Report - 1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==

Report Overview

Submitted URL
1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==
IP
94.237.84.54
ASN
#202053 UpCloud Ltd
Submitted
2022-09-10 19:55:45
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.27
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	963 B	172.64.155.188
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	456 B	756 B	139.45.195.8
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	7.1 kB	95.101.11.115
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
foapsovi.net	95036	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	1.6 kB	139.45.197.251
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	439 B	746 B	142.250.74.10
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	486 B	8.9 kB	142.250.74.163
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.148.17.90
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	53 kB	34.120.237.76
1d6ce0440a1.prizessites.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	45 kB	112 kB	94.237.93.242
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	993 B	2.1 kB	142.250.74.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-10	medium	prizessites.net	Sinkholed
2022-09-10	medium	prizessites.net	Sinkholed
2022-09-10	medium	prizessites.net	Sinkholed
2022-09-10	medium	prizessites.net	Sinkholed
2022-09-10	medium	prizessites.net	Sinkholed
2022-09-10	medium	prizessites.net	Sinkholed
2022-09-10	medium	prizessites.net	Sinkholed
2022-09-10	medium	prizessites.net	Sinkholed
2022-09-10	medium	prizessites.net	Sinkholed
2022-09-10	medium	prizessites.net	Sinkholed
2022-09-10	medium	prizessites.net	Sinkholed
2022-09-10	medium	prizessites.net	Sinkholed

JavaScript (8)

	URL	Size	First Seen	Last Seen
	1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==	472 B	2023-03-07	2023-03-07
Pretty URL 1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ== IP 94.237.93.242 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:26:47 Last Seen2023-03-07 14:26:47 Times Seen1 Hash 6d39a13794dec7078336c0d6ede4b34f 1361267ab72ab15b5f425ddd83e914e72acacd10 41ac492ae069ac17fe02413d18f96704b94a50e5691e8e322f270131695f221a Loading...

	1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==	482 B	2023-03-07	2023-03-12
Pretty URL 1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ== IP 94.237.93.242 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:18:06 Last Seen2023-03-12 20:30:28 Times Seen1 Hash 8a93fcd1b7f13f2b2a4997b026fd0bec 209170afe0d87de8bc4a352de3d6448452922413 a98cb074616907740e59f33443add21b43b31d01cd139d11384f17175dac01ab Loading...

	foapsovi.net/pfe/current/micro.tag.min.js?z=3714385&sw=sw-check-permissions-1df35.js	107 kB	2023-03-07	2023-03-17
Pretty URL foapsovi.net/pfe/current/micro.tag.min.js?z=3714385&sw=sw-check-permissions-1df35.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:56:18 Last Seen2023-03-17 11:42:00 Times Seen1 Hash 7042527352616dd941f07f006bb5e683 ad4d296293396366b11d199c4722048dd2368c56 8405754f606f37289a9ae29f4f40b1f80dc403f52753504d6b096153eecd098c Loading...

	1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==	103 B	2023-03-07	2023-03-07
Pretty URL 1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ== IP 94.237.93.242 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:26:47 Last Seen2023-03-07 14:26:47 Times Seen1 Hash 1a21c872e444cb66f0b1dd43f11d9d90 682cf453a718fac2bd258e3ea292f5442d0ad139 9a47009466650765b322d5bc7244cda7559f06a97b3119913dcba6eb750d4d54 Loading...

	1d6ce0440a1.prizessites.net/js/app.js?id=d75b4cfe9b4f0f2f3a56	19 kB	2023-03-07	2024-04-13
Pretty URL 1d6ce0440a1.prizessites.net/js/app.js?id=d75b4cfe9b4f0f2f3a56 IP 94.237.93.242 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-04-13 17:46:53 Times Seen1052 Hash d75b4cfe9b4f0f2f3a56f5dad32d6c7d 7c462194003560634a65f7725b8bd553b9fdce41 0a9b16afee4ee7fa81b369cfe3d69c3a6d4ff580726b9d9c10f398deb2fc3c22 Loading...

	1d6ce0440a1.prizessites.net/js/landers/squid-game/app.js?id=fa89b2f912da0891b7b4	100 kB	2023-03-07	2023-03-17
Pretty URL 1d6ce0440a1.prizessites.net/js/landers/squid-game/app.js?id=fa89b2f912da0891b7b4 IP 94.237.93.242 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:26:47 Last Seen2023-03-17 11:40:07 Times Seen1 Hash fa89b2f912da0891b7b40ef0da93060f 2d851a6ddf15865fed18cbe6a9e9e9c1439e8308 d802ee7422cf54a49ff7065527e4494fa77932b5f4d3f8df4f3b5c3bc63b1292 Loading...

	1d6ce0440a1.prizessites.net/js/private.js?id=3bbacd180255e91f507b	200 kB	2023-03-07	2023-03-17
Pretty URL 1d6ce0440a1.prizessites.net/js/private.js?id=3bbacd180255e91f507b IP 94.237.93.242 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:03:40 Last Seen2023-03-17 11:42:01 Times Seen1 Hash 3bbacd180255e91f507b3ea4c2b13e7a 2b9392a3b46829aaa00e2295bada50c0881474b6 2dcea154254a42b4befa0bfafc803cd7e95094d2c4533f5cabb312b548ec9b77 Loading...

		Size	First Seen	Last Seen
	#1 Eval - db1a4a167998b6c29429bc6e7f5bd8b0	80 B	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 14:26:47 Last Seen2023-03-07 14:26:47 Times Seen1 Hash db1a4a167998b6c29429bc6e7f5bd8b0 b1267eaf966b2fe09b62c385be20c6f957a75d9a 9eac0d068b355c1972ec64eb6c50342edc35a8aad2a9aed837f05f0daa626529 Loading...

