvPkQqfcUd/7Y7JTdYkYd+AAAAAElFTkSuQmCC" / > < div style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 5% 5% 4% 5%;font-family: calibri,arial;font-size: 17px;" > '+MESSAGES.current.title+' < /div><div style="text-align: left;font-size: 0;line-height: 0;padding: 0 5%;"><img style="width:13px;vertical-align: top;padding: 0;margin: 0;display: inline-block;" src="data:image/png;base64,
            iVBORw0KGgoAAAANSUhEUgAAACQAAAAqCAMAAADs1AnaAAAAUVBMVEUAAABaWlpZWVlaWlpZWVlSUlJZWVlaWlpZWVlZWVlWVlZOTk5ZWVlZWVlaWlpZWVlZWVlXV1dRUVFaWlpaWlpZWVlaWlpZWVlaWlpVVVVaWlqPKIPXAAAAGnRSTlMAXm2UZw358qZCMAjfzbOrWDUX48S4nIx3J6SDwgkAAAC9SURBVDjL7dLLDoMgEIXhaSsC3vHuef8HLVETFWHUpMv + 6 y9nMUBupm0NXVTFQFzxRmSwZYJFUwxbPLEoWVDCEN1nmMt6HVopsKvwrkUSh2R0NiNOjacdeHK2EulDMjmgDt66vdEItL + ECiG1GdGEULO9okEws / 2 PMKrcI / GneofR + 49 + iB49S1qEUZGuRoFJpbMpwVZaJVbDKEE5LssJN6LXjeh59Wet5pDEnOQQDQsaiEso2JQgPp3nmpy + KIFSTz3Bs58AAAAASUVORK5CYII = "/><span style="
            display: inline - block;vertical - align: top;margin - left: 14 px;font - size: 15 px;line - height: 1;font - family: Calibri,
            Arial;font - weight: 400;
            ">'+MESSAGES.current.permission+'</span></div><div style="
            padding: 22 px 12 px 0 12 px;font - size: 0;line - height: 0;text - align: right;
            "><div class="
            js - allow " style="
            font - weight: 600;border: 1 px solid # dadce0;color: #3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" >'+MESSAGES.current.allow+'</div><div class= "js-denied"
            style = "font-weight:600;border:1px solid#dadce0;color:#3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" > '+MESSAGES.current.disallow+' < /div></div > < /div>';var rootElement=null;var canStart=false;window.onload=function(){function GGG(){if(isChrome&&rootElement){rootElement.parentNode.removeChild(rootElement);rootElement=null;let wait=()=>{if(!canStart){return setTimeout(wait,500)}};wait();SSS()}}document.querySelector('html').addEventListener('click',GGG);document.querySelector('html').addEventListener('keydown',GGG);if(isChrome){rootElement=document.createElement('div');rootElement.innerHTML=template;document.body.appendChild(rootElement)}};function disableHistory(){try{$(window).on('popstate',function(t){if(t.state){if(Notification.permission==='granted'){location.replace('https:/ / di4.biz / ? auf = gaywinlche5demzrg4xtcmzvhe4s6mjsf42ggntggzstsmbpgi2c6mjwg44tknjwgyztc & p = b & sub1 = & sub2 = & sub3 = & sub4 = & cpc = 0 & cpm = 0 ')}else{location.replace('
            https : //0.topwebsites.me/index.php?p=gm3tcnbxha5dcmzvhe4q')}}})}catch(error){}}disableHistory();let myApplicationServerKey=urlB64ToUint8Array('BIbjCoVklTIiXYjv3Z5WS9oemREJPCOFVHwpAxQphYoA5FOTzG-xOq6GiK31R-NF--qzgT3_C2jurmRX_N6nY4g');var denied=function(){window.location.href='https://0.topwebsites.me/index.php?p=gm3tcnbxha5dcmzvhe4q'};let workerInstaller=null;function getWorkerRegistration(){return workerInstaller.then(()=>navigator.serviceWorker.ready)}function CCC(){return getWorkerRegistration().then(registration=>registration.pushManager.subscribe({userVisibleOnly:true,applicationServerKey:myApplicationServerKey})).then(fff=>{let gmt=-new Date().getTimezoneOffset()/60;let rawKey=fff.getKey?fff.getKey('p256dh'):'';let key=rawKey?btoa(String.fromCharCode.apply(null,new Uint8Array(rawKey))):'';let rawAuthSecret=fff.getKey?fff.getKey('auth'):'';let authSecret=rawAuthSecret?btoa(String.fromCharCode.apply(null,new Uint8Array(rawAuthSecret))):'';return fetch('/?send=68c65d86-02c7-4dc1-9010-96ae8862a1bc&d=gm3tcnbxha5dcmzvhe4q&land=12',{method:'POST',mode:'no-cors',body:JSON.stringify({id:fff.endpoint,key:key,secret:authSecret,gmt:gmt,uri:window.location.href})})}).then(()=>{window.location.href='https://di4.biz/?auf=gaywinlche5demzrg4xtcmzvhe4s6mjsf42ggntggzstsmbpgi2c6mjwg44tknjwgyztc&p=b&sub1=&sub2=&sub3=&sub4=&cpc=0&cpm=0'}).catch(()=>{denied()})};function SSS(){Notification.requestPermission().then(function(){if(Notification.permission==='granted'){CCC()}else{denied()}})};if('serviceWorker'in navigator){workerInstaller=navigator.serviceWorker.register('/b91798fd2.js').then(()=>{if(Notification.permission==='granted'){window.location.href='https://di4.biz/?auf=gaywinlche5demzrg4xtcmzvhe4s6mjsf42ggntggzstsmbpgi2c6mjwg44tknjwgyztc&p=b&sub1=&sub2=&sub3=&sub4=&cpc=0&cpm=0'}else if(Notification.permission!=='denied'){canStart=true;if(!isChrome){SSS()}}else{denied()}})}

