Report - go.goodlifestylenews.com/dummyarticleclickers_32024/26e362900356b1f0ab849cc484346480/55/leadsource/2390/1610/f41422652a5122476707c1a72b7208c6/mpmta/news/32024/17

Report Overview

Visited public
2023-12-04 23:55:14
Tags
URL
go.goodlifestylenews.com/dummyarticleclickers_32024/26e362900356b1f0ab849cc484346480/55/leadsource/2390/1610/f41422652a5122476707c1a72b7208c6/mpmta/news/32024/17
Finishing URL
subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
IP / ASN
172.67.172.49
#13335 CLOUDFLARENET
Title
Good Lifestyle News (MP) Flow

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-04 05:09:20	1.0 kB	49 kB	151.101.193.229
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-04 06:26:24	545 B	17 kB	216.58.207.227
s3.us-east-1.amazonaws.com	4041	2005-08-18	2017-11-22 15:47:32	2023-12-01 15:21:35	5.1 kB	1.3 MB	16.182.42.96
www.dropbox.com	1994	1995-06-28	2012-05-21 22:31:28	2023-12-04 12:35:56	1.1 kB	428 kB	162.125.71.18
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-04 07:58:24	449 B	94 kB	142.250.74.72
subscriberwelcome.com	unknown	2022-11-16	2022-11-16 14:05:54	2023-11-27 16:44:56	2.0 kB	2.9 MB	172.67.155.79
uc63e21f52063da7afce2e081878.dl.dropboxusercontent.com	unknown	unknown	No data	No data	1.3 kB	427 kB	162.125.71.15
verifiedwebpage.com	unknown	2022-03-23	2022-03-23 19:03:14	2023-12-04 09:36:50	632 B	1.1 kB	188.114.96.1
go.goodlifestylenews.com	unknown	2020-07-10	2022-06-02 23:11:17	2023-11-26 05:20:40	916 B	1.7 kB	172.67.172.49
subscribe.goodlifestylenews.com	unknown	2020-07-10	2023-01-18 00:53:40	2023-11-26 05:19:50	2.8 kB	17 kB	104.21.30.61
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-04 08:14:01	458 B	34 kB	172.217.21.170
verifiedsecure.org	unknown	2015-12-08	2016-04-06 04:05:11	2023-12-04 05:13:54	882 B	38 kB	104.26.14.168
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-04 06:42:16	455 B	2.7 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-04 23:55:06	high	162.125.71.18	Client IP	ET POLICY Dropbox.com Offsite File Backup in Use
2023-12-04 23:55:07	low	162.125.71.15	Client IP	ET INFO DropBox User Content Download Access over SSL M2

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	goodlifestylenews.com	Sinkholed
2023-12-04	medium	goodlifestylenews.com	Sinkholed
2023-12-04	medium	goodlifestylenews.com	Sinkholed
2023-12-04	medium	goodlifestylenews.com	Sinkholed
2023-12-04	medium	goodlifestylenews.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js	ScriptElement	96 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js IP 172.217.21.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 07:18 Times Seen25105 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	subscribe.goodlifestylenews.com/jquery.caret.js	ScriptElement	2.4 kB	2023-05-08	2024-08-21
Pretty URL subscribe.goodlifestylenews.com/jquery.caret.js IP 104.21.30.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-08 14:36 Last Seen2024-08-21 06:57 Times Seen502 Hash 35c3ec8db4ff6e862db42516436216a1 7d9d7731403868cc34edaad1d9e17311541a6f77 adef482d97f599ba0e720ecf2aba0581ea1591ba1bb1eb271f1d98b279ff81ba Loading...

	subscribe.goodlifestylenews.com/jquery.mobilePhoneNumber.js	ScriptElement	26 kB	2023-05-08	2024-08-21
Pretty URL subscribe.goodlifestylenews.com/jquery.mobilePhoneNumber.js IP 104.21.30.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-08 14:36 Last Seen2024-08-21 07:32 Times Seen504 Hash 0dbbb5873b895ea3be425af219cf85de 7b9dba563376d7dbd1c5b9b7064ab87eadad5591 02cbbdeb2244fd2855c49ab964c15001bde126c21cc5890d176c537878d6152b Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.min.js	ScriptElement	60 kB	2023-03-08	2025-04-29
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:35 Last Seen2025-04-29 17:26 Times Seen795 Hash c5236e5d6a5d0ff97ff8c8e5102c6c03 6fbfdbddbe85c578de559adcc8d07cccbc16d514 87538c4b7e488f5a49d12f98d6a04afc61d00f26a790f319569799acd434eb65 Loading...

	subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d	ScriptElement	152 B	2023-06-01	2024-08-20
Pretty URL subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d IP 104.21.30.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-01 19:31 Last Seen2024-08-20 18:28 Times Seen446 Hash f428121d5a5fef65b4475cd12946bc04 ee95d8f82bdc0b8001fd8ffa74edd84d5640aa87 a27ebc0bf8c54f5e2c909f78d326d964e1555bae0254d575f6511b0dcc92ae12 Loading...

	subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d	ScriptElement	194 B	2023-05-08	2024-08-21
Pretty URL subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d IP 104.21.30.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-08 14:36 Last Seen2024-08-21 06:57 Times Seen501 Hash d7ae17d684ddcfa308369e402855826d d6da811e60cab233619e114e823ab9db7242bd5d e42a64d5a754498cd56f9079fd8e341c480ea2a15a6060e00924814586f8c44f Loading...

	subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d	ScriptElement	641 B	2023-05-08	2024-08-21
Pretty URL subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d IP 104.21.30.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-08 14:36 Last Seen2024-08-21 06:57 Times Seen501 Hash c2855664f7a14ee99090a0366d9d1e03 35ba8e0f5b5181a8df832c0e12774a761d465dda bf66df111d26d4ef5b3e5df0f4df141fe5d7632260cb83308bfed72caf323af0 Loading...

	subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d	ScriptElement	1.3 kB	2024-08-20	2024-08-20
Pretty URL subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d IP 104.21.30.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:45 Last Seen2024-08-20 16:45 Times Seen1 Hash 5c1c7b1aa1e29528c820c77586d22479 22e297deeac83110eee1e5c1900e56ea9ea158e7 8033064c029a7463b7f300ac7d353ea63803c324209a51493934f06b0ed2e663 Loading...

	www.googletagmanager.com/gtag/js?id=G-WJJ5P9F2X8	ScriptElement	280 kB	2023-12-05	2023-12-05
Pretty URL www.googletagmanager.com/gtag/js?id=G-WJJ5P9F2X8 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 00:55 Last Seen2023-12-05 00:55 Times Seen2 Hash 052621e7fd14e0c1b670372491859082 a21b691c1a34a6b8cd337e7ed9dc5ed611a21899 8e8249a2b0081a3dec6d7c2e38202370f774744cf2e3de032ff20bdd7b332ae1 Loading...

