news-cahico.cc/lands/53/?site=8051702&sub1=&sub2=1nmpuo0t03qqp&sub3=&sub4=
193.108.118.106200 OK 7.1 kB URL HTTP/1.1 news-cahico.cc/lands/53/?site=8051702&sub1=&sub2=1nmpuo0t03qqp&sub3=&sub4=
IP 193.108.118.106:0
ASN #61003 GlobalTeleHost Corp.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2071)
Hash dfaeafb4056199acf160044d91971f52
38d04eab1a42058e9709c6776f754bdf311f692a
d30a5c5fb2f3d38ce8cd5ced30ef3cc54d172e386a2c825c570b3ca4e1a1eac5
GET /lands/53/?site=8051702&sub1=&sub2=1nmpuo0t03qqp&sub3=&sub4= HTTP/1.1
Host: news-cahico.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Mar 2023 06:58:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: clickdata=ODA1MTcwMnw6fDUzfDp8fDp8MW5tcHVvMHQwM3FxcHw6fHw6fA%3D%3D; expires=Sun, 26-Mar-2023 07:58:22 GMT; Max-Age=3600; path=/
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5d9435c884bf4a0777fdf4b57079ae09
7f04b9db47ffeec90ac6397416b7553e5336a550
fe77420ec3a11f547cf5172b68d30faa4fe0c13165ae305f0013b02914e61084
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE77420EC3A11F547CF5172B68D30FAA4FE0C13165AE305F0013B02914E61084"
Last-Modified: Sat, 25 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5664
Expires: Sun, 26 Mar 2023 08:32:47 GMT
Date: Sun, 26 Mar 2023 06:58:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfd491ebe7381221b3674c2c8bf9e566
d2ac5badf17f348c28a52e9db10e6eb80e5a231a
34a026664386054b0b73c36cd1ddfce023551ee41963df0e38248bac1e1eb56c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34A026664386054B0B73C36CD1DDFCE023551EE41963DF0E38248BAC1E1EB56C"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18355
Expires: Sun, 26 Mar 2023 12:04:18 GMT
Date: Sun, 26 Mar 2023 06:58:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 26 Mar 2023 06:27:50 GMT
content-type: application/json
age: 1833
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1313ee2f06606d09c45b06ff9e8e1001
285ca89d1d3ea45d35832bc6d9827f834b3bfe21
63463447d29550c3734f621be02ec85290fbdf4612f79f9fad7e94f7e066dcb0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63463447D29550C3734F621BE02EC85290FBDF4612F79F9FAD7E94F7E066DCB0"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12833
Expires: Sun, 26 Mar 2023 10:32:16 GMT
Date: Sun, 26 Mar 2023 06:58:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: g93vgir5CCGlT83KEpY3ypULCMoN6yVv52PkWWrbhiFr5vsaggsGa0ugqPGnh898MGolnPF2HT8=
x-amz-request-id: PGZF5TXZMQ39VBQS
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 26 Mar 2023 06:55:13 GMT
age: 190
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
news-cahico.cc/revopush.js?v=4
193.108.118.106200 OK 10 kB URL HTTP/1.1 news-cahico.cc/revopush.js?v=4
IP 193.108.118.106:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (9954), with no line terminators
Hash fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0
GET /revopush.js?v=4 HTTP/1.1
Host: news-cahico.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-cahico.cc/lands/53/?site=8051702&sub1=&sub2=1nmpuo0t03qqp&sub3=&sub4=
Cookie: clickdata=ODA1MTcwMnw6fDUzfDp8fDp8MW5tcHVvMHQwM3FxcHw6fHw6fA%3D%3D
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Mar 2023 06:58:23 GMT
Content-Type: application/javascript
Content-Length: 9954
Last-Modified: Thu, 15 Dec 2022 09:31:10 GMT
Connection: keep-alive
ETag: "639ae95e-26e2"
Accept-Ranges: bytes
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:23 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
news-cahico.cc/lands/53/css/style.css
193.108.118.106200 OK 6.8 kB URL HTTP/1.1 news-cahico.cc/lands/53/css/style.css
IP 193.108.118.106:0
ASN #61003 GlobalTeleHost Corp.
Hash e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4
GET /lands/53/css/style.css HTTP/1.1
Host: news-cahico.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-cahico.cc/lands/53/?site=8051702&sub1=&sub2=1nmpuo0t03qqp&sub3=&sub4=
Cookie: clickdata=ODA1MTcwMnw6fDUzfDp8fDp8MW5tcHVvMHQwM3FxcHw6fHw6fA%3D%3D
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Mar 2023 06:58:23 GMT
Content-Type: text/css
Content-Length: 6750
Last-Modified: Fri, 20 Aug 2021 13:24:46 GMT
Connection: keep-alive
ETag: "611fad1e-1a5e"
Accept-Ranges: bytes
news-cahico.cc/lands/53/js/device.js
193.108.118.106200 OK 7.4 kB URL HTTP/1.1 news-cahico.cc/lands/53/js/device.js
IP 193.108.118.106:0
ASN #61003 GlobalTeleHost Corp.
