Overview

URL continuetosite.com/go/6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db
IP3.70.16.242
ASNAMAZON-02
Location Germany
Report completed2022-09-23 16:36:13 UTC
StatusLoading report..
urlquery Alerts Scam / Brand infringement


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-23 2 continuetosite.com/go/6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db Phishing
2022-09-23 2 thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/css/app.css?id=c588c17324f2be0e0ec9 Phishing
2022-09-23 2 thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/js/landers/prizewheel-fb/app.js (...) Phishing
2022-09-23 2 thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/img/fb-like.svg Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-23 2 desekansr.com Sinkholed
2022-09-23 2 desekansr.com Sinkholed


Files

No files detected



Passive DNS (11)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 18.165.196.217
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-23 13:41:12 UTC 93.184.220.29
mnemonic passive DNS continuetosite.com (1) 0 2015-12-31 07:14:09 UTC 2022-09-23 04:03:59 UTC 3.70.16.242 Unknown ranking
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-23 07:14:46 UTC 18.164.68.21
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-23 04:33:41 UTC 34.117.237.239
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-23 05:02:25 UTC 34.210.107.213
mnemonic passive DNS desekansr.com (2) 0 2022-05-12 08:00:20 UTC 2022-09-23 14:51:28 UTC 139.45.197.250 Unknown ranking
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-23 12:37:00 UTC 34.120.237.76
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-23 04:34:39 UTC 23.36.77.32
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-23 04:49:01 UTC 108.156.28.102
mnemonic passive DNS thefreeclub.xyz (18) 0 2022-08-15 11:22:15 UTC 2022-09-23 04:03:53 UTC 18.164.68.37 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 3.70.16.242

Date UQ / IDS / BL URL IP
2022-12-05 08:59:09 +0000
0 - 0 - 1 rezuke.gooredirect.xyz/go/52a257bb-4572-4f58- (...) 3.70.16.242
2022-12-05 08:57:15 +0000
0 - 0 - 1 bemob.napoletoss.com/go/faa472f2-8582-4dfe-a9 (...) 3.70.16.242
2022-12-05 08:57:13 +0000
0 - 0 - 1 www.mediacdnc.com/go/a1dd168f-6dfc-487a-a712- (...) 3.70.16.242
2022-12-05 07:39:34 +0000
0 - 0 - 4 rdr.funcontent.xyz/go/146398c0-e9b4-41c8-8e8f (...) 3.70.16.242
2022-12-05 07:37:15 +0000
4 - 0 - 9 www.mediacdnc.com/go/f0e7977a-c452-4a5e-88ed- (...) 3.70.16.242

Last 5 reports on ASN: AMAZON-02

Date UQ / IDS / BL URL IP
2022-12-05 10:45:39 +0000
0 - 0 - 4 router.allure-ng.net/click/k5/mE7bko?sub_id=3 (...) 3.122.203.59
2022-12-05 10:38:29 +0000
0 - 0 - 1 www.rb.gy/ylcgjr/ 76.223.86.4
2022-12-05 10:38:07 +0000
0 - 0 - 2 ldp.page/polandd 18.142.208.246
2022-12-05 10:36:59 +0000
0 - 0 - 6 mabe.canjear-ahora.com/ 52.212.52.84
2022-12-05 10:31:54 +0000
0 - 0 - 1 www1.rowan.com/?tm=1&subid4=1670230591.045981 (...) 13.248.148.254

Last 5 reports on domain: continuetosite.com

Date UQ / IDS / BL URL IP
2022-12-03 22:28:09 +0000
0 - 0 - 5 continuetosite.com/go/1bcb6447-28a3-45f5-906d (...) 3.70.16.242
2022-12-03 18:43:10 +0000
1 - 0 - 5 continuetosite.com/go/6d6d3780-17f5-4484-bf8d (...) 3.70.16.242
2022-12-03 18:06:05 +0000
0 - 0 - 1 continuetosite.com/go/9d26ee6b-c9cb-4973-9d04 (...) 3.70.16.242
2022-12-02 14:05:26 +0000
0 - 0 - 6 continuetosite.com/go/a845f995-13eb-4907-9070 (...) 3.70.16.242
2022-12-01 11:07:13 +0000
0 - 0 - 6 continuetosite.com/go/7c8a805e-f998-405b-ae9c (...) 3.70.16.242