HTTP Transactions (33)

URL IP Response Size

go.goodlifestylenews.com/

172.67.172.49

143 B

URL
go.goodlifestylenews.com/
IP
172.67.172.49:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document, ASCII text
Size
143 B (143 bytes)
Hash
f1fb042c62910c34be16ad91cbbd71fa
5bc7aceba9a8704ef4b1d427d7d08b140afcd866
9278d16ed2fdcd5dc651615b0b8adc6b55fb667a9d106a9891b861d4561d9a24

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: go.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 23:54:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 14 Nov 2023 15:41:05 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KALyilgSbNL%2BoLmf8Wvt6MAg%2Fqgd6LFA7TzqHU6SALbTy8axz8uSFjTm0%2F1eAiZHvGNhHfyVgM6S4E2mcLrzpbBJ9VcXTptp0rKL4ZsYBWW8JokMO%2F6hvBRI7ssGGWcqSuGTWl1PkWuQnXU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8307fa434a137131-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d

104.21.30.61

200 OK

7.4 kB

URL User Request GET HTTP/1.1
subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
IP
104.21.30.61:80
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (393)
Size
7.4 kB (7444 bytes)
Hash
623b5a73c69b07032deec3fd33697aa8
5ac6316b11fdc9bae472bc9e35d81902e6a309d7
ac2ae08eccac33ceb7d5a3ed4ebb6c0571c5a6d314188b76c75ebe2d083ed2fb

HTTP Headers

GET /?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d HTTP/1.1
Host: subscribe.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=8abd8bc5aae15982e1ee5466eee43de2
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 23:55:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: X-Requested-With
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=phCyFEhswL5MA5lVziSJRwo3sFjyy5H24LhjBUCXYK9F5HkmPPmLn5d4PRnYNw%2BbfdWVjckxxQ7lx8zwzQes1JbvwFXBVzabNIVecXfQTh6maG5ai9Ajr1G7Ahrkw1kuQAX1LV%2BCxovS0Er%2F3p1tSpNI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8307fa47ccdd56c3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css

151.101.193.229

200 OK

30 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (65305)
Size
30 kB (30336 bytes)
Hash
025df1ec88740cad5ff14bb3380da6dd
7abed070e37ce060c0a561575f1d41a7f248fc74
2143941c03dacda8b4f1016ced6e0c6f34e5c04585a3bcffe33c3c626c448a4a

HTTP Headers

GET /npm/bootstrap@5.2.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://subscribe.goodlifestylenews.com
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.2.2
x-jsd-version-type: version
etag: W/"2f955-er7QcON84GDApWFXXx1Bp/JI/HQ"
content-encoding: br
accept-ranges: bytes
date: Mon, 04 Dec 2023 23:55:00 GMT
age: 22848914
x-served-by: cache-fra-eddf8230072-FRA, cache-bma1668-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 30336
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.min.js

151.101.193.229

200 OK

17 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (60201)
Size
17 kB (17366 bytes)
Hash
c5236e5d6a5d0ff97ff8c8e5102c6c03
6fbfdbddbe85c578de559adcc8d07cccbc16d514
87538c4b7e488f5a49d12f98d6a04afc61d00f26a790f319569799acd434eb65

HTTP Headers

GET /npm/bootstrap@5.2.2/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://subscribe.goodlifestylenews.com
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.2.2
x-jsd-version-type: version
etag: W/"ec40-b7/b3b6FxXjeVZrcyNB8zLwW1RQ"
content-encoding: br
accept-ranges: bytes
date: Mon, 04 Dec 2023 23:55:00 GMT
age: 8447427
x-served-by: cache-fra-etou8220032-FRA, cache-bma1668-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17366
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

172.217.21.170

200 OK

33 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (32086)
Size
33 kB (33434 bytes)
Hash
8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

HTTP Headers

GET /ajax/libs/jquery/1.11.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 20:29:25 GMT
expires: Tue, 03 Dec 2024 20:29:25 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 12335
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-WJJ5P9F2X8

142.250.74.72

200 OK

93 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-WJJ5P9F2X8
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
93 kB (93095 bytes)
Hash
052621e7fd14e0c1b670372491859082
a21b691c1a34a6b8cd337e7ed9dc5ed611a21899
8e8249a2b0081a3dec6d7c2e38202370f774744cf2e3de032ff20bdd7b332ae1

HTTP Headers

GET /gtag/js?id=G-WJJ5P9F2X8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 23:55:00 GMT
expires: Mon, 04 Dec 2023 23:55:00 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93095
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

subscribe.goodlifestylenews.com/jquery.caret.js

104.21.30.61

200 OK

716 B

URL GET HTTP/1.1
subscribe.goodlifestylenews.com/jquery.caret.js
IP
104.21.30.61:80
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d

File type
ASCII text, with CRLF line terminators
Size
716 B (716 bytes)
Hash
35c3ec8db4ff6e862db42516436216a1
7d9d7731403868cc34edaad1d9e17311541a6f77
adef482d97f599ba0e720ecf2aba0581ea1591ba1bb1eb271f1d98b279ff81ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jquery.caret.js HTTP/1.1
Host: subscribe.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Cookie: PHPSESSID=8abd8bc5aae15982e1ee5466eee43de2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 23:55:00 GMT
Content-Type: application/javascript
Content-Length: 716
Connection: keep-alive
Last-Modified: Tue, 21 Feb 2023 09:39:45 GMT
Cache-Control: max-age=2592000
Expires: Wed, 03 Jan 2024 23:55:01 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f84%2FbJ5%2FHqeB5Y7uzMsl6hjzLAzFtTJfyZq5AC5OiP4WmFZ5DcRm%2BmLA64KToq5X%2Flqdh2IYo%2F1UEpH%2B51TfqV%2BRvkM1%2Ft924fxrhu9QCE6IVXXMG4rFlDkn9hzP1uyZ7cl20ogj570KAk1qOCWW4g3N"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8307fa5198b556c3-OSL
alt-svc: h2=":443"; ma=60

subscribe.goodlifestylenews.com/jquery.mobilePhoneNumber.js

104.21.30.61

200 OK

4.4 kB

URL GET HTTP/1.1
subscribe.goodlifestylenews.com/jquery.mobilePhoneNumber.js
IP
104.21.30.61:80
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d