File type HTML document, ASCII text
Hash 46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/js/device.js HTTP/1.1
Host: news-cahico.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-cahico.cc/lands/53/?site=8051702&sub1=&sub2=1nmpuo0t03qqp&sub3=&sub4=
Cookie: clickdata=ODA1MTcwMnw6fDUzfDp8fDp8MW5tcHVvMHQwM3FxcHw6fHw6fA%3D%3D
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Mar 2023 06:58:23 GMT
Content-Type: application/javascript
Content-Length: 7364
Last-Modified: Fri, 20 Aug 2021 13:24:46 GMT
Connection: keep-alive
ETag: "611fad1e-1cc4"
Accept-Ranges: bytes
news-cahico.cc/lands/53/images/spinning-circles2.svg
193.108.118.106200 OK 503 B URL HTTP/1.1 news-cahico.cc/lands/53/images/spinning-circles2.svg
IP 193.108.118.106:0
ASN #61003 GlobalTeleHost Corp.
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: news-cahico.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-cahico.cc/lands/53/?site=8051702&sub1=&sub2=1nmpuo0t03qqp&sub3=&sub4=
Cookie: clickdata=ODA1MTcwMnw6fDUzfDp8fDp8MW5tcHVvMHQwM3FxcHw6fHw6fA%3D%3D
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Mar 2023 06:58:23 GMT
Content-Type: image/svg+xml
Content-Length: 503
Last-Modified: Fri, 20 Aug 2021 13:24:46 GMT
Connection: keep-alive
ETag: "611fad1e-1f7"
Accept-Ranges: bytes
news-cahico.cc/traffback-reject.php?site=8051702&sub1=&sub2=1nmpuo0t03qqp&sub3=&sub4=&land=53
193.108.118.106200 OK 48 B URL HTTP/1.1 news-cahico.cc/traffback-reject.php?site=8051702&sub1=&sub2=1nmpuo0t03qqp&sub3=&sub4=&land=53
IP 193.108.118.106:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with no line terminators
Hash 7488b90c17668da8f105f104b966a847
fd5d7f33f644678fe9fe95102be5cadbf8490df7
e4edf1c8bb668be955bd8fdf7298c2e3ffbc5e4a7e7cf6243b641fb1081ca5a6
GET /traffback-reject.php?site=8051702&sub1=&sub2=1nmpuo0t03qqp&sub3=&sub4=&land=53 HTTP/1.1
Host: news-cahico.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://news-cahico.cc/lands/53/?site=8051702&sub1=&sub2=1nmpuo0t03qqp&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA1MTcwMnw6fDUzfDp8fDp8MW5tcHVvMHQwM3FxcHw6fHw6fA%3D%3D
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Mar 2023 06:58:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
news-cahico.cc/lands/53/images/video.gif
193.108.118.106200 OK 500 kB URL HTTP/1.1 news-cahico.cc/lands/53/images/video.gif
IP 193.108.118.106:0
ASN #61003 GlobalTeleHost Corp.
File type GIF image data, version 89a, 320 x 180\012- data
Size 500 kB (500082 bytes)
Hash 2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
GET /lands/53/images/video.gif HTTP/1.1
Host: news-cahico.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://news-cahico.cc/lands/53/?site=8051702&sub1=&sub2=1nmpuo0t03qqp&sub3=&sub4=
Cookie: clickdata=ODA1MTcwMnw6fDUzfDp8fDp8MW5tcHVvMHQwM3FxcHw6fHw6fA%3D%3D
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Mar 2023 06:58:23 GMT
Content-Type: image/gif
Content-Length: 500082
Last-Modified: Fri, 20 Aug 2021 13:24:46 GMT
Connection: keep-alive
ETag: "611fad1e-7a172"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 26 Mar 2023 06:14:35 GMT
age: 2628
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 717ebcc65cb1390c2509851bac7b5878
1e04e3058329f3809bc01022d441172dcacc1aaa
3c8d41efe14dc75e001ce50aae65e133d90bcb2e2f86b2426cefe7abe4c7b588
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C8D41EFE14DC75E001CE50AAE65E133D90BCB2E2F86B2426CEFE7ABE4C7B588"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16604
Expires: Sun, 26 Mar 2023 11:35:08 GMT
Date: Sun, 26 Mar 2023 06:58:24 GMT
Connection: keep-alive
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 315 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash e21b89eb81d19fb916a3e7df30fcef54
4144d101f8b19d3632563b534af47fecc6475589
76ec97a220d852973fab0fa07ae8c37e1c05ea3d894a96d7c46cd12d47ba485d
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 26 Mar 2023 06:58:24 GMT
Content-Type: application/ocsp-response
Content-Length: 315
Connection: keep-alive
Last-Modified: Fri, 24 Mar 2023 22:27:41 GMT
Expires: Fri, 31 Mar 2023 22:27:40 GMT
Etag: "4144d101f8b19d3632563b534af47fecc6475589"
Cache-Control: max-age=487155,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7add81432fa9b50b-OSL
news-nasozu.com/revopush.js?v=4
193.108.118.196200 OK 10 kB URL HTTP/2 news-nasozu.com/revopush.js?v=4
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (9954), with no line terminators
Hash fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0
Analyzer Verdict Alert fortinet Phishing
GET /revopush.js?v=4 HTTP/1.1
Host: news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:24 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:10 GMT
etag: "639ae95e-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-nasozu.com/lands/53/css/style.css
193.108.118.196200 OK 6.8 kB URL HTTP/2 news-nasozu.com/lands/53/css/style.css
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
Hash e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4
GET /lands/53/css/style.css HTTP/1.1
Host: news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:24 GMT
content-type: text/css
content-length: 6750
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1a5e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-nasozu.com/lands/53/images/spinning-circles2.svg