HTTP Transactions (42)

URL IP Response Size

1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==

94.237.93.242

301 Moved Permanently

162 B

URL HTTP/1.1
1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==
IP
94.237.93.242:0
ASN
#202053 UpCloud Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ== HTTP/1.1
Host: 1d6ce0440a1.prizessites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sat, 10 Sep 2022 19:55:34 GMT
Content-Type: text/html
Content-Length: 162
Location: https://1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15438
Expires: Sun, 11 Sep 2022 00:12:52 GMT
Date: Sat, 10 Sep 2022 19:55:34 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 10 Sep 2022 19:06:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Sai_sGDvch05X6NIpS0NngDdQqA0B1eEGGQ1F9iMz4mkfBIAdnOrlQ==
Age: 2924

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 10 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1qsp427bspCah3Cc44xWT-p_M7xsyQgKozk_8b6AlaXT8WoGON5gDw==
age: 45502
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
04c6d552c555c25ae124b019c57af690
c05e3ce6f485095c53fbe5b4219088824acf6a83
ea06d08e947f82117cc894a04d362c6d6a38eae9a19fde2368d124196c43543e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA06D08E947F82117CC894A04D362C6D6A38EAE9A19FDE2368D124196C43543E"
Last-Modified: Thu, 08 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13005
Expires: Sat, 10 Sep 2022 23:32:20 GMT
Date: Sat, 10 Sep 2022 19:55:35 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 19:55:35 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

1d6ce0440a1.prizessites.net/img/landers/squid-game/logo.png

94.237.93.242

200 OK

2.3 kB

URL HTTP/2
1d6ce0440a1.prizessites.net/img/landers/squid-game/logo.png
IP
94.237.93.242:0
ASN
#202053 UpCloud Ltd

File type
PNG image data, 302 x 157, 4-bit colormap, non-interlaced\012- data
Size
2.3 kB (2282 bytes)
Hash
7910e3010f23bdc5bd6184b1b7014bda
9d806120743d66bbb4e4c8e32bb9f4583b86d8b0
9f7d4629cd5c5ce7e149cc2807e0ff99c12ce0a0e7ae9f36fe8ef2f743ba6a50

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /img/landers/squid-game/logo.png HTTP/1.1
Host: 1d6ce0440a1.prizessites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==
Cookie: XSRF-TOKEN=eyJpdiI6IkNPWXRWajNiekhuaDh6TGFoQ2d5ZXc9PSIsInZhbHVlIjoibVY5UnBtSytYbWg3alNQdjdKb2Z5QzgxUUN3QmZGb3hwMFFqaVZwMlRlbjlRM05MU3FZTXJLRzFINU9Lb1hmZkRGaUZvV0FuY0k2WDdlZTlkQlQyYkN5WUNjVkZLZ1BQclpQb3p4VFdLenh4bVJFQThaZ1JlUU9KYzFLVGI2KysiLCJtYWMiOiJlYTM4YWQ2MmQ0NjE5YTcxNTEwNGEwZGY5M2ZmZjNkNmNmZDA5YTJjNTM3NGU3NDgwYmJhNzJhYTcxMWFlYjdlIiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlcvSHBqMXRJbmxSRGQ5ODBnR2plYUE9PSIsInZhbHVlIjoiTkdwN1M2TFE5TnorMVh6V29BL28yMEdackVVTE9LQ0lETmV0OTVtSnptcWI0b0JncjBlTG9mU0MxVTM0R3dsOExQWXhuT2lmQ0tyVjFTbGdCRHl6RzdrMTVrR1EwYndYeXdTZUF1UUIweGJjQXBrNjM5NWkzUXN4VUtjdjZkS24iLCJtYWMiOiI3NjY1NGM0MjAwNTdkYjVlN2UyNDE5Y2IwNDY5ZjhmOGJmMmJlMTdhZDYyYmYyMzAyNGM3ODkyNTQyYjJhMWMzIiwidGFnIjoiIn0%3D; 