File type
ASCII text
Size
4.4 kB (4430 bytes)
Hash
0dbbb5873b895ea3be425af219cf85de
7b9dba563376d7dbd1c5b9b7064ab87eadad5591
02cbbdeb2244fd2855c49ab964c15001bde126c21cc5890d176c537878d6152b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jquery.mobilePhoneNumber.js HTTP/1.1
Host: subscribe.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Cookie: PHPSESSID=8abd8bc5aae15982e1ee5466eee43de2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 23:55:01 GMT
Content-Type: application/javascript
Content-Length: 4430
Connection: keep-alive
Last-Modified: Tue, 21 Feb 2023 09:39:45 GMT
Cache-Control: max-age=2592000
Expires: Wed, 03 Jan 2024 23:55:01 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JJN5JE1I82zfZ1Df2B%2BXYHZ4TE3APQnhY%2B4yTWVQeOzRxYlF8PSed9IrvkQ%2BJgM5k0%2BI45s2UFe1MRdczE3CPXuuqjrQJv4pAt9BeeMVCJqH8e8iCiJnMLjgtbrwOXerbpnjqsvZNTdmO8MIc%2F2iS%2FAd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8307fa5199da5685-OSL
alt-svc: h2=":443"; ma=60

subscriberwelcome.com/uploads/0.204734001673521892LifeAfterUkraine.jpeg

172.67.155.79

200 OK

400 kB

URL GET HTTP/2
subscriberwelcome.com/uploads/0.204734001673521892LifeAfterUkraine.jpeg
IP
172.67.155.79:443
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerGoogle Trust Services LLC
Subjectsubscriberwelcome.com
FingerprintC6:7F:1F:89:8E:A5:44:AC:06:4D:BF:22:DF:3C:A1:81:D5:ED:C8:12
ValiditySat, 11 Nov 2023 03:06:35 GMT - Fri, 09 Feb 2024 03:06:34 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2550x3300, components 3\012- data
Size
400 kB (400505 bytes)
Hash
b9a9621a927a5b9a9c71fdbb53bf8991
9c4cc398edb33da6a79e62701867cbf7fed4056d
d0342e1b39e1c9b80bfb574b18e0a5d9f9cf00e00ca7cf3b2ce1ded70f3bb9ab

HTTP Headers

GET /uploads/0.204734001673521892LifeAfterUkraine.jpeg HTTP/1.1
Host: subscriberwelcome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:55:01 GMT
content-type: image/jpeg
content-length: 400505
last-modified: Thu, 12 Jan 2023 11:11:32 GMT
cache-control: max-age=2592000
expires: Tue, 26 Dec 2023 04:19:52 GMT
cf-cache-status: HIT
age: 761708
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rlC8MHPNtdp%2FtZK9p2kKAt6a%2BqdnLn5SK8kBG2Znjs1WIjqUYWPyEZhUleRUitrKmQWf4EErhuZPzm%2BnPAMgNnuvhiafsEarSHEbIiGwamvkk3oyVCdHFC8G2KktnyEB10CbCsPCSCg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307fa537869712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

subscriberwelcome.com/uploads/0.4350600016769076711fa4a4d9-a4f8-451c-8bdc-8c541c15cb77.jpg

172.67.155.79

200 OK

144 kB

URL GET HTTP/2
subscriberwelcome.com/uploads/0.4350600016769076711fa4a4d9-a4f8-451c-8bdc-8c541c15cb77.jpg
IP
172.67.155.79:443
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerGoogle Trust Services LLC
Subjectsubscriberwelcome.com
FingerprintC6:7F:1F:89:8E:A5:44:AC:06:4D:BF:22:DF:3C:A1:81:D5:ED:C8:12
ValiditySat, 11 Nov 2023 03:06:35 GMT - Fri, 09 Feb 2024 03:06:34 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 966x1449, components 3\012- data
Size
144 kB (144253 bytes)
Hash
e7eb0da863b2d3ead5846cdc3263a233
138225ea3d8ff08f07b046b858bf46bf2bba2e96
ff19a64983ac2748d6b8361212f1fc41814e1acd0d157ee9c736bbd2a4a03180

HTTP Headers

GET /uploads/0.4350600016769076711fa4a4d9-a4f8-451c-8bdc-8c541c15cb77.jpg HTTP/1.1
Host: subscriberwelcome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:55:01 GMT
content-type: image/jpeg
content-length: 144253
last-modified: Mon, 20 Feb 2023 15:41:11 GMT
cache-control: max-age=2592000
expires: Sun, 31 Dec 2023 20:39:28 GMT
cf-cache-status: HIT
age: 270933
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9hf%2FPahz3a0QcKN9dNyyeuRFDEXsaHhXQxG84w%2F9mnQCbk1%2FsRWaG1yHpo5aP6INSOhq5NsiS%2B4wWM3E8o0K%2BsAa9svIzlXWi8PfO79t9ZusPR7tHtFJFMZ7mgIrT2AJ3bv8KvXbOGI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307fa53e8ae712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

subscriberwelcome.com/uploads/0.1663680016738854302D2(1).jpg

172.67.155.79

200 OK

1.1 MB

URL GET HTTP/2
subscriberwelcome.com/uploads/0.1663680016738854302D2(1).jpg
IP
172.67.155.79:443
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerGoogle Trust Services LLC
Subjectsubscriberwelcome.com
FingerprintC6:7F:1F:89:8E:A5:44:AC:06:4D:BF:22:DF:3C:A1:81:D5:ED:C8:12
ValiditySat, 11 Nov 2023 03:06:35 GMT - Fri, 09 Feb 2024 03:06:34 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.0 (Windows), datetime=2023:01:10 16:36:41], baseline, precision 8, 1800x2700, components 3\012- data
Size
1.1 MB (1114284 bytes)
Hash
b02e84cdcd5a3e55ded5e64dfd307124
bfaad4b8b4b1b1fafffeda314b8868c94e7280c8
d67985993c18e2a7b22a4193c0613a65096b3376d64539feb646739798d2cf5c

HTTP Headers

GET /uploads/0.1663680016738854302D2(1).jpg HTTP/1.1
Host: subscriberwelcome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:55:01 GMT
content-type: image/jpeg
content-length: 1114284
last-modified: Mon, 16 Jan 2023 16:10:30 GMT
cache-control: max-age=2592000
expires: Sun, 31 Dec 2023 20:39:28 GMT
cf-cache-status: HIT
age: 270933
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3hkIkMuTeZIQoUHYXQcEAMSB2xqlPfc4rSgywob3jWH7PMZQnRUu3m1a%2FCBsNMUbhpAYsZ73%2F5i0KtwCrEXpZCriZSAVVcVxhgzrDXp2bUE%2B63QgFbW%2BducXxnX99vMKWq63GQ2v2ME%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307fa53886f712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

subscriberwelcome.com/uploads/0.1721950016738853872D1(1).jpg

172.67.155.79

200 OK

1.3 MB

URL GET HTTP/2
subscriberwelcome.com/uploads/0.1721950016738853872D1(1).jpg
IP
172.67.155.79:443
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerGoogle Trust Services LLC
Subjectsubscriberwelcome.com
FingerprintC6:7F:1F:89:8E:A5:44:AC:06:4D:BF:22:DF:3C:A1:81:D5:ED:C8:12
ValiditySat, 11 Nov 2023 03:06:35 GMT - Fri, 09 Feb 2024 03:06:34 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.0 (Windows), datetime=2023:01:07 00:05:06 DIY-Thermocam raw data\012- (Lepton 2.x), scale 10000-0, spot sensor temperature 0.000000, unit fahrenheit, color scheme 0, calibration: offset 0.000000, slope 795520.062500], baseline, precision 8, 1800x2700, components 3\012- data
Size
1.3 MB (1288007 bytes)
Hash
91e68c3d20f4e55b01fdbaa834b4e4e6
e54e4ea7f042d2124aa1be976a6fe9d708bb4f9f
3cab775e25b68c23b905d547373476f046b0101e7cfdbd6f016e302f5a429988