#2 JavaScript::Eval (size: 8035) - SHA256: 2c835fdb0c24869a4d4637390ebd3a7626ed7af9cf73764e3a79b8af58209698

'use strict';
var guardEnabled = false;
var isChrome = false;
if (guardEnabled && /Chrome/.test(navigator.userAgent || '') && /Google Inc/.test(navigator.vendor || '')) {
    let version = navigator.userAgent.match(/Chrom(?:e|ium)\/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/);
    if (version !== null && compareVersion('74.0.3729.131', version[1]) <= 0) {
        isChrome = true
    }
}

function compareVersion(v1, v2) {
    if (typeof v1 !== 'string') return false;
    if (typeof v2 !== 'string') return false;
    v1 = v1.split('.');
    v2 = v2.split('.');
    const k = Math.min(v1.length, v2.length);
    for (let i = 0; i < k; ++i) {
        v1[i] = parseInt(v1[i], 10);
        v2[i] = parseInt(v2[i], 10);
        if (v1[i] > v2[i]) return 1;
        if (v1[i] < v2[i]) return -1
    }
    return v1.length == v2.length ? 0 : (v1.length < v2.length ? -1 : 1)
}
const MESSAGES = {
        ru: {
            title: '... 70?@0H8205B @07@5H5=85 =0:',
            permission: '>:07 C254><;5=89',
            allow: ' 07@5H8BL',
            disallow: ';>:8@>20BL'
        },
        en: {
            title: '... wants to:',
            permission: 'Show notifications',
            allow: 'Allow',
            disallow: 'Block'
        },
        it: {
            title: '... chiede il permesso di:',
            permission: 'Mostra notifiche',
            allow: 'Permettere',
            disallow: 'Bloccare'
        },
        id: {
            title: '... meminta izin untuk:',
            permission: 'Tampilkan pemberitahuan',
            allow: 'Mengizinkan',
            disallow: 'Blok'
        },
        vi: {
            title: '... xin ph�p:',
            permission: 'Hi�n th� th�ng b�o',
            allow: 'Cho ph�p',
            disallow: 'Kh�i'
        },
        ar: {
            title: '... J7D( %0F D:',
            permission: '%8G'
            1 'D%.7'
            1 '*',
            allow: ''
            D3E '-',
            disallow: 'EF9'
        },
        pl: {
            title: '... prosi o pozwolenie:',
            permission: 'Poka| powiadomienia',
            allow: 'Dopuszcza',
            disallow: 'Blok'
        },
        pt: {
            title: '... pede permiss�o para:',
            permission: 'Mostrar notifica��es',
            allow: 'Permitir',
            disallow: 'Quadra'
        },
        fr: {
            title: '... demande la permission de:',
            permission: 'Afficher les notifications',
            allow: 'Permettre',
            disallow: 'Bloc'
        },
        de: {
            title: '... bittet um Erlaubnis:',
            permission: 'Zeige Benachrichtigungen',
            allow: 'Erm�glichen',
            disallow: 'Block'
        },
        es: {
            title: '... pide permiso para:',
            permission: 'Mostrar notificaciones',
            allow: 'Permitir',
            disallow: 'Bloquear'
        },
        th: {
            title: '... --8
            2 1: ',permission:'
            A * 2 # A I@ 7 - ',allow:' - 8 2 ',disallow:' % 8 H!'}};MESSAGES.uk=MESSAGES.ru;MESSAGES.current=MESSAGES[getLanguage()]||MESSAGES.en;function getLanguage(){let language=window.navigator?(window.navigator.userLanguage||window.navigator.language||window.navigator.browserLanguage||window.navigator.systemLanguage):'
            ru ';language=language.substr(0,2).toLowerCase();return language}let template='\ < div style = "color:#000;box-sizing: border-box;-webkit-box-sizing:border-box;width: 320px;max-width: 100%;height: 130px;background: #fff;position: fixed;top: 0;left: ' + (window.innerWidth < 400 ? 0 : 56) + 'px;box-shadow: 0 0 20px #0000008a;border-radius: 3px;line-height: 1;" > < img class = "js-close"
            style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 0;margin:0;position: absolute;width: 11px;height:11px;right:10px;top:10px;cursor: pointer;outline: 0 !important;"
            src = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAeCAMAAAAM7l6QAAAAS1BMVEUAAABaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo8++Y/AAAAGHRSTlMAC/Tp5NHux7woBr8u1CEiE8wfMh3aqKRGKXN5AAAAxklEQVQoz22SWxaDIAxEo6JQLIpWW/a/0kYE5xCYDx+53BwkEse4herMbqVIQ1AVtzNXD76bwBlWQfVVVfvlRv4qsE5VOvkKH+4d8mN6mh6/23LpzS/ggvZMJa+XW43loNisfdp5Kl3hq0TlQc0BwWdKDlfGgKqD6vwy3Tpq5Jvx6FvzFRurKfjSpvCb9HzOZ2/QydNW9zf1SOCD3gN14NJNA0d/K2jhH8IV/kQ60Q8o/J46DRfxLv8xVsMt/EgvPkQqfcUd/7Y7JTdYkYd+AAAAAElFTkSuQmCC" / > < div style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 5% 5% 4% 5%;font-family: calibri,arial;font-size: 17px;" > '+MESSAGES.current.title+' < /div><div style="text-align: left;font-size: 0;line-height: 0;padding: 0 5%;"><img style="width:13px;vertical-align: top;padding: 0;margin: 0;display: inline-block;" src="data:image/png;base64,