707YqE4xA8OYWVnP4ztluB932Lm02gonE3iSiTfi=eyJpdiI6InhzeVYwZTdjeWRxZVk1d2lSZW9tU2c9PSIsInZhbHVlIjoiTEVMbmxocXYvL0M1VWVZRW0yTXJkbG1MS1hHenlXYThqbzh2Snh1VUc2TjlPVW1oMG9sc3M5azlZY3dWS0dXbEN6NU94amYzaTVKalg3dFZxSVU1dG9zb3dickcvZHJuWC9BZHM3aWdUY25xczAzb1NLMXI5b1VhbzFRSTRvanFwRDFoOC9KLzN5SUVrUmRDcWhsbWtOc2VaLzlVdHJxYm1PZ3JXSU8zK0wzQ3BPRXlMdFhNcGZrdDIyNHZsb0FrMittM2tIMXVzTlFQVE1QSjZJSC9sa0dNbkNzV3ZBRVJpZ1pkOHFjNURyVVp2SmUrdlpXc0h2dnhjMHR6amxkWGxpaXBqZmhkRFIxdXdic01JVk1UKzNpcWZjWEdlSUFMdEd5ejZJTEFzMHowUUFCaVkwMEFLRWtHTTdGU1kyM2kzb1lKclc0bkFYejZxdEFsTnpTbW50enpCT1Jpb3BsNXRaVC9yQjBGNWl5eHVOcTRGalVaa2xIK3FZOXNMYmJSekF4SWFDMWNFRm5kWnhqVWptWjRiaWZpdW91Y2pCSW92aDRqb3c2TDBXSEVOcmI0WXlTcUV3UFllRU5DNTgrMElFeDNkUGpUVzRFQiszdk0zY3gxUmZXVTNKNVExKzE3YlBXQ0RBblUvT0ozcTZnZElycjhRU1pESlg5ZEhmNmprSGFmZEJqUHU4ZVlYU0V5TFN0bzNDeVBWcDh3YVpMbGVMTUx5ank2UXF3elAvTEFwS1htYmYxdmZhVkhRQ2ZvQSt1dkFuNGJmSUFOaU9ScDUvZGZad2JKRWgwVDAxaE11L2Z6bEVaMGM4QWorQlBBWHpSb2Uza3hkY2hsQnRzdFNCclR5TktWekpML0FUbUVUT2pjeVJZdmlrQmI2MlZvdHdGRHhjcW5RM3JXQ3g1RFkwNmRLeTBQZTJaOVBxbDNYeTQxVzZLaSt4RkExNGdraGJnWXRNekpZdnRHdzNHNm5tUDVSQ09ldVkzRFZLREx3MllLZlRUZ2ZvaHZRWVUvQlBqbmVMb01JKy9xZEJhVDBnUDArTzRNbU1SNlhYWmY1NlQ5SmNrNHB2R1hCSmd4V3NFYXExVFd3SlFhaFMrR3QzTFNaNmJHQ2NKR053bVpTakdUN1QyVFFrZmc2ZC93YVFtZ01nVTdHUHJuaVM3eU9xMWFKSmZ3WDdQMHFRQWswQTl4THhIM3IzUmo4bVIwODZFcHYzeW8zWlAzUC9iZmFhQjhXdWcyUjFBTEtDU0hQRVBXTStlSW9LRGRuaUNxdVBURjFRa0lMek1Wb3g4RkpocTU1SGJ4V3RMZEhQUUxZdnhFUWtNZkx6MFZmd3JyTXJMSzFxaWpGZlBNTXNZMnZ1VDNwS0sxcVZMRUpUSG5MRzh5NEFkZ01ZSFd4cTI1TkR1b3BGaUlxZTZQVElpTklZUGtaTW96WGNuNytEcisxZHJmbHozVTdPWEsrRHkrcVBTSUxvbFhlWmw0N1E4YXZPazFmSTh2RWc3Vy96MWRNRnBpdERCYlJNSmloWG9NMyt0STdJeGorVytaTWtGcFRhMllJVXRid09EWkNlQTNNSzlNZUtiQm9HdTQvZlVKdjQ1bDdBTnhFVllCR3RNWVZSUHhIeDdmMUxKOFVzQU5FMUdQZmZTL3RPNGdYcnhXQjFkM2dzTU5DNUxyOFhqNVhzQ3Rka1dwdjJzRUNiR1BteWNlSEx5SitZODA1bzNBb1EvZ2VCTmtWR1BSUmZyTjVEZ2lHY0o3TFdXR3p4NnFGREIvUC92d0hVRURyeGw2b3BZQkM4eUFNb2h1MkhObllsdnAvV3NWUzNYaGR1WHZKMHNjZ2U2WE05RT0iLCJtYWMiOiJjNzhlMTg3NTFhZDc3Y2NiNGZhNDkzOWY2NDAyN2Q2MmYzNjcyZTRiZGUxM2I5MzIyNDE5ZjAwZTc3MGVkODQ4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 19:55:35 GMT
content-type: image/png
content-length: 2282
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
etag: "6316f125-8ea"
expires: Sun, 10 Sep 2023 19:55:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2