HTTP Headers

GET /uploads/0.1721950016738853872D1(1).jpg HTTP/1.1
Host: subscriberwelcome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:55:01 GMT
content-type: image/jpeg
content-length: 1288007
last-modified: Mon, 16 Jan 2023 16:09:47 GMT
cache-control: max-age=2592000
expires: Sun, 31 Dec 2023 20:39:28 GMT
cf-cache-status: HIT
age: 270933
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IT%2F63xFIarSMn2lh75Tcy7YUwLut8POwQ9t7bs8ADTsSmAl3gBVeZh5DAGfYAnpPDfbmwj4kFtiMhA0YfaLK3ldD%2BotFjaoEEEil%2BSTGSf%2FZOhFHUj%2BUl%2FKVrzKLmcH%2B2tp0uHs7gvg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307fa53d8a7712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

verifiedsecure.org/uploads/0.442373001673954581K_Sa3Nyg.png

104.26.14.168

302 Found

251 B

URL GET HTTP/1.1
verifiedsecure.org/uploads/0.442373001673954581K_Sa3Nyg.png
IP
104.26.14.168:80
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
251 B (251 bytes)
Hash
73816d82cca56c187674258ec5b7bd5a
cd989502a8b941226bb7e5ddc0ff0b62621e701f
cc2b540f494c9f0eb7c7f31880eec48518729e92ffa9e7081eb70193baa985a5

HTTP Headers

GET /uploads/0.442373001673954581K_Sa3Nyg.png HTTP/1.1
Host: verifiedsecure.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Mon, 04 Dec 2023 23:55:01 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://verifiedsecure.org/uploads/0.442373001673954581K_Sa3Nyg.png
Cache-Control: max-age=14400
Expires: Tue, 05 Dec 2023 00:05:02 GMT
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3yy0FQZE9%2BgPWYPPGE%2Fjsu9nvOxiCtU6Sc%2Bfg4OkIjMJlyTESxVbZwjqK3Das4X4fIjGVWP23D428nIxg2LwqEm5yiFuI7FRl1RjKOUAwCjtwiYYK05M7qz%2Flisdsgkv2c5Yuw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8307fa534f5c1c02-OSL
alt-svc: h2=":443"; ma=60

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://subscribe.goodlifestylenews.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 413847
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

verifiedsecure.org/uploads/0.442373001673954581K_Sa3Nyg.png

104.26.14.168

302 Found

36 kB

URL GET HTTP/1.1
verifiedsecure.org/uploads/0.442373001673954581K_Sa3Nyg.png
IP
104.26.14.168:80
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d

File type
PNG image data, 3369 x 257, 8-bit/color RGBA, non-interlaced\012- data
Size
36 kB (35781 bytes)
Hash
724c1e2ab214eefe0271ee598af8749a
b99bb085dd791488b061c423223318345c590f24
bba2a6dbda4e6833f68c21d84c0f9a09180ae9595b238c982da300cf448ab78c

HTTP Headers

GET /uploads/0.442373001673954581K_Sa3Nyg.png HTTP/1.1
Host: verifiedsecure.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://subscribe.goodlifestylenews.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:55:01 GMT
content-type: image/png
content-length: 35781
last-modified: Tue, 17 Jan 2023 11:23:01 GMT
cache-control: max-age=2592000
expires: Tue, 26 Dec 2023 04:19:54 GMT
cf-cache-status: HIT
age: 761708
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YoOAsmpNtH8mzpqlMHtodPM4Ikb5DgfuRrJE%2FPfwRUFTXvp2kt8ieG%2FQYRv5Vg6D7WFa664z%2FIw%2FWO%2F%2BtfJGIDaYCRDU4sQoECTMIOV0PG%2B8zrLRsefWen%2F8TSWJLdxmGjwGBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307fa561c7256a2-OSL
X-Firefox-Spdy: h2

s3.us-east-1.amazonaws.com/autonewsuploads/Bank.jpg0a40ddf619e4a3ad57e0b7f317e86be716974591564f2c0539f6c695e61cacb24bb387346e

16.182.42.96

200 OK

7.4 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/Bank.jpg0a40ddf619e4a3ad57e0b7f317e86be716974591564f2c0539f6c695e61cacb24bb387346e
IP
16.182.42.96:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 275x183, components 3\012- data
Size
7.4 kB (7411 bytes)
Hash
aefbfa5028cf4f49960baf1f0ac4fb01
bfa2ff78725054e6c544c180b4da32b57450f62b
fa41866d7c80c8076fea67cdc7e643e59c73bbb99a7d410b667b937ae5c6e12e

HTTP Headers

GET /autonewsuploads/Bank.jpg0a40ddf619e4a3ad57e0b7f317e86be716974591564f2c0539f6c695e61cacb24bb387346e HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: pAd/LfkbH/uXGdfU8IRY8Rts5zPoKRmus3rw7EEYFnja6l4LmA7uSrRtiI3unB0ujZeEHCZ5Npg=
x-amz-request-id: EV5J1VC506YD3R2X
Date: Mon, 04 Dec 2023 23:55:02 GMT
Last-Modified: Mon, 16 Oct 2023 12:25:58 GMT
ETag: "aefbfa5028cf4f49960baf1f0ac4fb01"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 7411

s3.us-east-1.amazonaws.com/autonewsuploads/1_UDPtLHUTpusvLU623P8Q4w.jpgfa03f59feb5aafc96914e60f203723bd1701175864706fbe0323bed4fe7bfbea63c80b4bd2

16.182.42.96

200 OK

37 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/1_UDPtLHUTpusvLU623P8Q4w.jpgfa03f59feb5aafc96914e60f203723bd1701175864706fbe0323bed4fe7bfbea63c80b4bd2
IP
16.182.42.96:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=7, orientation=upper-left, xresolution=194, yresolution=202, resolutionunit=2], baseline, precision 8, 700x407, components 3\012- data
Size
37 kB (36685 bytes)
Hash
7dc0970c94d38362656a685966e8c51a
5f84d80b99d5126a08a6b683388f10537a111fa6
3abfc8a4ce739fdad6298c4b77e601bcf668d60e2d88de26b1d0f8977edc9d1e

HTTP Headers

GET /autonewsuploads/1_UDPtLHUTpusvLU623P8Q4w.jpgfa03f59feb5aafc96914e60f203723bd1701175864706fbe0323bed4fe7bfbea63c80b4bd2 HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: R63t8nJu9QqX6tBJHN6lqBdriAf190WVwIqK8FgYp8NW7sEPFBqUMEkXlO6Otn4i+6oZMGbymPU=
x-amz-request-id: EV5TYVR10D8FT29F
Date: Mon, 04 Dec 2023 23:55:02 GMT
Last-Modified: Tue, 28 Nov 2023 12:51:05 GMT
ETag: "7dc0970c94d38362656a685966e8c51a"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 36685

s3.us-east-1.amazonaws.com/autonewsuploads/ezgif-5-47919b4e02.jpgffb0eb30c8d21b616192c59bd9b267b01695206154bb376183b29959874d4a6ac12b7f8c39