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-03 11:59:02 +0000
0 - 0 - 4 rdr.funcontent.xyz/go/23bbed7f-16cb-4af2-a580 (...) 3.70.16.242
2022-12-02 14:05:26 +0000
0 - 0 - 6 continuetosite.com/go/a845f995-13eb-4907-9070 (...) 3.70.16.242
2022-11-30 12:30:37 +0000
0 - 0 - 6 rdr.funcontent.xyz/go/23bbed7f-16cb-4af2-a580 (...) 3.70.16.242
2022-11-29 23:38:11 +0000
0 - 0 - 6 rdr.funcontent.xyz/go/23bbed7f-16cb-4af2-a580 (...) 3.70.16.242
2022-11-26 00:56:20 +0000
0 - 0 - 13 www.storlan.xyz/sweep-iphone/arabic-spinwheel (...) 54.230.111.84


JavaScript

Executed Scripts (11)


Executed Evals (1)

#1 JavaScript::Eval (size: 80, repeated: 1) - SHA256: 2b5e810a6d3a8c184ee3672cd491fa2ef17f42b088b67f09b31a0160b032060e

                                        (() => {
    const a = async
    function name() {};
    window['dmohqqoeb1u'] = true;
})()
                                    

Executed Writes (2)

#1 JavaScript::Write (size: 0, repeated: 1) - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                    

#2 JavaScript::Write (size: 79, repeated: 1) - SHA256: 5c0f4cc1e7ed997c71e2382e10aaaf35e614105d8549cf1b9591f2dd2f9624cc

                                        < a href = "https://continuetosite.com/click"
class = "step__button" > '7D( ,' & 2 * C < /a>
                                    


HTTP Transactions (38)


Request Response
                                        
                                            GET /go/6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db HTTP/1.1 
Host: continuetosite.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         3.70.16.242
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: openresty
Date: Fri, 23 Sep 2022 16:36:02 GMT
Content-Length: 464
Connection: keep-alive
Access-Control-Allow-Origin: *
Location: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Set-Cookie: bemob-uniq-visit:6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db=1; Domain=continuetosite.com; Path=/; Expires=Sat, 24 Sep 2022 16:36:02 GMT; HttpOnly bemob-rotation:6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db:random:bcd88f2699ba17c73dd3f4960191ea22=0-0-0; Domain=continuetosite.com; Path=/; Expires=Sat, 24 Sep 2022 16:36:02 GMT; HttpOnly bemob-track-url=https%3A%2F%2Fthefreeclub.xyz%2F1%2Fprizewheel%2Fiphone13%2Far-qa%2Findex.html%3Fdomain%3Dcontinuetosite.com%26brand%3D%26bemobdata%3Dc%253D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%253Daea97f13-59ed-4066-8911-4eb831e11713..a%253D0..b%253D0; Domain=continuetosite.com; Path=/; Expires=Sat, 24 Sep 2022 16:36:02 GMT; HttpOnly
Vary: Accept
X-Response-Time: 16.287ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (464), with no line terminators
Size:   464
Md5:    82d1869112647ca5801ed058c5b32b04
Sha1:   8b5275c3a557e3deddb4bb0bd0e4f216e557b950
Sha256: f12fe59d76a0322cab4ee80fb7e7c2c8e0d4af7667c7ceaec99423c6f254beb0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.21
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 16:05:09 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 fd0213744bc3f0c3b6436f635fb80a6c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: h1cnldKYK4BwqyU4C-Ql5Vq_DGvBcX_l9hZPWrIBqj-vlLHsJ39BVQ==
Age: 1853