1d6ce0440a1.prizessites.net/img/prizes/iphone-13-pro-max/default@0.75x.png

94.237.93.242

200 OK

12 kB

URL HTTP/2
1d6ce0440a1.prizessites.net/img/prizes/iphone-13-pro-max/default@0.75x.png
IP
94.237.93.242:0
ASN
#202053 UpCloud Ltd

File type
PNG image data, 300 x 300, 8-bit colormap, non-interlaced\012- data
Size
12 kB (12235 bytes)
Hash
67668c05ba6bb6196a38c9abeb567a78
059bcaf8ffb9fd52741ec3fd0b0fc30891faa2a9
f314aa1a1cc18201e581f3f2976ea022da3c03714b15c0a06113ab3e59d34a46

HTTP Headers

GET /img/prizes/iphone-13-pro-max/default@0.75x.png HTTP/1.1
Host: 1d6ce0440a1.prizessites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==
Cookie: XSRF-TOKEN=eyJpdiI6IkNPWXRWajNiekhuaDh6TGFoQ2d5ZXc9PSIsInZhbHVlIjoibVY5UnBtSytYbWg3alNQdjdKb2Z5QzgxUUN3QmZGb3hwMFFqaVZwMlRlbjlRM05MU3FZTXJLRzFINU9Lb1hmZkRGaUZvV0FuY0k2WDdlZTlkQlQyYkN5WUNjVkZLZ1BQclpQb3p4VFdLenh4bVJFQThaZ1JlUU9KYzFLVGI2KysiLCJtYWMiOiJlYTM4YWQ2MmQ0NjE5YTcxNTEwNGEwZGY5M2ZmZjNkNmNmZDA5YTJjNTM3NGU3NDgwYmJhNzJhYTcxMWFlYjdlIiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlcvSHBqMXRJbmxSRGQ5ODBnR2plYUE9PSIsInZhbHVlIjoiTkdwN1M2TFE5TnorMVh6V29BL28yMEdackVVTE9LQ0lETmV0OTVtSnptcWI0b0JncjBlTG9mU0MxVTM0R3dsOExQWXhuT2lmQ0tyVjFTbGdCRHl6RzdrMTVrR1EwYndYeXdTZUF1UUIweGJjQXBrNjM5NWkzUXN4VUtjdjZkS24iLCJtYWMiOiI3NjY1NGM0MjAwNTdkYjVlN2UyNDE5Y2IwNDY5ZjhmOGJmMmJlMTdhZDYyYmYyMzAyNGM3ODkyNTQyYjJhMWMzIiwidGFnIjoiIn0%3D; 707YqE4xA8OYWVnP4ztluB932Lm02gonE3iSiTfi=eyJpdiI6InhzeVYwZTdjeWRxZVk1d2lSZW9tU2c9PSIsInZhbHVlIjoiTEVMbmxocXYvL0M1VWVZRW0yTXJkbG1MS1hHenlXYThqbzh2Snh1VUc2TjlPVW1oMG9sc3M5azlZY3dWS0dXbEN6NU94amYzaTVKalg3dFZxSVU1dG9zb3dickcvZHJuWC9BZHM3aWdUY25xczAzb1NLMXI5b1VhbzFRSTRvanFwRDFoOC9KLzN5SUVrUmRDcWhsbWtOc2VaLzlVdHJxYm1PZ3JXSU8zK0wzQ3BPRXlMdFhNcGZrdDIyNHZsb0FrMittM2tIMXVzTlFQVE1QSjZJSC9sa0dNbkNzV3ZBRVJpZ1pkOHFjNURyVVp2SmUrdlpXc0h2dnhjMHR6amxkWGxpaXBqZmhkRFIxdXdic01JVk1UKzNpcWZjWEdlSUFMdEd5ejZJTEFzMHowUUFCaVkwMEFLRWtHTTdGU1kyM2kzb1lKclc0bkFYejZxdEFsTnpTbW50enpCT1Jpb3BsNXRaVC9yQjBGNWl5eHVOcTRGalVaa2xIK3FZOXNMYmJSekF4SWFDMWNFRm5kWnhqVWptWjRiaWZpdW91Y2pCSW92aDRqb3c2TDBXSEVOcmI0WXlTcUV3UFllRU5DNTgrMElFeDNkUGpUVzRFQiszdk0zY3gxUmZXVTNKNVExKzE3YlBXQ0RBblUvT0ozcTZnZElycjhRU1pESlg5ZEhmNmprSGFmZEJqUHU4ZVlYU0V5TFN0bzNDeVBWcDh3YVpMbGVMTUx5ank2UXF3elAvTEFwS1htYmYxdmZhVkhRQ2ZvQSt1dkFuNGJmSUFOaU9ScDUvZGZad2JKRWgwVDAxaE11L2Z6bEVaMGM4QWorQlBBWHpSb2Uza3hkY2hsQnRzdFNCclR5TktWekpML0FUbUVUT2pjeVJZdmlrQmI2MlZvdHdGRHhjcW5RM3JXQ3g1RFkwNmRLeTBQZTJaOVBxbDNYeTQxVzZLaSt4RkExNGdraGJnWXRNekpZdnRHdzNHNm5tUDVSQ09ldVkzRFZLREx3MllLZlRUZ2ZvaHZRWVUvQlBqbmVMb01JKy9xZEJhVDBnUDArTzRNbU1SNlhYWmY1NlQ5SmNrNHB2R1hCSmd4V3NFYXExVFd3SlFhaFMrR3QzTFNaNmJHQ2NKR053bVpTakdUN1QyVFFrZmc2ZC93YVFtZ01nVTdHUHJuaVM3eU9xMWFKSmZ3WDdQMHFRQWswQTl4THhIM3IzUmo4bVIwODZFcHYzeW8zWlAzUC9iZmFhQjhXdWcyUjFBTEtDU0hQRVBXTStlSW9LRGRuaUNxdVBURjFRa0lMek1Wb3g4RkpocTU1SGJ4V3RMZEhQUUxZdnhFUWtNZkx6MFZmd3JyTXJMSzFxaWpGZlBNTXNZMnZ1VDNwS0sxcVZMRUpUSG5MRzh5NEFkZ01ZSFd4cTI1TkR1b3BGaUlxZTZQVElpTklZUGtaTW96WGNuNytEcisxZHJmbHozVTdPWEsrRHkrcVBTSUxvbFhlWmw0N1E4YXZPazFmSTh2RWc3Vy96MWRNRnBpdERCYlJNSmloWG9NMyt0STdJeGorVytaTWtGcFRhMllJVXRid09EWkNlQTNNSzlNZUtiQm9HdTQvZlVKdjQ1bDdBTnhFVllCR3RNWVZSUHhIeDdmMUxKOFVzQU5FMUdQZmZTL3RPNGdYcnhXQjFkM2dzTU5DNUxyOFhqNVhzQ3Rka1dwdjJzRUNiR1BteWNlSEx5SitZODA1bzNBb1EvZ2VCTmtWR1BSUmZyTjVEZ2lHY0o3TFdXR3p4NnFGREIvUC92d0hVRURyeGw2b3BZQkM4eUFNb2h1MkhObllsdnAvV3NWUzNYaGR1WHZKMHNjZ2U2WE05RT0iLCJtYWMiOiJjNzhlMTg3NTFhZDc3Y2NiNGZhNDkzOWY2NDAyN2Q2MmYzNjcyZTRiZGUxM2I5MzIyNDE5ZjAwZTc3MGVkODQ4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 19:55:35 GMT
content-type: image/png
content-length: 12235
last-modified: Tue, 06 Sep 2022 07:03:15 GMT
etag: "6316f0b3-2fcb"
expires: Sun, 10 Sep 2023 19:55:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2

1d6ce0440a1.prizessites.net/img/landers/squid-game/symbols.png

94.237.93.242

200 OK

2.1 kB

URL HTTP/2
1d6ce0440a1.prizessites.net/img/landers/squid-game/symbols.png
IP
94.237.93.242:0
ASN
#202053 UpCloud Ltd

File type
PNG image data, 464 x 144, 4-bit colormap, non-interlaced\012- data
Size
2.1 kB (2117 bytes)
Hash
b4095cc95c1c679a27291e45476a34ab
d979867db19527805b26d4d1bef593cadcdd6d7d
c8a718e061197c88f27d4eadb62d98f66e69d2aaf8a7981b73add37e63c08545