193.108.118.196200 OK 503 B URL HTTP/2 news-nasozu.com/lands/53/images/spinning-circles2.svg
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:24 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.208.13.28101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.208.13.28:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +gN1Kg6q7YoJg1z/eFbGBg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RanHkZFCn9tgKrphwd2dgzGOLRE=
news-nasozu.com/lands/53/js/device.js
193.108.118.196200 OK 7.4 kB URL HTTP/2 news-nasozu.com/lands/53/js/device.js
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
File type HTML document, ASCII text
Hash 46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/js/device.js HTTP/1.1
Host: news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:24 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-nasozu.com/lands/53/images/video.gif
193.108.118.196200 OK 500 kB URL HTTP/2 news-nasozu.com/lands/53/images/video.gif
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
File type GIF image data, version 89a, 320 x 180\012- data
Size 500 kB (500082 bytes)
Hash 2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
GET /lands/53/images/video.gif HTTP/1.1
Host: news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:24 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-7a172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-nasozu.com/sw.js
193.108.118.196200 OK 4.3 kB IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (4286), with no line terminators
Hash 5a725e8f3453d50e7d5105d015eaad7e
60b9e2d121650005f4c0c0e4e01638f3c22f8225
f70f159259ede98f8a95bc29f27b230c3eb9b9fa3099992bc600e1c4656e70c4
Analyzer Verdict Alert fortinet Phishing
GET /sw.js HTTP/1.1
Host: news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:24 GMT
content-type: application/javascript
content-length: 4286
last-modified: Fri, 24 Feb 2023 15:11:00 GMT
etag: "63f8d384-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-nasozu.com/favicon.ico
193.108.118.196200 OK 1.2 kB URL HTTP/2 news-nasozu.com/favicon.ico
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e
GET /favicon.ico HTTP/1.1
Host: news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:24 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 20 Jul 2019 16:00:28 GMT
etag: "5d333a9c-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
151.101.2.217200 OK 20 kB URL HTTP/2 browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP 151.101.2.217:0
File type ASCII text, with very long lines (62031)
Hash 1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44
GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://news-nasozu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Sun, 26 Mar 2023 06:58:24 GMT
age: 5863837
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2
1.news-nasozu.com/revopush.js?v=4
193.108.118.54200 OK 10 kB URL HTTP/2 1.news-nasozu.com/revopush.js?v=4
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (9954), with no line terminators
Hash fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0
GET /revopush.js?v=4 HTTP/1.1
Host: 1.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:17 GMT
etag: "639ae965-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-nasozu.com/lands/53/css/style.css
193.108.118.54200 OK 6.8 kB URL HTTP/2 1.news-nasozu.com/lands/53/css/style.css
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
Hash e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4
GET /lands/53/css/style.css HTTP/1.1
Host: 1.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: text/css
content-length: 6750
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1a5e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-nasozu.com/lands/53/images/spinning-circles2.svg
193.108.118.54200 OK 503 B URL HTTP/2 1.news-nasozu.com/lands/53/images/spinning-circles2.svg
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: 1.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-nasozu.com/lands/53/js/device.js
193.108.118.54200 OK 7.4 kB URL HTTP/2 1.news-nasozu.com/lands/53/js/device.js
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type HTML document, ASCII text
Hash 46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/js/device.js HTTP/1.1
Host: 1.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
1.news-nasozu.com/sw.js
193.108.118.54200 OK 4.3 kB IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (4286), with no line terminators
Hash 5a725e8f3453d50e7d5105d015eaad7e
60b9e2d121650005f4c0c0e4e01638f3c22f8225
f70f159259ede98f8a95bc29f27b230c3eb9b9fa3099992bc600e1c4656e70c4
Analyzer Verdict Alert fortinet Phishing
GET /sw.js HTTP/1.1
Host: 1.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: application/javascript
content-length: 4286
last-modified: Fri, 24 Feb 2023 16:07:44 GMT
etag: "63f8e0d0-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
news-nasozu.com/tds.php?sid=8060072&p1=news-cahico.cc&domain=news-nasozu.com&p2=s8hnpa10430fu&p3=
193.108.118.196302 Found 514 kB URL HTTP/2 news-nasozu.com/tds.php?sid=8060072&p1=news-cahico.cc&domain=news-nasozu.com&p2=s8hnpa10430fu&p3=
IP 193.108.118.196:0
ASN #61003 GlobalTeleHost Corp.