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8617
Expires: Fri, 23 Sep 2022 18:59:39 GMT
Date: Fri, 23 Sep 2022 16:36:02 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         108.156.28.102
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 04:13:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 b349539e70f05aae8b25110799b51862.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: LbmcSWs5_7ishscOvazskVTs2E-mNltAKm42Tuunhfd0RHlSSyFtVw==
age: 44580
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 23 Sep 2022 16:36:02 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         18.165.196.217
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Fri, 23 Sep 2022 16:36:02 GMT
Server: ECS (dcb/7FA5)
X-Cache: Miss from cloudfront
Via: 1.1 e963d9388521b938ab0c2d19e2400bee.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: ZXv-rHmj8un_RJrdAkQDfzvwkRkFdjCSAfHquGwEObEZsctJUfGvGg==

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.21
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Expires, Alert, Content-Length, ETag, Cache-Control, Content-Type, Backoff, Pragma, Last-Modified
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Fri, 23 Sep 2022 16:33:00 GMT
Expires: Fri, 23 Sep 2022 17:25:48 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 46b5aeb0e7bcc8895e9b923ffd4a3896.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: McyQbmGscTErizkIC1QGvzK81V51_KbtBiLN2P4tRG6JBNoEWU6K6Q==
Age: 182


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6489
Cache-Control: 'max-age=158059'
Date: Fri, 23 Sep 2022 16:36:03 GMT
Last-Modified: Fri, 23 Sep 2022 14:47:54 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /1/prizewheel/iphone13/ar-qa/img/landers/prizewheel-fb/prizewheel_spinner.jpg HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 32496
last-modified: Mon, 19 Sep 2022 10:22:49 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 14:10:13 GMT
etag: "d4655cba21d806e849eed4e4119fbe1a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: KIZY5rchr6E-ffTg2ij5GHcBqquoC_QHX00FzI-vGm-tVXQsWcCqRA==
age: 8751
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1002x1002, components 3\012- data
Size:   32496
Md5:    d4655cba21d806e849eed4e4119fbe1a
Sha1:   6453039d85005643e9d65074ca022f63b5d47cdd
Sha256: 90f2363aaebaf03f06fb20c6c02fb2e97497d7cd54b611281303ce7e10335ee7

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +A9VA+5HDngYITf101cT3A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.210.107.213
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QNeqTHY6MsL7dTohVfW8xJgp2QY=

                                        
                                            GET /1/prizewheel/iphone13/ar-qa/css/app.css?id=c588c17324f2be0e0ec9 HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: text/css
                                        
content-length: 33
date: Fri, 23 Sep 2022 16:36:04 GMT
last-modified: Mon, 19 Sep 2022 10:44:12 GMT
etag: "c588c17324f2be0e0ec90a18f39e7d7c"
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: quVMcrd_XOcQJgaFGMH5tPyA9aoWhEjOAg8RMHrLeV_W5JD1bUjedg==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   33
Md5:    c588c17324f2be0e0ec90a18f39e7d7c
Sha1:   69d360eddd15f527aac7f7e610346517732b7770
Sha256: b83e8830b6b2f1253a78f90191cf1087e8fd7638831fd4c1376a7a6029297240

Alerts:
  urlquery:
    - Scam / Brand infringement
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/img/landers/prizewheel-fb/notification.png HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 449
date: Fri, 23 Sep 2022 16:36:04 GMT
last-modified: Mon, 19 Sep 2022 10:22:51 GMT
etag: "bd5203f2cc9e7a9125e4575e029541b0"
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: _VubQT2lPundRDijWPCD-ycqS2g5H1j8v6ZQRAWcuJdoI-9i8qSx9w==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 30 x 28, 8-bit colormap, non-interlaced\012- data
Size:   449
Md5:    bd5203f2cc9e7a9125e4575e029541b0
Sha1:   9fa565ab2f4b55da4735b79e529562252b3c9afe
Sha256: db94c8ae725f947f20e12df29e6b6c8ade5ffcd5a7dc9ffd9be0351d963f826f