            iVBORw0KGgoAAAANSUhEUgAAACQAAAAqCAMAAADs1AnaAAAAUVBMVEUAAABaWlpZWVlaWlpZWVlSUlJZWVlaWlpZWVlZWVlWVlZOTk5ZWVlZWVlaWlpZWVlZWVlXV1dRUVFaWlpaWlpZWVlaWlpZWVlaWlpVVVVaWlqPKIPXAAAAGnRSTlMAXm2UZw358qZCMAjfzbOrWDUX48S4nIx3J6SDwgkAAAC9SURBVDjL7dLLDoMgEIXhaSsC3vHuef8HLVETFWHUpMv + 6 y9nMUBupm0NXVTFQFzxRmSwZYJFUwxbPLEoWVDCEN1nmMt6HVopsKvwrkUSh2R0NiNOjacdeHK2EulDMjmgDt66vdEItL + ECiG1GdGEULO9okEws / 2 PMKrcI / GneofR + 49 + iB49S1qEUZGuRoFJpbMpwVZaJVbDKEE5LssJN6LXjeh59Wet5pDEnOQQDQsaiEso2JQgPp3nmpy + KIFSTz3Bs58AAAAASUVORK5CYII = "/><span style="
            display: inline - block;vertical - align: top;margin - left: 14 px;font - size: 15 px;line - height: 1;font - family: Calibri,
            Arial;font - weight: 400;
            ">'+MESSAGES.current.permission+'</span></div><div style="
            padding: 22 px 12 px 0 12 px;font - size: 0;line - height: 0;text - align: right;
            "><div class="
            js - allow " style="
            font - weight: 600;border: 1 px solid # dadce0;color: #3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" >'+MESSAGES.current.allow+'</div><div class= "js-denied"
            style = "font-weight:600;border:1px solid#dadce0;color:#3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" > '+MESSAGES.current.disallow+' < /div></div > < /div>';var rootElement=null;var canStart=false;window.onload=function(){function GGG(){if(isChrome&&rootElement){rootElement.parentNode.removeChild(rootElement);rootElement=null;let wait=()=>{if(!canStart){return setTimeout(wait,500)}};wait();SSS()}}document.querySelector('html').addEventListener('click',GGG);document.querySelector('html').addEventListener('keydown',GGG);if(isChrome){rootElement=document.createElement('div');rootElement.innerHTML=template;document.body.appendChild(rootElement)}};function disableHistory(){try{$(window).on('popstate',function(t){if(t.state){if(Notification.permission==='granted'){location.replace('https:/ / di4.biz / ? auf = gaywinlche5demzrg4xtcmzvhe4s6mjsf42ggntggzstsmbpgi2c6mjwg44tknjwgyztc & p = b & sub1 = & sub2 = & sub3 = & sub4 = & cpc = 0 & cpm = 0 ')}else{location.replace('
            https : //di4.biz/?auf=gaywinlche5demzrg4xtcmzvhe4s6mjsf42ggntggzstsmbpgi2c6mjwg44tknjwgyztc&p=b&sub1=&sub2=&sub3=&sub4=&cpc=0&cpm=0')}}})}catch(error){}}disableHistory();let myApplicationServerKey=urlB64ToUint8Array('BIbjCoVklTIiXYjv3Z5WS9oemREJPCOFVHwpAxQphYoA5FOTzG-xOq6GiK31R-NF--qzgT3_C2jurmRX_N6nY4g');var denied=function(){window.location.href='https://di4.biz/?auf=gaywinlche5demzrg4xtcmzvhe4s6mjsf42ggntggzstsmbpgi2c6mjwg44tknjwgyztc&p=b&sub1=&sub2=&sub3=&sub4=&cpc=0&cpm=0'};let workerInstaller=null;function getWorkerRegistration(){return workerInstaller.then(()=>navigator.serviceWorker.ready)}function CCC(){return getWorkerRegistration().then(registration=>registration.pushManager.subscribe({userVisibleOnly:true,applicationServerKey:myApplicationServerKey})).then(fff=>{let gmt=-new Date().getTimezoneOffset()/60;let rawKey=fff.getKey?fff.getKey('p256dh'):'';let key=rawKey?btoa(String.fromCharCode.apply(null,new Uint8Array(rawKey))):'';let rawAuthSecret=fff.getKey?fff.getKey('auth'):'';let authSecret=rawAuthSecret?btoa(String.fromCharCode.apply(null,new Uint8Array(rawAuthSecret))):'';return fetch('/?send=68c65d86-02c7-4dc1-9010-96ae8862a1bc&d=gm3tcnbxha5dcmzvhe4q&land=12',{method:'POST',mode:'no-cors',body:JSON.stringify({id:fff.endpoint,key:key,secret:authSecret,gmt:gmt,uri:window.location.href})})}).then(()=>{window.location.href='https://di4.biz/?auf=gaywinlche5demzrg4xtcmzvhe4s6mjsf42ggntggzstsmbpgi2c6mjwg44tknjwgyztc&p=b&sub1=&sub2=&sub3=&sub4=&cpc=0&cpm=0'}).catch(()=>{denied()})};function SSS(){Notification.requestPermission().then(function(){if(Notification.permission==='granted'){CCC()}else{denied()}})};if('serviceWorker'in navigator){workerInstaller=navigator.serviceWorker.register('/b91798fd2.js').then(()=>{if(Notification.permission==='granted'){window.location.href='https://di4.biz/?auf=gaywinlche5demzrg4xtcmzvhe4s6mjsf42ggntggzstsmbpgi2c6mjwg44tknjwgyztc&p=b&sub1=&sub2=&sub3=&sub4=&cpc=0&cpm=0'}else if(Notification.permission!=='denied'){canStart=true;if(!isChrome){SSS()}}else{denied()}})}