File type gzip compressed data, from Unix\012- data
Size 514 kB (514466 bytes)
Hash 71de769bb58379b4eb3932587b6f02d0
48a305d7f87b0340089ef61d70c262776f2749af
fb88720628e5362495f83ae011a2da5a1a00fd9e732bcb4dd30faae98d4e069e
GET /tds.php?sid=8060072&p1=news-cahico.cc&domain=news-nasozu.com&p2=s8hnpa10430fu&p3= HTTP/1.1
Host: news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://news-cahico.cc/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 26 Mar 2023 06:58:24 GMT
content-type: text/html; charset=UTF-8
location: https://news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
cache-control: no-cache, must-revalidate
pragma: no-cache
X-Firefox-Spdy: h2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
151.101.2.217200 OK 20 kB URL HTTP/2 browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP 151.101.2.217:0
File type ASCII text, with very long lines (62031)
Hash 1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44
GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-nasozu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Sun, 26 Mar 2023 06:58:25 GMT
age: 5863838
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2
1.news-nasozu.com/favicon.ico
193.108.118.54200 OK 1.2 kB URL HTTP/2 1.news-nasozu.com/favicon.ico
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e
GET /favicon.ico HTTP/1.1
Host: 1.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 20 Jul 2019 16:00:28 GMT
etag: "5d333a9c-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5179
Expires: Sun, 26 Mar 2023 08:24:44 GMT
Date: Sun, 26 Mar 2023 06:58:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5179
Expires: Sun, 26 Mar 2023 08:24:44 GMT
Date: Sun, 26 Mar 2023 06:58:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5179
Expires: Sun, 26 Mar 2023 08:24:44 GMT
Date: Sun, 26 Mar 2023 06:58:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5179
Expires: Sun, 26 Mar 2023 08:24:44 GMT
Date: Sun, 26 Mar 2023 06:58:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5179
Expires: Sun, 26 Mar 2023 08:24:44 GMT
Date: Sun, 26 Mar 2023 06:58:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fb4d16c-eef2-49cc-ac24-b125a7d6d9e0.jpeg
34.120.237.76200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fb4d16c-eef2-49cc-ac24-b125a7d6d9e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1ec08d4bd079a92161fc80f41281b5a9
bf61369962342cce85de8f48942b4b150fd2721e
8a8ed12c31d89d71c3cb88f0813ded83939529206461e917dcb0b8bc11abdda4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fb4d16c-eef2-49cc-ac24-b125a7d6d9e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3589
x-amzn-requestid: 9c09af43-79e8-4734-b28b-4194e0bb1e4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1uyE2joAMF50g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f6991-7607d33f6301182b591c56e8;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:37:21 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: pjRA439kqSg5daR_Zuvsf2l45R4oqv3AMWNiMCGQ_C5o2KA8kEd3TQ==
via: 1.1 46673955829b59a6da0ab071e0b7fbea.cloudfront.net (CloudFront), 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:37:21 GMT
etag: "bf61369962342cce85de8f48942b4b150fd2721e"
content-type: image/jpeg
age: 33664
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5a195fab-643a-48cc-8f4e-51e27511b474.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5a195fab-643a-48cc-8f4e-51e27511b474.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8a2437b3c9ab01cd0e2327d4be5c61a
33573e5a6b6c1912702040c6d880c362baf0c3db
2556646c122f89bfce8467d13bf05e68f735373c8c18a33f7258f37f602673cf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5a195fab-643a-48cc-8f4e-51e27511b474.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5424
x-amzn-requestid: b03169ca-0cc0-49f5-b785-5e29d70048cf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1kWGCnIAMFf7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f694e-679415d416cf3b666ec128be;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:36:14 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: cMFdcKw6RZYIg35YKKDuetMlSGtT-g4Kc2L-BHA5s0877l_Gg-PqUw==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:37:07 GMT
etag: "33573e5a6b6c1912702040c6d880c362baf0c3db"
content-type: image/jpeg
age: 33678
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c1b9b23-a69e-4b1e-84d5-d7f840d9e026.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c1b9b23-a69e-4b1e-84d5-d7f840d9e026.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 213ded5820ff11a18bf9c374d5ea86ca
c3b4003e8f2b394ed8ad5e2d33fb04d6458a64c2
d9bbe5babe57b151d133b65eed68acc69ca294df77b22f04857a15a67dd50efa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c1b9b23-a69e-4b1e-84d5-d7f840d9e026.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10327
x-amzn-requestid: 6b71b02f-f694-4dc5-a49d-8246a4ba0e95
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW2BmGzBIAMF6AA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f6a09-028b3d525ba3abe42b19ff0d;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:39:22 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: YHtixWCOatdxyX9UupsWdbdDLqDysgN1WnnPirI7Rw5sE_uRtYR4CQ==
via: 1.1 4b800f7fa2c3fbb9f4f3c505b0df315e.cloudfront.net (CloudFront), 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 22:09:51 GMT
age: 31714
etag: "c3b4003e8f2b394ed8ad5e2d33fb04d6458a64c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd27448b3-5d7d-4249-939a-22a55ff03bfc.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd27448b3-5d7d-4249-939a-22a55ff03bfc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4079fe41a14c57ac6160bdb654f6ef64
99d9cd4a1d423d776284f2d638763ebe33e247ad
218e38cf89853672bb8b24c1c53d58092a75827fb9f7aad02c8e4bbc02d44325
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd27448b3-5d7d-4249-939a-22a55ff03bfc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5916