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /img/landers/squid-game/symbols.png HTTP/1.1
Host: 1d6ce0440a1.prizessites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==
Cookie: XSRF-TOKEN=eyJpdiI6IkNPWXRWajNiekhuaDh6TGFoQ2d5ZXc9PSIsInZhbHVlIjoibVY5UnBtSytYbWg3alNQdjdKb2Z5QzgxUUN3QmZGb3hwMFFqaVZwMlRlbjlRM05MU3FZTXJLRzFINU9Lb1hmZkRGaUZvV0FuY0k2WDdlZTlkQlQyYkN5WUNjVkZLZ1BQclpQb3p4VFdLenh4bVJFQThaZ1JlUU9KYzFLVGI2KysiLCJtYWMiOiJlYTM4YWQ2MmQ0NjE5YTcxNTEwNGEwZGY5M2ZmZjNkNmNmZDA5YTJjNTM3NGU3NDgwYmJhNzJhYTcxMWFlYjdlIiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlcvSHBqMXRJbmxSRGQ5ODBnR2plYUE9PSIsInZhbHVlIjoiTkdwN1M2TFE5TnorMVh6V29BL28yMEdackVVTE9LQ0lETmV0OTVtSnptcWI0b0JncjBlTG9mU0MxVTM0R3dsOExQWXhuT2lmQ0tyVjFTbGdCRHl6RzdrMTVrR1EwYndYeXdTZUF1UUIweGJjQXBrNjM5NWkzUXN4VUtjdjZkS24iLCJtYWMiOiI3NjY1NGM0MjAwNTdkYjVlN2UyNDE5Y2IwNDY5ZjhmOGJmMmJlMTdhZDYyYmYyMzAyNGM3ODkyNTQyYjJhMWMzIiwidGFnIjoiIn0%3D; 707YqE4xA8OYWVnP4ztluB932Lm02gonE3iSiTfi=eyJpdiI6InhzeVYwZTdjeWRxZVk1d2lSZW9tU2c9PSIsInZhbHVlIjoiTEVMbmxocXYvL0M1VWVZRW0yTXJkbG1MS1hHenlXYThqbzh2Snh1VUc2TjlPVW1oMG9sc3M5azlZY3dWS0dXbEN6NU94amYzaTVKalg3dFZxSVU1dG9zb3dickcvZHJuWC9BZHM3aWdUY25xczAzb1NLMXI5b1VhbzFRSTRvanFwRDFoOC9KLzN5SUVrUmRDcWhsbWtOc2VaLzlVdHJxYm1PZ3JXSU8zK0wzQ3BPRXlMdFhNcGZrdDIyNHZsb0FrMittM2tIMXVzTlFQVE1QSjZJSC9sa0dNbkNzV3ZBRVJpZ1pkOHFjNURyVVp2SmUrdlpXc0h2dnhjMHR6amxkWGxpaXBqZmhkRFIxdXdic01JVk1UKzNpcWZjWEdlSUFMdEd5ejZJTEFzMHowUUFCaVkwMEFLRWtHTTdGU1kyM2kzb1lKclc0bkFYejZxdEFsTnpTbW50enpCT1Jpb3BsNXRaVC9yQjBGNWl5eHVOcTRGalVaa2xIK3FZOXNMYmJSekF4SWFDMWNFRm5kWnhqVWptWjRiaWZpdW91Y2pCSW92aDRqb3c2TDBXSEVOcmI0WXlTcUV3UFllRU5DNTgrMElFeDNkUGpUVzRFQiszdk0zY3gxUmZXVTNKNVExKzE3YlBXQ0RBblUvT0ozcTZnZElycjhRU1pESlg5ZEhmNmprSGFmZEJqUHU4ZVlYU0V5TFN0bzNDeVBWcDh3YVpMbGVMTUx5ank2UXF3elAvTEFwS1htYmYxdmZhVkhRQ2ZvQSt1dkFuNGJmSUFOaU9ScDUvZGZad2JKRWgwVDAxaE11L2Z6bEVaMGM4QWorQlBBWHpSb2Uza3hkY2hsQnRzdFNCclR5TktWekpML0FUbUVUT2pjeVJZdmlrQmI2MlZvdHdGRHhjcW5RM3JXQ3g1RFkwNmRLeTBQZTJaOVBxbDNYeTQxVzZLaSt4RkExNGdraGJnWXRNekpZdnRHdzNHNm5tUDVSQ09ldVkzRFZLREx3MllLZlRUZ2ZvaHZRWVUvQlBqbmVMb01JKy9xZEJhVDBnUDArTzRNbU1SNlhYWmY1NlQ5SmNrNHB2R1hCSmd4V3NFYXExVFd3SlFhaFMrR3QzTFNaNmJHQ2NKR053bVpTakdUN1QyVFFrZmc2ZC93YVFtZ01nVTdHUHJuaVM3eU9xMWFKSmZ3WDdQMHFRQWswQTl4THhIM3IzUmo4bVIwODZFcHYzeW8zWlAzUC9iZmFhQjhXdWcyUjFBTEtDU0hQRVBXTStlSW9LRGRuaUNxdVBURjFRa0lMek1Wb3g4RkpocTU1SGJ4V3RMZEhQUUxZdnhFUWtNZkx6MFZmd3JyTXJMSzFxaWpGZlBNTXNZMnZ1VDNwS0sxcVZMRUpUSG5MRzh5NEFkZ01ZSFd4cTI1TkR1b3BGaUlxZTZQVElpTklZUGtaTW96WGNuNytEcisxZHJmbHozVTdPWEsrRHkrcVBTSUxvbFhlWmw0N1E4YXZPazFmSTh2RWc3Vy96MWRNRnBpdERCYlJNSmloWG9NMyt0STdJeGorVytaTWtGcFRhMllJVXRid09EWkNlQTNNSzlNZUtiQm9HdTQvZlVKdjQ1bDdBTnhFVllCR3RNWVZSUHhIeDdmMUxKOFVzQU5FMUdQZmZTL3RPNGdYcnhXQjFkM2dzTU5DNUxyOFhqNVhzQ3Rka1dwdjJzRUNiR1BteWNlSEx5SitZODA1bzNBb1EvZ2VCTmtWR1BSUmZyTjVEZ2lHY0o3TFdXR3p4NnFGREIvUC92d0hVRURyeGw2b3BZQkM4eUFNb2h1MkhObllsdnAvV3NWUzNYaGR1WHZKMHNjZ2U2WE05RT0iLCJtYWMiOiJjNzhlMTg3NTFhZDc3Y2NiNGZhNDkzOWY2NDAyN2Q2MmYzNjcyZTRiZGUxM2I5MzIyNDE5ZjAwZTc3MGVkODQ4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 19:55:35 GMT
content-type: image/png
content-length: 2117
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
etag: "6316f125-845"
expires: Sun, 10 Sep 2023 19:55:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2