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/js/app.js?id=15b1bae461854d516179 HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 977
date: Fri, 23 Sep 2022 16:36:04 GMT
last-modified: Mon, 19 Sep 2022 10:44:13 GMT
etag: "15b1bae461854d516179a34a8c9b5f08"
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: kfT5-me-DrcmUGWLoGukip7HEP2yUmSZhhiFzMXSYW08plYOq4s9cQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (977), with no line terminators
Size:   977
Md5:    15b1bae461854d516179a34a8c9b5f08
Sha1:   330c1d191253fe07c5fe6b5af37872408f2e5904
Sha256: 1bd25e467ea078265aee433e0cf9732a7e127514304634590a2de17fb2330896

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/img/landers/prizewheel-fb/loader.gif HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 5083
date: Fri, 23 Sep 2022 16:36:04 GMT
last-modified: Mon, 19 Sep 2022 10:22:50 GMT
etag: "ed786659a534e0d183c09a90c50abc9d"
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: 2hEbYrCsl4D5h3Cb0LNi6YwxRzm_hxajb162I8nCbW4uZRz8Mnz8Mw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 50 x 50\012- data
Size:   5083
Md5:    ed786659a534e0d183c09a90c50abc9d
Sha1:   a6c3d90bfaa86a7cda490bc5d04c8939c31a414e
Sha256: cbaeb154dcb93bff5f6e382cede5d51a11175a2295e56bb2790611910280ba97

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/img/prizes/iphone-12-pro-max/default@0.5x.png HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 32266
date: Fri, 23 Sep 2022 16:36:04 GMT
last-modified: Mon, 19 Sep 2022 10:22:23 GMT
etag: "c562f63263ffff2688791c38014b36bc"
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: VzukymNslRGKTbRX82v_g_JUYmldJ5qN6IIdLMfLVT09uv3Dwfyf7w==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size:   32266
Md5:    c562f63263ffff2688791c38014b36bc
Sha1:   59fe19592cb3f6a2709c418026f0a1ddb12c1314
Sha256: c331ce815fcd0ed99bc592c082eed6e51efd0f107d2ae967021d0273def59ae8
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DD7D62648EB281D9448300E8EA6FF97043E31AA6578E59A16559763F4E1E73D2"
Last-Modified: Wed, 21 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=160
Expires: Fri, 23 Sep 2022 16:38:43 GMT
Date: Fri, 23 Sep 2022 16:36:03 GMT
Connection: keep-alive

                                        
                                            GET /pfe/current/micro.tag.min.js?z=5378963&sw=/sw-check-permissions-f40a4.js HTTP/1.1 
Host: desekansr.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 23 Sep 2022 16:36:03 GMT
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: W/"63296afd-1a407"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   43250
Md5:    f0eb70e711c973204875b65e436cbd45
Sha1:   f3b6f581aa59595647fd5508169a54ec086ab3af
Sha256: 1dfdcba6e88ff48cee939b15bcadd26d8c42fd130e340a2a4e274cd17bd316a8

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/img/profiles/mena/female/3@0.25x.jpg HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 2506
last-modified: Mon, 19 Sep 2022 10:05:52 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 14:10:14 GMT
etag: "e69e56799051d24a67414a67301ac984"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: RYCOyBRKp6qPQ-ApaX5wcCz9_CmhxSBL_0u6bG0sOHz0gPLorUNcyA==
age: 8750
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size:   2506
Md5:    e69e56799051d24a67414a67301ac984
Sha1:   7d7db0281213342c25abf9e08937e38c7d1e8449
Sha256: cff50b269e3afdcf620ba9a8f6d3ac55b03a953136f3148d1b3296798bf57210
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/img/profiles/mena/male/9@0.25x.jpg HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 2224
last-modified: Mon, 19 Sep 2022 10:05:49 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 14:10:16 GMT
etag: "444a95e7661a07d48ae8a2b7d67792be"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: ireKiC5GD0_-I88v5aHNi-KAd6N98BBInRifX5y5WmU_o3l7TL90_w==
age: 8748
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size:   2224
Md5:    444a95e7661a07d48ae8a2b7d67792be
Sha1:   e31aa744a72a17d6a3e04cd0e6f9a9fc59a47b59
Sha256: d815f00761793a93ef88b73ea6451d9300a052ce64f454d30f9446af3bd9ccda