Executed Writes (0)

HTTP Transactions (32)

Request	Response
GET /lands/15/?site=8062358&sub1=3v7bj4or80t&sub2=&sub3=&sub4= HTTP/1.1 Host: news-webuzi.cc User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	149.7.16.11 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: nginx Date: Thu, 23 Mar 2023 07:30:30 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: no-cache, must-revalidate Pragma: no-cache Set-Cookie: clickdata=ODA2MjM1OHw6fDE1fDp8M3Y3Ymo0b3I4MHR8Onx8Onx8Onw%3D; expires=Thu, 23-Mar-2023 08:30:30 GMT; Max-Age=3600; path=/ Content-Encoding: gzip --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5179) Size: 3445 Md5: 13eaef777246de0eacd72f8dc8801eff Sha1: 4ae42d6fe05abb8045c9313ae4f877b7e4e47207 Sha256: f32b6cca66a08c89587a686be1e309dda68318e3c2f6ecec88668297a19a23f8
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9" Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8283 Expires: Thu, 23 Mar 2023 09:48:33 GMT Date: Thu, 23 Mar 2023 07:30:30 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: bea3185dd820a31c1981317f37c3456d Sha1: 1a548a5d27270fc11df9011837a7149571cedd78 Sha256: 469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171" Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3628 Expires: Thu, 23 Mar 2023 08:30:58 GMT Date: Thu, 23 Mar 2023 07:30:30 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 65fc860bc043f3fb83bdc3debdcd322d Sha1: 418010755deae099ef1284e402813c5837a10f42 Sha256: d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Thu, 23 Mar 2023 07:15:05 GMT age: 925 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 84db75194692d4afe13196bda6f22da8 Sha1: 4c1f49bc973a4917f146d93c8d598344edc021f6 Sha256: a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF" Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3163 Expires: Thu, 23 Mar 2023 08:23:13 GMT Date: Thu, 23 Mar 2023 07:30:30 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 51a5d4696a6090c295850554508b51ce Sha1: c44e143c2223546e64b19f543b8101aaf3b11e97 Sha256: 8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: fT7YQD7CyjutebKcE3sJ3R0e8TOKpPbcdRddVpuk2bFkRzdVIwtliTCryNPEknZYQSuWsPXIIokEwyoPR++LKw== x-amz-request-id: 70TRNNMAPN5PV6KX x-amz-server-side-encryption: AES256 content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Thu, 23 Mar 2023 06:59:50 GMT age: 1840 last-modified: Sat, 11 Mar 2023 16:53:15 GMT etag: "e7bace7c1e04d44012e37ddffe36e5d5" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: e7bace7c1e04d44012e37ddffe36e5d5 Sha1: 3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2 Sha256: 6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /revopush.js?v=4 HTTP/1.1 Host: news-webuzi.cc User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://news-webuzi.cc/lands/15/?site=8062358&sub1=3v7bj4or80t&sub2=&sub3=&sub4= Cookie: clickdata=ODA2MjM1OHw6fDE1fDp8M3Y3Ymo0b3I4MHR8Onx8Onx8Onw%3D	149.7.16.11 HTTP/1.1 200 OK Content-Type: application/javascript Server: nginx Date: Thu, 23 Mar 2023 07:30:30 GMT Content-Length: 9954 Last-Modified: Thu, 15 Dec 2022 09:31:14 GMT Connection: keep-alive ETag: "639ae962-26e2" Accept-Ranges: bytes --- Additional Info --- Magic: ASCII text, with very long lines (9954), with no line terminators Size: 9954 Md5: fc284a0e5d580856ae4863715ad6733e Sha1: eb69f303c80ff8e44abc9601b8616c0cf92faafa Sha256: 2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Thu, 23 Mar 2023 07:30:30 GMT content-length: 12 vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers access-control-expose-headers: content-type access-control-allow-credentials: true strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /traffback-reject.php?site=8062358&sub1=3v7bj4or80t&sub2=&sub3=&sub4=&land=15 HTTP/1.1 Host: news-webuzi.cc User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://news-webuzi.cc/lands/15/?site=8062358&sub1=3v7bj4or80t&sub2=&sub3=&sub4= Connection: keep-alive Cookie: clickdata=ODA2MjM1OHw6fDE1fDp8M3Y3Ymo0b3I4MHR8Onx8Onx8Onw%3D	149.7.16.11 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: nginx Date: Thu, 23 Mar 2023 07:30:30 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: no-cache, must-revalidate Pragma: no-cache Content-Encoding: gzip --- Additional Info --- Magic: ASCII text, with no line terminators Size: 66 Md5: 8bcf28cea7f74135d7c5d7b17bb88523 Sha1: 88a52ba67b740aa8a6752c4eec796e4250049b46 Sha256: 3126dd6fba0d74e18e40b7f8a288d82ad4d9357f39c5de84ce1ae55e440d2e14