1d6ce0440a1.prizessites.net/img/landers/squid-game/doll.png

94.237.93.242

200 OK

6.9 kB

URL HTTP/2
1d6ce0440a1.prizessites.net/img/landers/squid-game/doll.png
IP
94.237.93.242:0
ASN
#202053 UpCloud Ltd

File type
PNG image data, 151 x 164, 8-bit colormap, non-interlaced\012- data
Size
6.9 kB (6862 bytes)
Hash
e03b18dd65166a1b11560ba89a49edde
4dc9b645d6b2a8b01d54a12419926c2bf1b5da94
878bbc0fcd4396f4720ca77b520482e0b2b09b85a6f9fa8593d78c5001b64789

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /img/landers/squid-game/doll.png HTTP/1.1
Host: 1d6ce0440a1.prizessites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==
Cookie: XSRF-TOKEN=eyJpdiI6IkNPWXRWajNiekhuaDh6TGFoQ2d5ZXc9PSIsInZhbHVlIjoibVY5UnBtSytYbWg3alNQdjdKb2Z5QzgxUUN3QmZGb3hwMFFqaVZwMlRlbjlRM05MU3FZTXJLRzFINU9Lb1hmZkRGaUZvV0FuY0k2WDdlZTlkQlQyYkN5WUNjVkZLZ1BQclpQb3p4VFdLenh4bVJFQThaZ1JlUU9KYzFLVGI2KysiLCJtYWMiOiJlYTM4YWQ2MmQ0NjE5YTcxNTEwNGEwZGY5M2ZmZjNkNmNmZDA5YTJjNTM3NGU3NDgwYmJhNzJhYTcxMWFlYjdlIiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlcvSHBqMXRJbmxSRGQ5ODBnR2plYUE9PSIsInZhbHVlIjoiTkdwN1M2TFE5TnorMVh6V29BL28yMEdackVVTE9LQ0lETmV0OTVtSnptcWI0b0JncjBlTG9mU0MxVTM0R3dsOExQWXhuT2lmQ0tyVjFTbGdCRHl6RzdrMTVrR1EwYndYeXdTZUF1UUIweGJjQXBrNjM5NWkzUXN4VUtjdjZkS24iLCJtYWMiOiI3NjY1NGM0MjAwNTdkYjVlN2UyNDE5Y2IwNDY5ZjhmOGJmMmJlMTdhZDYyYmYyMzAyNGM3ODkyNTQyYjJhMWMzIiwidGFnIjoiIn0%3D; 707YqE4xA8OYWVnP4ztluB932Lm02gonE3iSiTfi=eyJpdiI6InhzeVYwZTdjeWRxZVk1d2lSZW9tU2c9PSIsInZhbHVlIjoiTEVMbmxocXYvL0M1VWVZRW0yTXJkbG1MS1hHenlXYThqbzh2Snh1VUc2TjlPVW1oMG9sc3M5azlZY3dWS0dXbEN6NU94amYzaTVKalg3dFZxSVU1dG9zb3dickcvZHJuWC9BZHM3aWdUY25xczAzb1NLMXI5b1VhbzFRSTRvanFwRDFoOC9KLzN5SUVrUmRDcWhsbWtOc2VaLzlVdHJxYm1PZ3JXSU8zK0wzQ3BPRXlMdFhNcGZrdDIyNHZsb0FrMittM2tIMXVzTlFQVE1QSjZJSC9sa0dNbkNzV3ZBRVJpZ1pkOHFjNURyVVp2SmUrdlpXc0h2dnhjMHR6amxkWGxpaXBqZmhkRFIxdXdic01JVk1UKzNpcWZjWEdlSUFMdEd5ejZJTEFzMHowUUFCaVkwMEFLRWtHTTdGU1kyM2kzb1lKclc0bkFYejZxdEFsTnpTbW50enpCT1Jpb3BsNXRaVC9yQjBGNWl5eHVOcTRGalVaa2xIK3FZOXNMYmJSekF4SWFDMWNFRm5kWnhqVWptWjRiaWZpdW91Y2pCSW92aDRqb3c2TDBXSEVOcmI0WXlTcUV3UFllRU5DNTgrMElFeDNkUGpUVzRFQiszdk0zY3gxUmZXVTNKNVExKzE3YlBXQ0RBblUvT0ozcTZnZElycjhRU1pESlg5ZEhmNmprSGFmZEJqUHU4ZVlYU0V5TFN0bzNDeVBWcDh3YVpMbGVMTUx5ank2UXF3elAvTEFwS1htYmYxdmZhVkhRQ2ZvQSt1dkFuNGJmSUFOaU9ScDUvZGZad2JKRWgwVDAxaE11L2Z6bEVaMGM4QWorQlBBWHpSb2Uza3hkY2hsQnRzdFNCclR5TktWekpML0FUbUVUT2pjeVJZdmlrQmI2MlZvdHdGRHhjcW5RM3JXQ3g1RFkwNmRLeTBQZTJaOVBxbDNYeTQxVzZLaSt4RkExNGdraGJnWXRNekpZdnRHdzNHNm5tUDVSQ09ldVkzRFZLREx3MllLZlRUZ2ZvaHZRWVUvQlBqbmVMb01JKy9xZEJhVDBnUDArTzRNbU1SNlhYWmY1NlQ5SmNrNHB2R1hCSmd4V3NFYXExVFd3SlFhaFMrR3QzTFNaNmJHQ2NKR053bVpTakdUN1QyVFFrZmc2ZC93YVFtZ01nVTdHUHJuaVM3eU9xMWFKSmZ3WDdQMHFRQWswQTl4THhIM3IzUmo4bVIwODZFcHYzeW8zWlAzUC9iZmFhQjhXdWcyUjFBTEtDU0hQRVBXTStlSW9LRGRuaUNxdVBURjFRa0lMek1Wb3g4RkpocTU1SGJ4V3RMZEhQUUxZdnhFUWtNZkx6MFZmd3JyTXJMSzFxaWpGZlBNTXNZMnZ1VDNwS0sxcVZMRUpUSG5MRzh5NEFkZ01ZSFd4cTI1TkR1b3BGaUlxZTZQVElpTklZUGtaTW96WGNuNytEcisxZHJmbHozVTdPWEsrRHkrcVBTSUxvbFhlWmw0N1E4YXZPazFmSTh2RWc3Vy96MWRNRnBpdERCYlJNSmloWG9NMyt0STdJeGorVytaTWtGcFRhMllJVXRid09EWkNlQTNNSzlNZUtiQm9HdTQvZlVKdjQ1bDdBTnhFVllCR3RNWVZSUHhIeDdmMUxKOFVzQU5FMUdQZmZTL3RPNGdYcnhXQjFkM2dzTU5DNUxyOFhqNVhzQ3Rka1dwdjJzRUNiR1BteWNlSEx5SitZODA1bzNBb1EvZ2VCTmtWR1BSUmZyTjVEZ2lHY0o3TFdXR3p4NnFGREIvUC92d0hVRURyeGw2b3BZQkM4eUFNb2h1MkhObllsdnAvV3NWUzNYaGR1WHZKMHNjZ2U2WE05RT0iLCJtYWMiOiJjNzhlMTg3NTFhZDc3Y2NiNGZhNDkzOWY2NDAyN2Q2MmYzNjcyZTRiZGUxM2I5MzIyNDE5ZjAwZTc3MGVkODQ4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 19:55:35 GMT
content-type: image/png
content-length: 6862
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
etag: "6316f125-1ace"
expires: Sun, 10 Sep 2023 19:55:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2