x-amzn-requestid: 86502622-4d93-4767-a7ab-b963bfc9900b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1kUHgjoAMFmug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f694e-069ef5781ce60e9821010204;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:36:14 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: r9nGZ_sMvuN7uuq8utQofWNeZtbpZfPWOzrNkaBYrmWCV5KUtGzK4w==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:37:07 GMT
age: 33678
etag: "99d9cd4a1d423d776284f2d638763ebe33e247ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c831201ad81f55c63c1b101ce854a810
0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5
c854489720d2ca4a95eef00addda0fcdaf481402d044df7725282654a97eb54a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5556
x-amzn-requestid: 6b050645-14aa-47f7-b4a5-2e27abbe5115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM69eHE3IAMF0Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b71ef-6ab2948e2bf2578f29798372;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:23:59 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: CgU9j02Bnw0UdIwQ3sRCDvJoPitHIAUTRDhLH_PMXYlAPoAwSbv6Iw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 05:35:57 GMT
age: 4948
etag: "0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe04ca104-da87-4364-a700-7fc01e351308.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe04ca104-da87-4364-a700-7fc01e351308.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30183c6c59b8fc603d77773182f50202
8942515b5abe11d1a81b19dcde4b525aa1d26671
d218a7991efd84f78d4ed1925ca943788de99f5b5558440593d648f2965ecfaa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe04ca104-da87-4364-a700-7fc01e351308.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5408
x-amzn-requestid: 15377820-5f38-46a5-aa36-321322cef223
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1hLEFVoAMF7wg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f693a-1329e52e5c1c6ba738a79b2d;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:35:54 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: W7PHCc0jq1nFR55Hd8nBaUqlbnBzmOEYwLNc6p5FXDuBCo8msyq-iQ==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:50:16 GMT
etag: "8942515b5abe11d1a81b19dcde4b525aa1d26671"
content-type: image/jpeg
age: 32889
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
2.news-nasozu.com/revopush.js?v=4
193.108.118.54200 OK 10 kB URL HTTP/2 2.news-nasozu.com/revopush.js?v=4
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (9954), with no line terminators
Hash fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0
GET /revopush.js?v=4 HTTP/1.1
Host: 2.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:17 GMT
etag: "639ae965-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-nasozu.com/lands/53/css/style.css
193.108.118.54200 OK 6.8 kB URL HTTP/2 2.news-nasozu.com/lands/53/css/style.css
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
Hash e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4
GET /lands/53/css/style.css HTTP/1.1
Host: 2.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: text/css
content-length: 6750
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1a5e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-nasozu.com/lands/53/images/spinning-circles2.svg
193.108.118.54200 OK 503 B URL HTTP/2 2.news-nasozu.com/lands/53/images/spinning-circles2.svg
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: 2.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-nasozu.com/lands/53/images/video.gif
193.108.118.54200 OK 500 kB URL HTTP/2 2.news-nasozu.com/lands/53/images/video.gif
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type GIF image data, version 89a, 320 x 180\012- data
Size 500 kB (500082 bytes)
Hash 2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
GET /lands/53/images/video.gif HTTP/1.1
Host: 2.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-7a172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-nasozu.com/lands/53/js/device.js
193.108.118.54200 OK 7.4 kB URL HTTP/2 2.news-nasozu.com/lands/53/js/device.js
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type HTML document, ASCII text
Hash 46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/js/device.js HTTP/1.1
Host: 2.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-nasozu.com/sw.js
193.108.118.54200 OK 4.3 kB IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (4286), with no line terminators
Hash 5a725e8f3453d50e7d5105d015eaad7e
60b9e2d121650005f4c0c0e4e01638f3c22f8225
f70f159259ede98f8a95bc29f27b230c3eb9b9fa3099992bc600e1c4656e70c4
Analyzer Verdict Alert fortinet Phishing
GET /sw.js HTTP/1.1
Host: 2.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: application/javascript
content-length: 4286
last-modified: Fri, 24 Feb 2023 16:07:44 GMT
etag: "63f8e0d0-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
2.news-nasozu.com/favicon.ico
193.108.118.54200 OK 1.2 kB URL HTTP/2 2.news-nasozu.com/favicon.ico
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e
GET /favicon.ico HTTP/1.1
Host: 2.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 20 Jul 2019 16:00:28 GMT
etag: "5d333a9c-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
151.101.2.217200 OK 20 kB URL HTTP/2 browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP 151.101.2.217:0
File type ASCII text, with very long lines (62031)
Hash 1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44
GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-nasozu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Sun, 26 Mar 2023 06:58:25 GMT
age: 5863838
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2
3.news-nasozu.com/revopush.js?v=4
193.108.118.54200 OK 10 kB URL HTTP/2 3.news-nasozu.com/revopush.js?v=4
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (9954), with no line terminators
Hash fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0
GET /revopush.js?v=4 HTTP/1.1
Host: 3.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:17 GMT