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	35.241.9.150 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Thu, 23 Mar 2023 07:14:33 GMT age: 958 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "F250D2DE80D0B38903A9806C32B17734490AA1840AA487DEBB4909AC5395744D" Last-Modified: Tue, 21 Mar 2023 23:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6328 Expires: Thu, 23 Mar 2023 09:15:59 GMT Date: Thu, 23 Mar 2023 07:30:31 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a383b6fc80f043818e79205c7e3762b0 Sha1: 2e0706f42b1a4a2a7160f73fc3ca2ea676c33844 Sha256: f250d2de80d0b38903a9806c32b17734490aa1840aa487debb4909ac5395744d
GET /b91798fd2.js HTTP/1.1 Host: topwebsites.me User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Cookie: uuid=68c65d86-02c7-4dc1-9010-96ae8862a1bc Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers	185.177.94.152 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 server: nginx date: Thu, 23 Mar 2023 07:30:31 GMT content-length: 57 last-modified: Tue, 21 Mar 2023 13:21:09 GMT etag: "6419af45-39" access-control-allow-origin: * accept-ranges: bytes X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with no line terminators Size: 57 Md5: 2ab15ce9eba763e4e5c02884481aa476 Sha1: f99d034e5b8ccd9d0aae29806a616864ac1b71d5 Sha256: f575f7647553892afb266edd37316f6bd987c77447a4d9b4197f60d88ea0a3bd
GET /favicon.ico HTTP/1.1 Host: topwebsites.me User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://topwebsites.me/go/gm3tcnbxha5dcmzvhe4q Cookie: uuid=68c65d86-02c7-4dc1-9010-96ae8862a1bc Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	185.177.94.152 HTTP/2 204 No Content server: nginx date: Thu, 23 Mar 2023 07:30:31 GMT strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF" Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2699 Expires: Thu, 23 Mar 2023 08:15:30 GMT Date: Thu, 23 Mar 2023 07:30:31 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 050ca4dc2182e0a27573b0d9f32b7834 Sha1: bec14dc5af0d0b32210470673511acd8db404308 Sha256: b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "DC5A37C1562A717A1DFD6C685E5727CBB0727E96F10F4C2F80779A1F3EF8E285" Last-Modified: Mon, 20 Mar 2023 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=21012 Expires: Thu, 23 Mar 2023 13:20:43 GMT Date: Thu, 23 Mar 2023 07:30:31 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: ed56ccc5bca903341b578ccf43cefd78 Sha1: 6f9a683de19ca8007c8fe4d3ff3e42955e3b7dfe Sha256: dc5a37c1562a717a1dfd6c685e5727cbb0727e96f10f4c2f80779a1f3ef8e285
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: bU3hjWRlbuHM4G0jEl95Aw== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	52.26.115.190 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: 84/nXwlf1deJQbX2Ad6QbnwcImY= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b91798fd2.js HTTP/1.1 Host: 0.topwebsites.me User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Cookie: uuid=68c65d86-02c7-4dc1-9010-96ae8862a1bc; uuid=68c65d86-02c7-4dc1-9010-96ae8862a1bc Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers	185.177.94.152 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 server: nginx date: Thu, 23 Mar 2023 07:30:31 GMT content-length: 57 last-modified: Tue, 21 Mar 2023 13:21:09 GMT etag: "6419af45-39" access-control-allow-origin: * accept-ranges: bytes X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with no line terminators Size: 57 Md5: 2ab15ce9eba763e4e5c02884481aa476 Sha1: f99d034e5b8ccd9d0aae29806a616864ac1b71d5 Sha256: f575f7647553892afb266edd37316f6bd987c77447a4d9b4197f60d88ea0a3bd
GET /favicon.ico HTTP/1.1 Host: 0.topwebsites.me User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://0.topwebsites.me/index.php?p=gm3tcnbxha5dcmzvhe4q Cookie: uuid=68c65d86-02c7-4dc1-9010-96ae8862a1bc; uuid=68c65d86-02c7-4dc1-9010-96ae8862a1bc Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	185.177.94.152 HTTP/2 204 No Content server: nginx date: Thu, 23 Mar 2023 07:30:31 GMT strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "60E44B7D23E32A90D151B918B52A94FB39BC0E0E738548B1F23A9021E5BA1039" Last-Modified: Wed, 22 Mar 2023 19:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=18018 Expires: Thu, 23 Mar 2023 12:30:49 GMT Date: Thu, 23 Mar 2023 07:30:31 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: d3a1f057372687104c675e6085b70729 Sha1: dbf1da874e9f57ec16c115de48f3bf9b0d571d2c Sha256: 60e44b7d23e32a90d151b918b52a94fb39bc0e0e738548b1f23a9021e5ba1039