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/img/profiles/mena/female/1@0.25x.jpg HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 2853
last-modified: Mon, 19 Sep 2022 10:05:53 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 14:10:16 GMT
etag: "4ccf612375cb7df45e271ecd2983281e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: 3Uk9bHSB6tfTREH6wtJnnfECSXi25IWJf2_OhaKpo0-8Z9b-tYNukg==
age: 8748
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size:   2853
Md5:    4ccf612375cb7df45e271ecd2983281e
Sha1:   db4bc5414c30c39531e38c9a3f34b087cd68b4b6
Sha256: 75f237c0722d2dd3ef7d7e4bad43a70ac57bad90c81b9cb8b9c9b445c0a76a1b
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/img/profiles/mena/male/10@0.25x.jpg HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 3175
last-modified: Mon, 19 Sep 2022 10:05:50 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 14:10:14 GMT
etag: "f8002e02aac0ac1bb22d2c80f36ebf15"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: AjKoQVaJyDblxnHiMeXLq3NBgrcd0ba_JcplZ4bDAiWP9j4gcrZymQ==
age: 8749
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size:   3175
Md5:    f8002e02aac0ac1bb22d2c80f36ebf15
Sha1:   bf277a8747caf561b91a25860e772cf0f1a834a5
Sha256: 0e98e32d27f59276dc137de153e32c28220a635701413565a4646dc8361fd94c

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/img/profiles/mena/male/2@0.25x.jpg HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 2258
last-modified: Mon, 19 Sep 2022 10:05:50 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 14:10:16 GMT
etag: "07ee3d87dba4f97110c83432fcc8f3f6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: HDhVVEGMyXCNIMXHIUV8-nf-vP1DETP4FSxSaD0_vvBltitU1HRd7Q==
age: 8748
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size:   2258
Md5:    07ee3d87dba4f97110c83432fcc8f3f6
Sha1:   80f21d2258991eaecca028683f58b16019bf9deb
Sha256: 50479fd6ff7c08b64aa01f0a415bba20d8ddd79a43becae604955e9086098cff

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/img/prizes/iphone-12-pro-max/proof.jpg HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 23152
last-modified: Mon, 19 Sep 2022 10:22:22 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 16:36:04 GMT
etag: "029d38095e06ced0688fd67a58e70781"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: Y-NUieiya-m5F5pIuufg0dh5pxPtwjuLQMO1ZSVSIIjJ3YCTePfIrQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 339x450, components 3\012- data
Size:   23152
Md5:    029d38095e06ced0688fd67a58e70781
Sha1:   b5bdaddeb39b947c35f883f001f34dd163bcb362
Sha256: 5e41534f027f676ce89db3b87319ffbdc1a1e7515e379f80f476e0989fa4bcc1

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/img/profiles/mena/male/3@0.25x.jpg HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 3301
last-modified: Mon, 19 Sep 2022 10:05:51 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 16:36:05 GMT
etag: "49f1b40f2ed2ef127cb64293ae8b1524"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: e0ISBY9vlmqALFmlvx9BXFXOX7-RHi7h7bat_cuZGXwaBh3bGNPW2w==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size:   3301
Md5:    49f1b40f2ed2ef127cb64293ae8b1524
Sha1:   7939aacf51d0ba9b4358cb17ef40eb91fa31e27b
Sha256: c5e6dbfaac2e982618aa4ea88a1785ca965b57f3149551f194cdaae2d8406a53