etag: "639ae965-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
3.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
193.108.118.54200 OK 14 kB URL HTTP/2 3.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
Hash d0a8d5a6bbc51d5d43c0af079a6bab34
c117323064a50e2bd7415a5adaff5ce868d63220
a090646934daa1aa484e0f0479a075bce08cfef98a30cc483ec7432a31942528
GET /lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4= HTTP/1.1
Host: 3.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.news-nasozu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
set-cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8; expires=Sun, 26-Mar-2023 07:58:26 GMT; Max-Age=3600; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
3.news-nasozu.com/lands/53/images/spinning-circles2.svg
193.108.118.54200 OK 503 B URL HTTP/2 3.news-nasozu.com/lands/53/images/spinning-circles2.svg
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: 3.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
3.news-nasozu.com/lands/53/images/video.gif
193.108.118.54200 OK 500 kB URL HTTP/2 3.news-nasozu.com/lands/53/images/video.gif
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type GIF image data, version 89a, 320 x 180\012- data
Size 500 kB (500082 bytes)
Hash 2e59da03066a7854825901e0c1460b52
8d5aa04f252de7a85b8387051c1321338ac32d32
63412ff22ec2f712d6e82d34889a0a48948523dedd0bfce03bba69a19a9b4433
GET /lands/53/images/video.gif HTTP/1.1
Host: 3.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: image/gif
content-length: 500082
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-7a172"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
3.news-nasozu.com/lands/53/js/device.js
193.108.118.54200 OK 7.4 kB URL HTTP/2 3.news-nasozu.com/lands/53/js/device.js
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type HTML document, ASCII text
Hash 46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/js/device.js HTTP/1.1
Host: 3.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
3.news-nasozu.com/sw.js
193.108.118.54200 OK 4.3 kB IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (4286), with no line terminators
Hash 5a725e8f3453d50e7d5105d015eaad7e
60b9e2d121650005f4c0c0e4e01638f3c22f8225
f70f159259ede98f8a95bc29f27b230c3eb9b9fa3099992bc600e1c4656e70c4
Analyzer Verdict Alert fortinet Phishing
GET /sw.js HTTP/1.1
Host: 3.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: application/javascript
content-length: 4286
last-modified: Fri, 24 Feb 2023 16:07:44 GMT
etag: "63f8e0d0-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
3.news-nasozu.com/favicon.ico
193.108.118.54200 OK 1.2 kB URL HTTP/2 3.news-nasozu.com/favicon.ico
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e
GET /favicon.ico HTTP/1.1
Host: 3.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 20 Jul 2019 16:00:28 GMT
etag: "5d333a9c-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
151.101.2.217200 OK 20 kB URL HTTP/2 browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP 151.101.2.217:0
File type ASCII text, with very long lines (62031)
Hash 1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44
GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-nasozu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Sun, 26 Mar 2023 06:58:26 GMT
age: 5863838
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2
4.news-nasozu.com/revopush.js?v=4
193.108.118.54200 OK 10 kB URL HTTP/2 4.news-nasozu.com/revopush.js?v=4
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (9954), with no line terminators
Hash fc284a0e5d580856ae4863715ad6733e
eb69f303c80ff8e44abc9601b8616c0cf92faafa
2240a1d10744494668058ba210d0d87203609def9fd69d2ac82092ebc79583c0
GET /revopush.js?v=4 HTTP/1.1
Host: 4.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: application/javascript
content-length: 9954
last-modified: Thu, 15 Dec 2022 09:31:17 GMT
etag: "639ae965-26e2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
4.news-nasozu.com/lands/53/css/style.css
193.108.118.54200 OK 6.8 kB URL HTTP/2 4.news-nasozu.com/lands/53/css/style.css
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
Hash e847018357e35201fc307010d2f273d4
dc937966829b556914867618c050d9a071cbff7f
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4
GET /lands/53/css/style.css HTTP/1.1
Host: 4.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: text/css
content-length: 6750
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1a5e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
4.news-nasozu.com/lands/53/images/spinning-circles2.svg
193.108.118.54200 OK 503 B URL HTTP/2 4.news-nasozu.com/lands/53/images/spinning-circles2.svg
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 14e6f9981fa27406176056df2451d27b
aa1b6fd6071391d0031bff2d74ae77347ec2fdb4
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/images/spinning-circles2.svg HTTP/1.1
Host: 4.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: image/svg+xml
content-length: 503
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1f7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
4.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
193.108.118.54200 OK 507 kB URL HTTP/2 4.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
Size 507 kB (507221 bytes)
Hash 33cf062918b52cf4be45ff4b8c405061
c2426cdbfb16f722e7c77ad5ec12f7a8e2076cfd
1baf26e1c0b4979449fb4c3779c933fdb864499835794717216a01227d61e34b
GET /lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4= HTTP/1.1
Host: 4.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.news-nasozu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
set-cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8; expires=Sun, 26-Mar-2023 07:58:26 GMT; Max-Age=3600; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
4.news-nasozu.com/lands/53/js/device.js
193.108.118.54200 OK 7.4 kB URL HTTP/2 4.news-nasozu.com/lands/53/js/device.js