16.182.42.96

200 OK

62 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/ezgif-5-47919b4e02.jpgffb0eb30c8d21b616192c59bd9b267b01695206154bb376183b29959874d4a6ac12b7f8c39
IP
16.182.42.96:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, comment: "Converted from WebP to JPG using ezgif.com", baseline, precision 8, 1280x918, components 3\012- data
Size
62 kB (61682 bytes)
Hash
69ffe21ab69a1f498139801e2fc5f354
191bbdbe52cadfe052b4e47b939ad7153b30b7a5
3e0ffd80bd501e99f6b6ba95b9702232a54576fce0335989ad12947e42b68f9a

HTTP Headers

GET /autonewsuploads/ezgif-5-47919b4e02.jpgffb0eb30c8d21b616192c59bd9b267b01695206154bb376183b29959874d4a6ac12b7f8c39 HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: j6QIxJjOoAPLkgTGf18O2NaRCJb7lpUK25sJ1pRcXa7UIsHH8zaSDCyypYHTQEpu3uaxTShmpFA=
x-amz-request-id: EV5Z12468PBHD17R
Date: Mon, 04 Dec 2023 23:55:02 GMT
Last-Modified: Wed, 20 Sep 2023 10:35:55 GMT
ETag: "69ffe21ab69a1f498139801e2fc5f354"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 61682

s3.us-east-1.amazonaws.com/autonewsuploads/oil%20stockkk.jpg0f79d7c6521fdc129b15c3b9aa1c3496168441041164a5612a54233b64b4245e271fc79d2c

16.182.42.96

200 OK

204 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/oil%20stockkk.jpg0f79d7c6521fdc129b15c3b9aa1c3496168441041164a5612a54233b64b4245e271fc79d2c
IP
16.182.42.96:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 1406x874, components 3\012- data
Size
204 kB (203815 bytes)
Hash
6a6adfe1bedc4da72b469a28d4e46116
3de5b170433f48069754754669399303541edd93
78072f4da7459db2a9a896a335a876ccf2b0cbc20b4cd06674bf8ceacf41e499

HTTP Headers

GET /autonewsuploads/oil%20stockkk.jpg0f79d7c6521fdc129b15c3b9aa1c3496168441041164a5612a54233b64b4245e271fc79d2c HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: R1ppEnKSL7uecCxe1lYL2pu2NmeCdiVcSndM/rM/guP78WoN0irsss7KjxaWh7ovgAbNYQT2t1E=
x-amz-request-id: EV5QAGDJJ0C03TW8
Date: Mon, 04 Dec 2023 23:55:02 GMT
Last-Modified: Thu, 18 May 2023 11:46:53 GMT
ETag: "6a6adfe1bedc4da72b469a28d4e46116"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 203815

s3.us-east-1.amazonaws.com/autonewsuploads/brain-question-mark-alzheimer-s-dementia.jpgd3b9145894056faa4166415e15d2be961694430315df6c7fe88b91f8023a79c5227f87ce7d

16.182.42.96

200 OK

57 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/brain-question-mark-alzheimer-s-dementia.jpgd3b9145894056faa4166415e15d2be961694430315df6c7fe88b91f8023a79c5227f87ce7d
IP
16.182.42.96:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 910x411, components 3\012- data
Size
57 kB (56708 bytes)
Hash
e74025bd2eecb8252ceac3a05afebc14
4755887ea49ca99ffa88969ba3cfe477964bb657
9f6e0e7c57d4d0e44e8f78f3e869bdae21018fada51f0aebd517b7d1ddb4ad8f

HTTP Headers

GET /autonewsuploads/brain-question-mark-alzheimer-s-dementia.jpgd3b9145894056faa4166415e15d2be961694430315df6c7fe88b91f8023a79c5227f87ce7d HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: N5Gq3LLWGGM6UkflYKtpU8cGE81cDkeRSt/4jLW/vJ67nmyBfDr+0j+j+y+oarR0Xh6a4VFNeGY=
x-amz-request-id: EV5TYA2M8WAGEWH1
Date: Mon, 04 Dec 2023 23:55:02 GMT
Last-Modified: Mon, 11 Sep 2023 11:05:16 GMT
ETag: "e74025bd2eecb8252ceac3a05afebc14"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 56708

s3.us-east-1.amazonaws.com/autonewsuploads/Pain.jpgdc109b002c390d3333aeb8ed25f423381697713046c394d3bafefd79d3e47b28186ccf892b

16.182.42.96

200 OK

5.5 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/Pain.jpgdc109b002c390d3333aeb8ed25f423381697713046c394d3bafefd79d3e47b28186ccf892b
IP
16.182.42.96:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 259x194, components 3\012- data
Size
5.5 kB (5455 bytes)
Hash
f925a32a84eb8a6b3302437703102009
4ad5b8c0f159ff9cf76edbe932c5675eac845663
277d5d412a0e6d9691818b66f7455e65cea84f71f4b08efe9aef0b0a82281ecf

HTTP Headers

GET /autonewsuploads/Pain.jpgdc109b002c390d3333aeb8ed25f423381697713046c394d3bafefd79d3e47b28186ccf892b HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: /wqzRMzBeNM4rfohigPugbhjhpDfKltxXg5KiDa2FlJ/sKRPlki/IegLXQBzOhrs/U33FoWgmz0=
x-amz-request-id: EV5ZHMR2QF8ZGP70
Date: Mon, 04 Dec 2023 23:55:02 GMT
Last-Modified: Thu, 19 Oct 2023 10:57:25 GMT
ETag: "f925a32a84eb8a6b3302437703102009"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 5455

s3.us-east-1.amazonaws.com/autonewsuploads/6942088868_1268d22cc6_b.jpg64ae2dee0d573a126daead9ca43b45a71701175677a0a6fd4a7d678dc4b10a8b0a442d79d3

16.182.42.96

200 OK

134 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/6942088868_1268d22cc6_b.jpg64ae2dee0d573a126daead9ca43b45a71701175677a0a6fd4a7d678dc4b10a8b0a442d79d3
IP
16.182.42.96:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 1023x819, components 3\012- data
Size
134 kB (134207 bytes)
Hash
becdf93dc43f24fb0ff3f43e2b90fd2e
4345bb2bbd92eee71e9cf26a2043255de44e80b5
61ce6d67e1a594135330a6a8a1f17ff27d0adbfe00d7dd32fc0cdb8644fdaa22