Alerts:
  urlquery:
    - Scam / Brand infringement
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/js/landers/prizewheel-fb/app.js?id=c3c399d8b44b50eee3e6 HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 23 Sep 2022 16:36:04 GMT
last-modified: Mon, 19 Sep 2022 10:22:49 GMT
etag: W/"cdf97653c213f02233f50a1ec975633c"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: AKG7G5eYzoog4LxmKcKZgupRTTov4QePNRuA_e3WUWq_a0UVOkqh5A==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65475)
Size:   53143
Md5:    11910285493430841137ac05c5b8bc5d
Sha1:   e3a130797e2ec3c14647fc41535f003aac2813a8
Sha256: 09045492aabfeee3cf2c279199becee22866a43a35df42f3739e8ce04a2116a3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/img/profiles/mena/female/5@0.25x.jpg HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 2787
last-modified: Mon, 19 Sep 2022 10:05:51 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 16:36:05 GMT
etag: "6063e3355d6e928b55810c359ee1d382"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: nK5SjYOBn3ZLIfEVVKW6de_MMoZGFIjK1DqyiNamSIHaNZF7NY-dfQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size:   2787
Md5:    6063e3355d6e928b55810c359ee1d382
Sha1:   a6a19cb61b8a8f9ed538a6467a7a41ed85fc01ad
Sha256: 9db1c16bd8c27942b3d83cff9d81462ced2b7827ab45fe53ff3fcec32ed138d9
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2588
Expires: Fri, 23 Sep 2022 17:19:12 GMT
Date: Fri, 23 Sep 2022 16:36:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2588
Expires: Fri, 23 Sep 2022 17:19:12 GMT
Date: Fri, 23 Sep 2022 16:36:04 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:48:22 GMT
age: 67662
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8029
Md5:    02a682b4703bb9d6381c762726c05531
Sha1:   1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
Sha256: fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8497
x-amzn-requestid: 8543ac70-48ab-4523-856f-5d5fa1191c97
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yin-pEryoAMFTfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6324205d-660bba3f655f940d143bc437;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 07:06:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: e9KUFhjuFMzjuh37rFiNKaMNVaGZwPGBkLrv0zgfSTT7dCIuWj4G9Q==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:27 GMT
age: 66277
etag: "d47db5fcd83023b4a8de40a47d4510e183de387a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8497
Md5:    7606ff88f05062b66970d9805f38987a
Sha1:   d47db5fcd83023b4a8de40a47d4510e183de387a
Sha256: 20f89dd859e5715e27c289040fac6a121248e5b6c06da0a7f186984ffb029eb2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10127
x-amzn-requestid: 456e3c6a-e173-433e-8d54-d787cb50b7e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0sHmCoAMFVSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-7a07b336571396533e48b4cb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gWZNsIn_FEbYwMeR1JArmPEgyuHEGgWsfb-wB6P_NrmoHhNgvGWoPw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:07:28 GMT
age: 66516
etag: "48c10714503e8dfdd3e3c3d39b919ef2792f0d15"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10127
Md5:    b877ead4a15221fdd278ef27f281a7ec
Sha1:   48c10714503e8dfdd3e3c3d39b919ef2792f0d15
Sha256: f4a1d5abcfa4092828e004b6c0605a7a24e4133d275312f613dceff875971daf
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 14579
x-amzn-requestid: bce2c126-0883-4255-9246-d8055860f898
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCj6FYCoAMF9Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e18-66ba2e5d64b6a5b32b7ab36b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 92Pj9IQp3mBJQOW-XuHSK8laPqXOSBOmNbYcm4hSFzc1xqYscQKxMA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:48 GMT
age: 66256
etag: "16e42ba7b20555bf5a8615e5f4bb561204aeeb5a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   14579
Md5:    f10a12719b387d176497669ba75f0acc
Sha1:   16e42ba7b20555bf5a8615e5f4bb561204aeeb5a
Sha256: 0cb2231817387d43a490565b61e24ea7a3cfcff3281f4ab4379a882cc5c3173f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5340
x-amzn-requestid: b13bc974-e15d-43a4-a918-fbc35b09a36f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y19HljIAMFY8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4f2-2cb226ba4bd7c7e74d9ab2db;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8DCVWC4Ihr4R21i3ySyiWdUK0aGymTE22B842ZKolG-ZThiKSMX-uQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:26 GMT
age: 66278
etag: "0264e73c4cfff0bb255757c7e1c760a5ad3ece80"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5340
Md5:    3b318ea5c36d2b22b925f7dfe382df5f
Sha1:   0264e73c4cfff0bb255757c7e1c760a5ad3ece80
Sha256: 0c2f58ea4f5f32bb327f292e1b8fb5a4a60230bffc3abc440a624df27ec0d6bc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ec986e3-2bce-4ded-85eb-e88df9893a30.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6505
x-amzn-requestid: bc9cc556-8897-4484-ac07-f18e4f5250ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YvrfiFl4oAMF_Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63295930-7a627b7d7683919e41ca599b;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 06:09:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UNlx91pOuttpN-IrQs_g-PRI8C_NmZDKdnOpfayCJ719fa6FwnOIGg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:11:51 GMT
age: 66253
etag: "265d3e98bcbf5f14f214102279a7911d6fd64048"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6505
Md5:    ff021fa15adb0d3a24158bc00cf0980a
Sha1:   265d3e98bcbf5f14f214102279a7911d6fd64048
Sha256: 211d709fb1851a62f856a78e3b115ef816f78ab9a28f870d48fa3d1912eac16a
                                        