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type HTML document, ASCII text
Hash 46ce7a0522431a9a972b55b01bf0c1f1
263694d7c99de62fb4e9f4e9215ec9df92f16dc2
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033
Analyzer Verdict Alert fortinet Phishing
GET /lands/53/js/device.js HTTP/1.1
Host: 4.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: application/javascript
content-length: 7364
last-modified: Fri, 20 Aug 2021 13:24:46 GMT
etag: "611fad1e-1cc4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
4.news-nasozu.com/sw.js
193.108.118.54200 OK 4.3 kB IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type ASCII text, with very long lines (4286), with no line terminators
Hash 5a725e8f3453d50e7d5105d015eaad7e
60b9e2d121650005f4c0c0e4e01638f3c22f8225
f70f159259ede98f8a95bc29f27b230c3eb9b9fa3099992bc600e1c4656e70c4
Analyzer Verdict Alert fortinet Phishing
GET /sw.js HTTP/1.1
Host: 4.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: application/javascript
content-length: 4286
last-modified: Fri, 24 Feb 2023 16:07:44 GMT
etag: "63f8e0d0-10be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
4.news-nasozu.com/favicon.ico
193.108.118.54200 OK 1.2 kB URL HTTP/2 4.news-nasozu.com/favicon.ico
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 183cab2f5d4582ef71ae37efc8d458dd
7c230eba9c1ce7900ea9bbf53dde00ea068dc995
c96fb13d89231c5a743ca1826064cd884ed4ec629fd66f15c0dbcf173dfbbf3e
GET /favicon.ico HTTP/1.1
Host: 4.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Sat, 20 Jul 2019 16:00:28 GMT
etag: "5d333a9c-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
151.101.2.217200 OK 20 kB URL HTTP/2 browser.sentry-cdn.com/7.19.0/bundle.es5.min.js
IP 151.101.2.217:0
File type ASCII text, with very long lines (62031)
Hash 1c6083f7ae34ed2fa3236569eec9ff56
0c1be1b5468042e65e02c8b886c50d26427c9ce7
2b1d69121eb9dc0629126ff02cf7acef2f1924b32b0bb654792ecd9101e10c44
GET /7.19.0/bundle.es5.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4.news-nasozu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Wed, 17 Jan 2024 10:07:47 GMT
last-modified: Thu, 10 Nov 2022 15:50:35 GMT
etag: "1c6083f7ae34ed2fa3236569eec9ff56"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Sun, 26 Mar 2023 06:58:26 GMT
age: 5863839
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 20174
X-Firefox-Spdy: h2
569g5.webout.life/
136.243.92.2200 OK 1.6 kB IP 136.243.92.2:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash a5a744c18869053a23d228450550ffa9
a6b832477e08354422b7dbeb55c3070fcb165e65
91093b7e6fcfac215ef2046f20843c0ae262ebbf4d15e7a05000a9b218e3722d
GET / HTTP/1.1
Host: 569g5.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4.news-nasozu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:27 GMT
content-type: text/html; charset=UTF-8
content-length: 1565
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2
569g5.webout.life/css/simple/adult.css
136.243.92.2200 OK 1.4 kB URL HTTP/2 569g5.webout.life/css/simple/adult.css
IP 136.243.92.2:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 705203236440ac402d8efd21cf5b028a
8b19f75bfbf0ac0e330492f25575c1bd485ced73
941f2fbf92ab6c4bbdca2b920d21b7e94f5373460fd7c6653c8afd9fe6549c9d
GET /css/simple/adult.css HTTP/1.1
Host: 569g5.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://569g5.webout.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:27 GMT
content-type: text/css
last-modified: Tue, 29 Mar 2022 11:54:01 GMT
etag: W/"6242f359-db2"
expires: Wed, 29 Mar 2023 06:58:27 GMT
cache-control: max-age=259200, public, must_revalidate
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 63ca8c4e17e0b692d1829cd62b9af3af
d0bbecbe0b93ea21026898dbd13edee5fc071cb2
1208545ecf01edb7bcef0b3c288d9edd34d2034c7404ba68a64c2ef251cb42f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 26 Mar 2023 06:58:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b644abd1d83faa6f0327486dae33b18d
cb745aa55db6976159ef31ff8835e2b26fd32109
784e1b0a41a50629890a6fd6f58beb9f3a6eb5ba56aa35c671e5217d839aeeac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 26 Mar 2023 06:58:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b644abd1d83faa6f0327486dae33b18d
cb745aa55db6976159ef31ff8835e2b26fd32109
784e1b0a41a50629890a6fd6f58beb9f3a6eb5ba56aa35c671e5217d839aeeac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 26 Mar 2023 06:58:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://569g5.webout.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:41 GMT
expires: Sat, 23 Mar 2024 10:26:41 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 160306
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://569g5.webout.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:42 GMT
expires: Sat, 23 Mar 2024 10:26:42 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 160305
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
569g5.webout.life/js/jquery.js
136.243.92.2200 OK 181 kB URL HTTP/2 569g5.webout.life/js/jquery.js
IP 136.243.92.2:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (65450), with CRLF line terminators
Size 181 kB (180794 bytes)
Hash 75b7145ce8bf822517240004476aad70
d75842b59ad7928fe894ebcc7b332ceb420c265c
b667dcda1e5570c4301165071f85d3f7aa8305a97d52a261aa4f3157f5c44c1a
GET /js/jquery.js HTTP/1.1
Host: 569g5.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://569g5.webout.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:27 GMT
content-type: application/javascript
last-modified: Tue, 29 Mar 2022 11:54:01 GMT
etag: W/"6242f359-15391"
expires: Wed, 29 Mar 2023 06:58:27 GMT
cache-control: max-age=259200, public, must_revalidate
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b644abd1d83faa6f0327486dae33b18d
cb745aa55db6976159ef31ff8835e2b26fd32109
784e1b0a41a50629890a6fd6f58beb9f3a6eb5ba56aa35c671e5217d839aeeac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 26 Mar 2023 06:58:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