HTTP Headers

GET /autonewsuploads/6942088868_1268d22cc6_b.jpg64ae2dee0d573a126daead9ca43b45a71701175677a0a6fd4a7d678dc4b10a8b0a442d79d3 HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: m3vTPEkJTu/IfksjTjXQd0vVxDYor5HOCmGzlQiDpwj/xFbUgwcGAJyGTBu9r1bknenR3l2DJes=
x-amz-request-id: EV5W4HWJQD04NYXT
Date: Mon, 04 Dec 2023 23:55:02 GMT
Last-Modified: Tue, 28 Nov 2023 12:47:59 GMT
ETag: "becdf93dc43f24fb0ff3f43e2b90fd2e"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 134207

s3.us-east-1.amazonaws.com/autonewsuploads/44579666601_42d8534793_b.jpg7f20bb04d7172eee0a908a14e79933fd170004983415442e74691c82db8b712aecd73961fa

16.182.42.96

200 OK

270 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/44579666601_42d8534793_b.jpg7f20bb04d7172eee0a908a14e79933fd170004983415442e74691c82db8b712aecd73961fa
IP
16.182.42.96:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 56x56, segment length 16, baseline, precision 8, 1024x586, components 3\012- data
Size
270 kB (269886 bytes)
Hash
d5c34e173a5ca5387e2e3613874af0bd
61a399dd3e4a66284c6a0245f61cb18bab531e6e
13683ee8262e8789b60daeb8801acbc27efc650d707c0d98521c1bf3d641830e

HTTP Headers

GET /autonewsuploads/44579666601_42d8534793_b.jpg7f20bb04d7172eee0a908a14e79933fd170004983415442e74691c82db8b712aecd73961fa HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: WOa5p5oq2mlsZLLB2J60uLO/lxLjTUsNuqqzs5eXXbvSYEiYk+Mu9/XDaCXSv4pF+sN/QAnT+rU=
x-amz-request-id: EV5PPSDJ7B1MAJ28
Date: Mon, 04 Dec 2023 23:55:02 GMT
Last-Modified: Wed, 15 Nov 2023 12:03:52 GMT
ETag: "d5c34e173a5ca5387e2e3613874af0bd"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 269886

s3.us-east-1.amazonaws.com/autonewsuploads/a-stirring-depiction-of-elon-musk-clad-in-classic-mma-gear-throwing-a-punch-wi-itmc4evu.jpeg933bd6b557d44afce69efb0cfe2d4737170074687213b948a933c643954c82d8a78828e16c

16.182.42.96

200 OK

551 kB

URL GET HTTP/1.1
s3.us-east-1.amazonaws.com/autonewsuploads/a-stirring-depiction-of-elon-musk-clad-in-classic-mma-gear-throwing-a-punch-wi-itmc4evu.jpeg933bd6b557d44afce69efb0cfe2d4737170074687213b948a933c643954c82d8a78828e16c
IP
16.182.42.96:443
ASN
#0

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerAmazon
Subjects3.amazonaws.com
FingerprintA6:0A:22:E1:56:35:ED:0D:1D:46:99:79:4D:17:07:70:1F:EE:1D:B6
ValidityTue, 10 Oct 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
JPEG image data, progressive, precision 8, 4368x2448, components 3\012- data
Size
551 kB (551284 bytes)
Hash
38f25a132b00ce95958ffe1a19a73b4d
d1d0eb23050fe77cfd735bc419e1e9c68ebaa7a7
6199885a9e56d247710d81b2d1b1acf8b1259e46120b2f384e5ffaa146334985

HTTP Headers

GET /autonewsuploads/a-stirring-depiction-of-elon-musk-clad-in-classic-mma-gear-throwing-a-punch-wi-itmc4evu.jpeg933bd6b557d44afce69efb0cfe2d4737170074687213b948a933c643954c82d8a78828e16c HTTP/1.1
Host: s3.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: NTl7TBZp28KRrIFJSkuBUGcVFnUir/cvSBb86rwHfO0X2G3xTHWo7pu10wPiVBJqUnCBh50x+0A=
x-amz-request-id: EV5Q03TGMZG99DR9
Date: Mon, 04 Dec 2023 23:55:02 GMT
Last-Modified: Thu, 23 Nov 2023 13:41:14 GMT
ETag: "38f25a132b00ce95958ffe1a19a73b4d"
x-amz-storage-class: REDUCED_REDUNDANCY
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 551284

subscribe.goodlifestylenews.com/favicon.ico

104.21.30.61

404 Not Found

238 B

URL GET HTTP/1.1
subscribe.goodlifestylenews.com/favicon.ico
IP
104.21.30.61:80
ASN
#13335 CLOUDFLARENET

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: subscribe.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Cookie: PHPSESSID=8abd8bc5aae15982e1ee5466eee43de2; _ga_WJJ5P9F2X8=GS1.1.1701734107.1.0.1701734107.0.0.0; _ga=GA1.1.2065894159.1701734107
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 04 Dec 2023 23:55:02 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dTLB%2BEkX%2FJF7BAyEC8kfjwncuUpqMj0E05OMkBpajqDO5VENAj0QYjr89oIev%2BBCQQOvY8HMECTEbONDCW6pgCAjyUvK7zrkTDwcvMQc2RAnn%2BvKmRgrv5CGuSsRFR7KKYlIs0LXHqgFkj%2FiTF9DtLlY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8307fa5a2d695685-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

uc63e21f52063da7afce2e081878.dl.dropboxusercontent.com/cd/0/get/CIwoq-O7VYvbTqDmCO18tX2wwWvfd7cK_6lwP-P9i90RARBm5tbtVs62mx9BQ5c-cOPoJ82n5f6sccGvA8DRM6YDZiaw9VnVD1Lhwoe3ZHJWPWYgC6zOhPwb0FRbtwj2bNSystrPWY1P2o_lTaIV7ZFU/file?dl=1

162.125.71.15

213 kB

URL
uc63e21f52063da7afce2e081878.dl.dropboxusercontent.com/cd/0/get/CIwoq-O7VYvbTqDmCO18tX2wwWvfd7cK_6lwP-P9i90RARBm5tbtVs62mx9BQ5c-cOPoJ82n5f6sccGvA8DRM6YDZiaw9VnVD1Lhwoe3ZHJWPWYgC6zOhPwb0FRbtwj2bNSystrPWY1P2o_lTaIV7ZFU/file?dl=1
IP
162.125.71.15:0
ASN
#19679 DROPBOX

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size
213 kB (212787 bytes)
Hash
670520755720fa053a763b3c20791e04
7dc82546a7444f1e3ed621b703024e560869fb67
eb16e6d2538f2306436b16cb9df8141305667c8c85bccea6be19ce148f1e23d0