                                            POST /zone?&pub=0&zone_id=5378963&is_mobile=false&domain=thefreeclub.xyz&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1 
Host: desekansr.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thefreeclub.xyz
Connection: keep-alive
Referer: https://thefreeclub.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                         
                                         139.45.197.250
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 23 Sep 2022 16:36:11 GMT
content-length: 0
x-trace-id: 906905c31a78f9c3098968892b9f5d73
access-control-allow-origin: https://thefreeclub.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0 HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: text/html
                                        
date: Fri, 23 Sep 2022 16:36:03 GMT
last-modified: Mon, 19 Sep 2022 10:54:30 GMT
etag: W/"b4b21ff7b2c91c336bd38da4b8ade9d1"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: Zw9QDVMvFhOqZ-xdVpD216MwE0IxNFb9L0WkGoeiyvg9prQUohzU8g==
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/img/fb-like.svg HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: image/svg+xml
                                        
last-modified: Mon, 19 Sep 2022 10:44:14 GMT
server: AmazonS3
content-encoding: br
date: Fri, 23 Sep 2022 16:36:05 GMT
etag: W/"765203989756e91925e8f947e660b644"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: 5OY1e17aizgrxEgI2Vc2ZvYrxWCiq1oihA91l32rUxGJz5LNP-6KmQ==
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /1/prizewheel/iphone13/ar-qa/css/landers/prizewheel-fb/app.css?id=cd41123a11e97e0f2444 HTTP/1.1 
Host: thefreeclub.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thefreeclub.xyz/1/prizewheel/iphone13/ar-qa/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D6b5ea2c0-2ad3-4d8c-a7df-9df77690d9db..l%3Daea97f13-59ed-4066-8911-4eb831e11713..a%3D0..b%3D0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         18.164.68.37
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 23 Sep 2022 16:36:04 GMT
last-modified: Mon, 19 Sep 2022 10:22:48 GMT
etag: W/"cd41123a11e97e0f2444b57d180631a0"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 e6606d7d3401505cbf3e6ea0e411484c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: 4azQOt2Gq07cYipczsE3eEOZHAp-W9tcim8euBs2j-CxnmChUtChLA==
X-Firefox-Spdy: h2


--- Additional Info ---