569g5.webout.life/site/set-cache
136.243.92.2200 OK 1 B URL HTTP/2 569g5.webout.life/site/set-cache
IP 136.243.92.2:0
ASN #24940 Hetzner Online GmbH
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /site/set-cache HTTP/1.1
Host: 569g5.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://569g5.webout.life/
Content-Type: application/json
Origin: https://569g5.webout.life
Content-Length: 226
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:27 GMT
content-type: text/html; charset=UTF-8
content-length: 1
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: content-type
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2
2.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
193.108.118.54200 OK 0 B URL HTTP/2 2.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
GET /lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4= HTTP/1.1
Host: 2.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.news-nasozu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
set-cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8; expires=Sun, 26-Mar-2023 07:58:25 GMT; Max-Age=3600; path=/
content-encoding: gzip
X-Firefox-Spdy: h2
2.news-nasozu.com/traffback.php?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=&land=53
193.108.118.54200 OK 0 B URL HTTP/2 2.news-nasozu.com/traffback.php?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=&land=53
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
GET /traffback.php?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=&land=53 HTTP/1.1
Host: 2.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
4.news-nasozu.com/traffback.php?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=&land=53
193.108.118.54200 OK 0 B URL HTTP/2 4.news-nasozu.com/traffback.php?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=&land=53
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
GET /traffback.php?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=&land=53 HTTP/1.1
Host: 4.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://4.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:26 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
172.217.21.170200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700,400i&subset=cyrillic
IP 172.217.21.170:0
GET /css?family=Roboto:300,400,700,400i&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://569g5.webout.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 26 Mar 2023 06:58:27 GMT
date: Sun, 26 Mar 2023 06:58:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
realrb.bid/pushJs/AfiZqyoON.js
46.4.104.244200 OK 0 B URL HTTP/2 realrb.bid/pushJs/AfiZqyoON.js
IP 46.4.104.244:0
ASN #24940 Hetzner Online GmbH
GET /pushJs/AfiZqyoON.js HTTP/1.1
Host: realrb.bid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://569g5.webout.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:27 GMT
content-type: application/javascript
last-modified: Sun, 30 Oct 2022 14:36:06 GMT
etag: W/"635e8bd6-85d6"
expires: Sun, 26 Mar 2023 07:08:27 GMT
cache-control: max-age=600, public, must_revalidate
strict-transport-security: max-age=63072000
content-encoding: br
X-Firefox-Spdy: h2
569g5.webout.life/images/simple/adult/favicon.ico
136.243.92.2200 OK 0 B URL HTTP/2 569g5.webout.life/images/simple/adult/favicon.ico
IP 136.243.92.2:0
ASN #24940 Hetzner Online GmbH
GET /images/simple/adult/favicon.ico HTTP/1.1
Host: 569g5.webout.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://569g5.webout.life/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:27 GMT
content-type: image/x-icon
last-modified: Tue, 29 Mar 2022 11:54:01 GMT
etag: W/"6242f359-47e"
expires: Wed, 29 Mar 2023 06:58:27 GMT
cache-control: max-age=259200, public, must_revalidate
content-encoding: br
X-Firefox-Spdy: h2
mamapus.fun/DDmkjbF7
104.21.57.150302 Found 0 B IP 104.21.57.150:0
Analyzer Verdict Alert fortinet Phishing
GET /DDmkjbF7 HTTP/1.1
Host: mamapus.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://news-cahico.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 26 Mar 2023 06:58:23 GMT
content-type: text/html; charset=UTF-8
location: https://news-nasozu.com/tds.php?sid=8060072&p1=news-cahico.cc&domain=news-nasozu.com&p2=s8hnpa10430fu&p3=
cache-control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
expires: 0
last-modified: Sun, 26 Mar 2023 06:58:23 GMT
pragma: no-cache
set-cookie: _subid=s8hnpa10430fu;Expires=Wednesday, 26-Apr-2023 06:58:23 GMT;Max-Age=2678400;Path=/
_token=uuid_s8hnpa10430fu_s8hnpa10430fu641fed0fa751b9.57458732;Expires=Wednesday, 26-Apr-2023 06:58:23 GMT;Max-Age=2678400;Path=/
330d8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwNzBcIjoxNjc5ODEzOTAzfSxcImNhbXBhaWduc1wiOntcIjIzNVwiOjE2Nzk4MTM5MDN9LFwidGltZVwiOjE2Nzk4MTM5MDN9In0.V-B4d2tD6ByvJjH8IdBz7F12fKdDoP52EUjyd_7M5Js;Expires=Thursday, 18-Jun-2076 13:56:46 GMT;Max-Age=1679900303;Path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XB%2BRim1ArhPWigWWenDyXNv1XMCMZso4RT4JW9V%2FTsSjb2s8vnEYC32KvolJmA4E4F3xwyJfXqQNT8haopUwhpQepNe8hEh0DyevIGR3uB2UmcSMCU4b28b27nAEaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7add8141baeb0b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
1.news-nasozu.com/traffback.php?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=&land=53
193.108.118.54200 OK 0 B URL HTTP/2 1.news-nasozu.com/traffback.php?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=&land=53
IP 193.108.118.54:0
ASN #61003 GlobalTeleHost Corp.
GET /traffback.php?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=&land=53 HTTP/1.1
Host: 1.news-nasozu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1.news-nasozu.com/lands/53/?site=8060072&sub1=news-cahico.cc&sub2=s8hnpa10430fu&sub3=&sub4=
Connection: keep-alive
Cookie: clickdata=ODA2MDA3Mnw6fDUzfDp8bmV3cy1jYWhpY28uY2N8OnxzOGhucGExMDQzMGZ1fDp8fDp8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 26 Mar 2023 06:58:25 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2