HTTP Headers

GET /cd/0/get/CIwoq-O7VYvbTqDmCO18tX2wwWvfd7cK_6lwP-P9i90RARBm5tbtVs62mx9BQ5c-cOPoJ82n5f6sccGvA8DRM6YDZiaw9VnVD1Lhwoe3ZHJWPWYgC6zOhPwb0FRbtwj2bNSystrPWY1P2o_lTaIV7ZFU/file?dl=1 HTTP/1.1
Host: uc63e21f52063da7afce2e081878.dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://subscribe.goodlifestylenews.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename="BidenBucks07#7.jpg"; filename*=UTF-8''BidenBucks07%237.jpg
content-security-policy: sandbox
etag: 1675266162900395d
pragma: public
referrer-policy: no-referrer
vary: Origin
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow, noimageindex
x-server-response-time: 230
x-webkit-csp: sandbox
content-type: application/binary
date: Mon, 04 Dec 2023 23:55:02 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 212787
x-dropbox-response-origin: far_remote
x-dropbox-request-id: f732d7c8b0774a74ab03affc103d6d40
X-Firefox-Spdy: h2

verifiedwebpage.com/go?ehash=26e362900356b1f0ab849cc484346480&product=35341&ar=55&cid=2390&lid=1610&slhash=f41422652a5122476707c1a72b7208c6&redirect_id=32024&bid=17

188.114.96.1

302 Found

0 B

URL User Request GET HTTP/2
verifiedwebpage.com/go?ehash=26e362900356b1f0ab849cc484346480&product=35341&ar=55&cid=2390&lid=1610&slhash=f41422652a5122476707c1a72b7208c6&redirect_id=32024&bid=17
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectverifiedwebpage.com
Fingerprint0D:F8:EF:F4:23:CD:FB:7E:DE:C7:29:3C:B4:F7:A4:CE:6A:FB:89:AB
ValiditySat, 14 Oct 2023 13:52:56 GMT - Fri, 12 Jan 2024 13:52:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go?ehash=26e362900356b1f0ab849cc484346480&product=35341&ar=55&cid=2390&lid=1610&slhash=f41422652a5122476707c1a72b7208c6&redirect_id=32024&bid=17 HTTP/1.1
Host: verifiedwebpage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 04 Dec 2023 23:54:57 GMT
content-type: text/html; charset=UTF-8
location: https://subscribe.goodlifestylenews.com?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=bccc2dd90abb0ea1133b660491d2cce7; path=/
pixel_session_hash_35341=3415202737506910170; expires=Wed, 03-Jan-2024 23:54:57 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=None
bt_tracking_product_35341=40692055e34e4015d9526b48af0d5c9d6591bc908cbe74aafb2f614840e0a4cb; expires=Wed, 06-Dec-2023 23:54:57 GMT; Max-Age=172800
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hfd5xnUiLq9ZZq69grNZIcABMA4QjQ1j0PUujMGZTs3Udv1hBm2Ga76QBoHEDob3yEmrVncThf0qaDox7UwhZAWCE4C9EFSODhU7enQqiBAJVdoZUPCWwCPxZErkI%2FtLXvitPMhI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307fa35cdf956b7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

go.goodlifestylenews.com/dummyarticleclickers_32024/26e362900356b1f0ab849cc484346480/55/leadsource/2390/1610/f41422652a5122476707c1a72b7208c6/mpmta/news/32024/17

172.67.172.49

302 Found

0 B

URL User Request GET HTTP/2
go.goodlifestylenews.com/dummyarticleclickers_32024/26e362900356b1f0ab849cc484346480/55/leadsource/2390/1610/f41422652a5122476707c1a72b7208c6/mpmta/news/32024/17
IP
172.67.172.49:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectgoodlifestylenews.com
Fingerprint6F:1A:61:CC:60:1F:26:F1:38:1B:42:D6:62:31:00:BC:39:7F:73:8B
ValidityFri, 24 Nov 2023 10:01:12 GMT - Thu, 22 Feb 2024 10:01:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dummyarticleclickers_32024/26e362900356b1f0ab849cc484346480/55/leadsource/2390/1610/f41422652a5122476707c1a72b7208c6/mpmta/news/32024/17 HTTP/1.1
Host: go.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 04 Dec 2023 23:54:56 GMT
content-type: text/html; charset=UTF-8
location: https://verifiedwebpage.com/go?ehash=26e362900356b1f0ab849cc484346480&product=35341&ar=55&cid=2390&lid=1610&slhash=f41422652a5122476707c1a72b7208c6&redirect_id=32024&bid=17
cache-control: max-age=600
expires: Tue, 05 Dec 2023 00:04:56 GMT
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=567sOdOVdMu9w%2FX6N86qTl97Tn5kLNZ%2F2WJc40QrQ%2F2VEADYvuSj1zyGFh%2FFuFig9NBIvCPVwyMyJVjoahTWlfHmDkOFbmLxUavceY5oCKwJtKCrdyr18wO1Nxpee6pLk%2B6YFoO1GCOkfXo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307fa30daad7127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

162.125.71.15

200 OK

213 kB

URL GET HTTP/2
uc63e21f52063da7afce2e081878.dl.dropboxusercontent.com/cd/0/get/CIwoq-O7VYvbTqDmCO18tX2wwWvfd7cK_6lwP-P9i90RARBm5tbtVs62mx9BQ5c-cOPoJ82n5f6sccGvA8DRM6YDZiaw9VnVD1Lhwoe3ZHJWPWYgC6zOhPwb0FRbtwj2bNSystrPWY1P2o_lTaIV7ZFU/file?dl=1
IP
162.125.71.15:443
ASN
#19679 DROPBOX

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerDigiCert Inc
Subjectdl.dropbox.com
FingerprintF7:BA:5F:D1:73:A5:04:E6:AC:52:C4:92:6F:20:23:8D:FD:B3:3F:D0
ValidityTue, 14 Feb 2023 00:00:00 GMT - Sat, 16 Mar 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size
213 kB (212787 bytes)
Hash
670520755720fa053a763b3c20791e04
7dc82546a7444f1e3ed621b703024e560869fb67
eb16e6d2538f2306436b16cb9df8141305667c8c85bccea6be19ce148f1e23d0

HTTP Headers

GET /cd/0/get/CIwoq-O7VYvbTqDmCO18tX2wwWvfd7cK_6lwP-P9i90RARBm5tbtVs62mx9BQ5c-cOPoJ82n5f6sccGvA8DRM6YDZiaw9VnVD1Lhwoe3ZHJWPWYgC6zOhPwb0FRbtwj2bNSystrPWY1P2o_lTaIV7ZFU/file?dl=1 HTTP/1.1
Host: uc63e21f52063da7afce2e081878.dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://subscribe.goodlifestylenews.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: attachment; filename="BidenBucks07#7.jpg"; filename*=UTF-8''BidenBucks07%237.jpg
content-security-policy: sandbox
etag: 1675266162900395d
pragma: public
referrer-policy: no-referrer
vary: Origin
x-content-security-policy: sandbox
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow, noimageindex
x-server-response-time: 230
x-webkit-csp: sandbox
content-type: application/binary
date: Mon, 04 Dec 2023 23:55:02 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 212787
x-dropbox-response-origin: far_remote
x-dropbox-request-id: f732d7c8b0774a74ab03affc103d6d40
X-Firefox-Spdy: h2

subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17

172.67.172.49

302 Found

0 B

URL User Request GET HTTP/3
subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17
IP
172.67.172.49:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectgoodlifestylenews.com
Fingerprint6F:1A:61:CC:60:1F:26:F1:38:1B:42:D6:62:31:00:BC:39:7F:73:8B
ValidityFri, 24 Nov 2023 10:01:12 GMT - Thu, 22 Feb 2024 10:01:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17 HTTP/1.1
Host: subscribe.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Mon, 04 Dec 2023 23:54:58 GMT
content-type: text/html; charset=UTF-8
location: https://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=8abd8bc5aae15982e1ee5466eee43de2; path=/
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IziMRVy6pNoydQmvFVIeSvbm%2FzVDvEEw6uKu0urfxsl863uYGj8dASBD4kBDKgiwmimUrWRUwmyqakfmB1k%2Bd0HyU%2BnWzyjYUWH8BsUCAUgyn1aQKjOb0hCUwqD8iRQJXIR8ez7rb1oWtrFfVhDjszGO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307fa3b18bf5690-OSL
alt-svc: h3=":443"; ma=86400

www.dropbox.com/s/9kywb1xfr244qtl/BidenBucks07%237.jpg?dl=1

162.125.71.18

302 Found

213 kB

URL GET HTTP/2
www.dropbox.com/s/9kywb1xfr244qtl/BidenBucks07%237.jpg?dl=1
IP
162.125.71.18:443
ASN
#19679 DROPBOX

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerDigiCert Inc
Subject*.dropbox.com
Fingerprint17:55:A3:E8:7A:9A:D8:FF:86:5A:8E:81:2C:30:73:6B:8A:88:10:43
ValidityTue, 31 Oct 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type

Size
213 kB (212787 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s/9kywb1xfr244qtl/BidenBucks07%237.jpg?dl=1 HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/html; charset=utf-8
location: /s/dl/9kywb1xfr244qtl/BidenBucks07%237.jpg
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
set-cookie: gvc=NTIyMjM0NzAzMzAxNTE5NDEzNTM2NDkwOTYwNDQwNzgxNTAyODc=; Path=/; Expires=Sat, 02 Dec 2028 23:55:01 GMT; HttpOnly; Secure; SameSite=None
t=2nth0G5gbhPW2u7PzItUsnD5; Path=/; Domain=dropbox.com; Expires=Thu, 03 Dec 2026 23:55:01 GMT; HttpOnly; Secure; SameSite=None
__Host-js_csrf=2nth0G5gbhPW2u7PzItUsnD5; Path=/; Expires=Thu, 03 Dec 2026 23:55:01 GMT; Secure; SameSite=None
__Host-ss=BKdDT0jE_o; Path=/; Expires=Thu, 03 Dec 2026 23:55:01 GMT; HttpOnly; Secure; SameSite=Strict
locale=en; Path=/; Domain=dropbox.com; Expires=Sat, 02 Dec 2028 23:55:01 GMT
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow, noimageindex
x-xss-protection: 1; mode=block
date: Mon, 04 Dec 2023 23:55:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: envoy
cache-control: no-cache, no-store
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 4ee2add8dfa94f709535d3baa9ceeec8
X-Firefox-Spdy: h2

www.dropbox.com/s/dl/9kywb1xfr244qtl/BidenBucks07%237.jpg

162.125.71.18

302 Found

213 kB

URL GET HTTP/2
www.dropbox.com/s/dl/9kywb1xfr244qtl/BidenBucks07%237.jpg
IP
162.125.71.18:443
ASN
#19679 DROPBOX

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerDigiCert Inc
Subject*.dropbox.com
Fingerprint17:55:A3:E8:7A:9A:D8:FF:86:5A:8E:81:2C:30:73:6B:8A:88:10:43
ValidityTue, 31 Oct 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT

File type

Size
213 kB (212787 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s/dl/9kywb1xfr244qtl/BidenBucks07%237.jpg HTTP/1.1
Host: www.dropbox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://subscribe.goodlifestylenews.com/
DNT: 1
Connection: keep-alive
Cookie: gvc=NTIyMjM0NzAzMzAxNTE5NDEzNTM2NDkwOTYwNDQwNzgxNTAyODc=; t=2nth0G5gbhPW2u7PzItUsnD5; __Host-js_csrf=2nth0G5gbhPW2u7PzItUsnD5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-security-policy: sandbox
location: https://uc63e21f52063da7afce2e081878.dl.dropboxusercontent.com/cd/0/get/CIwoq-O7VYvbTqDmCO18tX2wwWvfd7cK_6lwP-P9i90RARBm5tbtVs62mx9BQ5c-cOPoJ82n5f6sccGvA8DRM6YDZiaw9VnVD1Lhwoe3ZHJWPWYgC6zOhPwb0FRbtwj2bNSystrPWY1P2o_lTaIV7ZFU/file?dl=1#
referrer-policy: strict-origin-when-cross-origin
set-cookie: t=2nth0G5gbhPW2u7PzItUsnD5; Domain=dropbox.com; expires=Thu, 03 Dec 2026 23:55:01 GMT; HttpOnly; Path=/; SameSite=None; Secure
__Host-js_csrf=2nth0G5gbhPW2u7PzItUsnD5; expires=Thu, 03 Dec 2026 23:55:01 GMT; Path=/; SameSite=None; Secure
__Host-ss=BKdDT0jE_o; expires=Thu, 03 Dec 2026 23:55:01 GMT; HttpOnly; Path=/; SameSite=Strict; Secure
__Host-logged-out-session=ChBw5Q0kAFTvm0Q1JfljqicrENXNuasGGi5BSVVUeV84NFk0RURsdTBESHQ4S2ktdFpVZ093ZzE5NmMwZktBOEJPcVlDUWdB; HttpOnly; Path=/; SameSite=None; Secure
locale=en; Domain=dropbox.com; expires=Sat, 02 Dec 2028 23:55:01 GMT; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-frame-options: DENY
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
date: Mon, 04 Dec 2023 23:55:01 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 859a6854583b4abaac547f6d72c057d4
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto

142.250.74.106

200 OK

2.1 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://subscribe.goodlifestylenews.com/?email=triedel@buenavistacompanies.com&redirect_id=32024&bid=17&ses_id=b5218f3695aa47d5b0d23614e20f9a9d
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (2158), with no line terminators
Size
2.1 kB (2102 bytes)
Hash
7fad5e7e182f10e7ece237afa8caae03
3e446dd2d5f5a34d3e6a55063ef740fe292a42a1
5b353f7d4f4359ff0b19d42c322ddf1e4cb8b350644d3c7daefc39739ba114f0

HTTP Headers

GET /css?family=Roboto HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://subscribe.goodlifestylenews.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 23:55:00 GMT
date: Mon, 04 Dec 2023 23:55:00 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (33)

URL

IP

ASN