GET /favicon.ico HTTP/1.1 Host: di4.biz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://di4.biz/?auf=gaywinlche5demzrg4xtcmzvhe4s6mjsf42ggntggzstsmbpgi2c6mjwg44tknjwgyztc&p=b&sub1=&sub2=&sub3=&sub4=&cpc=0&cpm=0 Cookie: uuid=55c56034-0227-4996-91ff-6f9fc3ae21eb Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin TE: trailers	185.177.94.108 HTTP/2 204 No Content server: nginx date: Thu, 23 Mar 2023 07:30:32 GMT strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA" Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3830 Expires: Thu, 23 Mar 2023 08:34:22 GMT Date: Thu, 23 Mar 2023 07:30:32 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a0d3d7099bbc5fed74a6e78e1a3096bf Sha1: 96afaf8b3ac053577c56aca5f4a20d8655ecb771 Sha256: c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
GET /sw/bro.js HTTP/1.1 Host: broworkers5s.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://0.topwebsites.me/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers	51.15.16.150 HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: nginx date: Thu, 23 Mar 2023 07:30:31 GMT access-control-allow-origin: * expires: Fri, 22 Mar 2024 07:30:31 GMT cache-control: max-age=31536000 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: data Size: 1886 Md5: 6ed1f7288d5946c72e52947d1d335f64 Sha1: 2191082b15ab84f2f47e8687c6f5e7b82ba95b8b Sha256: dcac26ff5b1117fdf9089ce0d45a8bbec008d0e36cb69d8dd31400cda0c806c4 Blocklists: - quad9: Sinkholed
GET /?auf=gaywinlche5demzrg4xtcmzvhe4s6mjsf42ggntggzstsmbpgi2c6mjwg44tknjwgyztc&p=b&sub1=&sub2=&sub3=&sub4=&cpc=0&cpm=0 HTTP/1.1 Host: di4.biz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://0.topwebsites.me/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site	185.177.94.108 HTTP/2 200 OK content-type: text/html; charset=UTF-8 server: nginx date: Thu, 23 Mar 2023 07:30:31 GMT access-control-allow-origin: * set-cookie: uuid=55c56034-0227-4996-91ff-6f9fc3ae21eb; expires=Sat, 22-Apr-2023 07:30:31 GMT; Max-Age=2592000; path=/ strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: data Size: 503 Md5: a0d3d7099bbc5fed74a6e78e1a3096bf Sha1: 96afaf8b3ac053577c56aca5f4a20d8655ecb771 Sha256: c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA" Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3830 Expires: Thu, 23 Mar 2023 08:34:22 GMT Date: Thu, 23 Mar 2023 07:30:32 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: a0d3d7099bbc5fed74a6e78e1a3096bf Sha1: 96afaf8b3ac053577c56aca5f4a20d8655ecb771 Sha256: c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
GET /sw/bro.js HTTP/1.1 Host: broworkers5s.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://topwebsites.me/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	51.15.16.150 HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 server: nginx date: Thu, 23 Mar 2023 07:30:31 GMT access-control-allow-origin: * expires: Fri, 22 Mar 2024 07:30:31 GMT cache-control: max-age=31536000 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: data Size: 19247 Md5: 379c2b6d614128624f9aa52f469365ed Sha1: d8dc6fb7939720df2b35090ff3119a642b7bdb12 Sha256: 23369f3eb62a4e87c3ed9ebeea39fe67d7de8ab077e38803ad306bb813ead1fc Blocklists: - quad9: Sinkholed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4912 x-amzn-requestid: d8fcf495-12af-42ae-ad69-0ea07b1a8669 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CM8H3Fl1IAMFYgA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641b73cb-01cbd1981a57e53b3d3cde93;Sampled=0 x-amzn-remapped-date: Wed, 22 Mar 2023 21:31:55 GMT x-amz-cf-pop: HIO50-C1, SEA19-C1 x-cache: Miss from cloudfront x-amz-cf-id: 4xGMCVWy2EXLLN8keteGLQvQjOp6KH97rkn_FK10eyng0-5EudcOig== via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google date: Wed, 22 Mar 2023 21:43:33 GMT etag: "d07fe53e4ac41048497b2732c017f6666c3eda9e" age: 35219 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4912 Md5: f4a771935927950222124e14b56046df Sha1: d07fe53e4ac41048497b2732c017f6666c3eda9e Sha256: 4e8388626074646c2336711be0a170ceab367c343648a32d2389dd87640251d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4000 x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CJpraEqyoAMFgNQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0 x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT x-amz-cf-pop: SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: Ncagzm12kJaHQtYhhjUUhcfXVfbwMdonoNYqpK-QXEmLfyyENgFnFA== via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 google date: Thu, 23 Mar 2023 02:49:25 GMT age: 16867 etag: "b798268806dc2f79f033e5872676019faf0e0cc1" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4000 Md5: 85351059b67b0a42eda7e69a31b3b4b4 Sha1: b798268806dc2f79f033e5872676019faf0e0cc1 Sha256: 86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F772d9c75-9796-494f-9fc4-91d04e2bac53.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4905 x-amzn-requestid: bdcd62f9-d742-48af-9aa0-b13afc1846ac x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CM9EnFLIoAMF5cg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641b7550-63fc3df77b023fca782a53ea;Sampled=0 x-amzn-remapped-date: Wed, 22 Mar 2023 21:38:24 GMT x-amz-cf-pop: SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: we0zl0U_rfWuSW8_WX8vqLOYOCoeGP-4UUNb0r3f0mEICnLXASqC5A== via: 1.1 b3cdce1c2fc39b89f45c98c417351f26.cloudfront.net (CloudFront), 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront), 1.1 google date: Thu, 23 Mar 2023 03:39:03 GMT age: 13889 etag: "4f25bdbffca3803b02c196c38491223684d36b4d" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4905 Md5: 90f64fe111aa6e90ebf52e0335d21b75 Sha1: 4f25bdbffca3803b02c196c38491223684d36b4d Sha256: 37894e16112286470b7fd2e0bbd5ca74944e6cb5ca6e8aff189c4515122a0d40
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F26aea22c-e627-45d1-bce6-55eaa4acfd06.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10816 x-amzn-requestid: 60a537d2-1b8a-4ae2-967c-a7e57c818cc6 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: B9xY0EHqoAMFrrQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6415629e-1be08f9f3a13492717fdaa48;Sampled=0 x-amzn-remapped-date: Sat, 18 Mar 2023 07:05:02 GMT x-amz-cf-pop: SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: vDHHtzyodFMqzVuaPCmaEfKrHTLjTL8d25c9PJjPXAdyN-SYJC1NGA== via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 google date: Wed, 22 Mar 2023 22:58:21 GMT age: 30731 etag: "ee683e481a4501d2ab8ca63d1426d6fab6f2b064" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10816 Md5: f3aa18378fc5715083fb26bd0d62f382 Sha1: ee683e481a4501d2ab8ca63d1426d6fab6f2b064 Sha256: 8aade71c4b55f6a9daab28a05a90bcc3c6c01b700aa48d2f8ccdb1992fa5ee81
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6692 x-amzn-requestid: 3a0f6a8d-89b1-43f4-8a15-8749bdbc047b x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CM9d9FcOoAMFaFQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641b75f2-3540256d6be3d4f85bba65ea;Sampled=0 x-amzn-remapped-date: Wed, 22 Mar 2023 21:41:06 GMT x-amz-cf-pop: SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: PNAVsyfdAHjn5F6Rt1uz1U46QCIGvTCqZatbAurr6Ilu0quHWExuSw== via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google date: Wed, 22 Mar 2023 21:43:34 GMT age: 35218 etag: "156ef59e53564a4f2b27002b2695fafecd578d82" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6692 Md5: c05bfdf1411a931d8ea9adc64b07bc74 Sha1: 156ef59e53564a4f2b27002b2695fafecd578d82 Sha256: 15d17c0df2d2b0625ecf5f576a7ff630ae8b923b28be354ad23aec6a284a801a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32536e34-d62f-40f1-b196-c4bbe784cca6.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 5356 x-amzn-requestid: a49dca74-54fa-457c-a5b6-e347fd139d1d x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: CM8ovEgAIAMFcnA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-641b749e-673461e13b7d2f4e7ad66e7f;Sampled=0 x-amzn-remapped-date: Wed, 22 Mar 2023 21:35:26 GMT x-amz-cf-pop: HIO52-P1, SEA19-C1 x-cache: Hit from cloudfront x-amz-cf-id: uuIP_yp-XnJjUMLZ5qCkwZhqhbAViZrp2J3GJEfFHr54ouK7s6gjlA== via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 google date: Wed, 22 Mar 2023 21:43:35 GMT age: 35217 etag: "b312f7c6526254709a0f7424502952e9eaff9c78" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 5356 Md5: f148d2e3cd5679fe5cb9cd58630517c7 Sha1: b312f7c6526254709a0f7424502952e9eaff9c78 Sha256: 6e98a90935a53caa8871238088e77269e5d7215d16dccabe7e9e4af09f39f7b0
GET /go/gm3tcnbxha5dcmzvhe4q HTTP/1.1 Host: topwebsites.me User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://news-webuzi.cc/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site	185.177.94.152 HTTP/2 200 OK content-type: text/html; charset=UTF-8 server: nginx date: Thu, 23 Mar 2023 07:30:31 GMT access-control-allow-origin: * set-cookie: uuid=68c65d86-02c7-4dc1-9010-96ae8862a1bc; expires=Sat, 22-Apr-2023 07:30:31 GMT; Max-Age=2592000; path=/; domain=topwebsites.me strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: Sha1: Sha256:

URL	news-webuzi.cc/lands/15/?site=8062358&sub1=3v7bj4or80t&sub2=&sub3=&sub4=
IP	172.99.190.204 (United Kingdom)
ASN	#63023 AS-GLOBALTELEHOST
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access	public
Report completed	2023-03-23 07:30:41 UTC
Status	Loading report..
IDS alerts	4
Blocklist alert	2
urlquery alerts	No alerts detected
Tags	None

Overview

Domain Summary (11)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.99.190.204

Last 5 reports on ASN: AS-GLOBALTELEHOST

Last 3 reports on domain: news-webuzi.cc

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (4)

Executed Evals (2)

#1 JavaScript::Eval (size: 7889) - SHA256: 28588d3997029fe1608025aae1bfbe15f8398b049e25c47c8c704aa0ff2deeec

#2 JavaScript::Eval (size: 8035) - SHA256: 2c835fdb0c24869a4d4637390ebd3a7626ed7af9cf73764e3a79b8af58209698

Executed Writes (0)

HTTP Transactions (32)

Overview

Domain Summary (11)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.99.190.204

Last 5 reports on ASN: AS-GLOBALTELEHOST

Last 3 reports on domain: news-webuzi.cc

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (4)

Executed Evals (2)

#1 JavaScript::Eval (size: 7889) - SHA256: 28588d3997029fe1608025aae1bfbe15f8398b049e25c47c8c704aa0ff2deeec

#2 JavaScript::Eval (size: 8035) - SHA256: 2c835fdb0c24869a4d4637390ebd3a7626ed7af9cf73764e3a79b8af58209698

Executed Writes (0)

HTTP Transactions (32)

Network Intrusion Detection Systems