1d6ce0440a1.prizessites.net/audio/landers/squid-game/intro.mp3

94.237.93.242

206 Partial Content

24 kB

URL HTTP/2
1d6ce0440a1.prizessites.net/audio/landers/squid-game/intro.mp3
IP
94.237.93.242:0
ASN
#202053 UpCloud Ltd

File type
Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2, 24 kbps, 16 kHz, Monaural\012- data
Size
24 kB (24454 bytes)
Hash
bbdbbb40abd6a059601f28e61764d1af
dc36e80938e6eccb47e5a5ecc63bf38de46f9419
9fa184d92c5fcd83a765356e0171f5e5d744d26630f06413b68fd90396886c09

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /audio/landers/squid-game/intro.mp3 HTTP/1.1
Host: 1d6ce0440a1.prizessites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==
Cookie: XSRF-TOKEN=eyJpdiI6IkNPWXRWajNiekhuaDh6TGFoQ2d5ZXc9PSIsInZhbHVlIjoibVY5UnBtSytYbWg3alNQdjdKb2Z5QzgxUUN3QmZGb3hwMFFqaVZwMlRlbjlRM05MU3FZTXJLRzFINU9Lb1hmZkRGaUZvV0FuY0k2WDdlZTlkQlQyYkN5WUNjVkZLZ1BQclpQb3p4VFdLenh4bVJFQThaZ1JlUU9KYzFLVGI2KysiLCJtYWMiOiJlYTM4YWQ2MmQ0NjE5YTcxNTEwNGEwZGY5M2ZmZjNkNmNmZDA5YTJjNTM3NGU3NDgwYmJhNzJhYTcxMWFlYjdlIiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlcvSHBqMXRJbmxSRGQ5ODBnR2plYUE9PSIsInZhbHVlIjoiTkdwN1M2TFE5TnorMVh6V29BL28yMEdackVVTE9LQ0lETmV0OTVtSnptcWI0b0JncjBlTG9mU0MxVTM0R3dsOExQWXhuT2lmQ0tyVjFTbGdCRHl6RzdrMTVrR1EwYndYeXdTZUF1UUIweGJjQXBrNjM5NWkzUXN4VUtjdjZkS24iLCJtYWMiOiI3NjY1NGM0MjAwNTdkYjVlN2UyNDE5Y2IwNDY5ZjhmOGJmMmJlMTdhZDYyYmYyMzAyNGM3ODkyNTQyYjJhMWMzIiwidGFnIjoiIn0%3D; 707YqE4xA8OYWVnP4ztluB932Lm02gonE3iSiTfi=eyJpdiI6InhzeVYwZTdjeWRxZVk1d2lSZW9tU2c9PSIsInZhbHVlIjoiTEVMbmxocXYvL0M1VWVZRW0yTXJkbG1MS1hHenlXYThqbzh2Snh1VUc2TjlPVW1oMG9sc3M5azlZY3dWS0dXbEN6NU94amYzaTVKalg3dFZxSVU1dG9zb3dickcvZHJuWC9BZHM3aWdUY25xczAzb1NLMXI5b1VhbzFRSTRvanFwRDFoOC9KLzN5SUVrUmRDcWhsbWtOc2VaLzlVdHJxYm1PZ3JXSU8zK0wzQ3BPRXlMdFhNcGZrdDIyNHZsb0FrMittM2tIMXVzTlFQVE1QSjZJSC9sa0dNbkNzV3ZBRVJpZ1pkOHFjNURyVVp2SmUrdlpXc0h2dnhjMHR6amxkWGxpaXBqZmhkRFIxdXdic01JVk1UKzNpcWZjWEdlSUFMdEd5ejZJTEFzMHowUUFCaVkwMEFLRWtHTTdGU1kyM2kzb1lKclc0bkFYejZxdEFsTnpTbW50enpCT1Jpb3BsNXRaVC9yQjBGNWl5eHVOcTRGalVaa2xIK3FZOXNMYmJSekF4SWFDMWNFRm5kWnhqVWptWjRiaWZpdW91Y2pCSW92aDRqb3c2TDBXSEVOcmI0WXlTcUV3UFllRU5DNTgrMElFeDNkUGpUVzRFQiszdk0zY3gxUmZXVTNKNVExKzE3YlBXQ0RBblUvT0ozcTZnZElycjhRU1pESlg5ZEhmNmprSGFmZEJqUHU4ZVlYU0V5TFN0bzNDeVBWcDh3YVpMbGVMTUx5ank2UXF3elAvTEFwS1htYmYxdmZhVkhRQ2ZvQSt1dkFuNGJmSUFOaU9ScDUvZGZad2JKRWgwVDAxaE11L2Z6bEVaMGM4QWorQlBBWHpSb2Uza3hkY2hsQnRzdFNCclR5TktWekpML0FUbUVUT2pjeVJZdmlrQmI2MlZvdHdGRHhjcW5RM3JXQ3g1RFkwNmRLeTBQZTJaOVBxbDNYeTQxVzZLaSt4RkExNGdraGJnWXRNekpZdnRHdzNHNm5tUDVSQ09ldVkzRFZLREx3MllLZlRUZ2ZvaHZRWVUvQlBqbmVMb01JKy9xZEJhVDBnUDArTzRNbU1SNlhYWmY1NlQ5SmNrNHB2R1hCSmd4V3NFYXExVFd3SlFhaFMrR3QzTFNaNmJHQ2NKR053bVpTakdUN1QyVFFrZmc2ZC93YVFtZ01nVTdHUHJuaVM3eU9xMWFKSmZ3WDdQMHFRQWswQTl4THhIM3IzUmo4bVIwODZFcHYzeW8zWlAzUC9iZmFhQjhXdWcyUjFBTEtDU0hQRVBXTStlSW9LRGRuaUNxdVBURjFRa0lMek1Wb3g4RkpocTU1SGJ4V3RMZEhQUUxZdnhFUWtNZkx6MFZmd3JyTXJMSzFxaWpGZlBNTXNZMnZ1VDNwS0sxcVZMRUpUSG5MRzh5NEFkZ01ZSFd4cTI1TkR1b3BGaUlxZTZQVElpTklZUGtaTW96WGNuNytEcisxZHJmbHozVTdPWEsrRHkrcVBTSUxvbFhlWmw0N1E4YXZPazFmSTh2RWc3Vy96MWRNRnBpdERCYlJNSmloWG9NMyt0STdJeGorVytaTWtGcFRhMllJVXRid09EWkNlQTNNSzlNZUtiQm9HdTQvZlVKdjQ1bDdBTnhFVllCR3RNWVZSUHhIeDdmMUxKOFVzQU5FMUdQZmZTL3RPNGdYcnhXQjFkM2dzTU5DNUxyOFhqNVhzQ3Rka1dwdjJzRUNiR1BteWNlSEx5SitZODA1bzNBb1EvZ2VCTmtWR1BSUmZyTjVEZ2lHY0o3TFdXR3p4NnFGREIvUC92d0hVRURyeGw2b3BZQkM4eUFNb2h1MkhObllsdnAvV3NWUzNYaGR1WHZKMHNjZ2U2WE05RT0iLCJtYWMiOiJjNzhlMTg3NTFhZDc3Y2NiNGZhNDkzOWY2NDAyN2Q2MmYzNjcyZTRiZGUxM2I5MzIyNDE5ZjAwZTc3MGVkODQ4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
date: Sat, 10 Sep 2022 19:55:35 GMT
content-type: audio/mpeg
content-length: 24454
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
etag: "6316f125-5f86"
expires: Sun, 10 Sep 2023 19:55:35 GMT
pragma: public
cache-control: max-age=31536000, public
content-range: bytes 0-24453/24454
X-Firefox-Spdy: h2

1d6ce0440a1.prizessites.net/js/landers/squid-game/app.js?id=fa89b2f912da0891b7b4

94.237.93.242

200 OK

36 kB

URL HTTP/2
1d6ce0440a1.prizessites.net/js/landers/squid-game/app.js?id=fa89b2f912da0891b7b4
IP
94.237.93.242:0
ASN
#202053 UpCloud Ltd

File type
data
Size
36 kB (36497 bytes)
Hash
c69662510db72851c4bef05482a986ad
50f0bb727f16643180a2f0075d11dfd735bf4524
cfa9e20bbd3233933f707b562e09c4d07952311c5e31bf27eb967f36ee30aed6

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /js/landers/squid-game/app.js?id=fa89b2f912da0891b7b4 HTTP/1.1
Host: 1d6ce0440a1.prizessites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==
Cookie: XSRF-TOKEN=eyJpdiI6IkNPWXRWajNiekhuaDh6TGFoQ2d5ZXc9PSIsInZhbHVlIjoibVY5UnBtSytYbWg3alNQdjdKb2Z5QzgxUUN3QmZGb3hwMFFqaVZwMlRlbjlRM05MU3FZTXJLRzFINU9Lb1hmZkRGaUZvV0FuY0k2WDdlZTlkQlQyYkN5WUNjVkZLZ1BQclpQb3p4VFdLenh4bVJFQThaZ1JlUU9KYzFLVGI2KysiLCJtYWMiOiJlYTM4YWQ2MmQ0NjE5YTcxNTEwNGEwZGY5M2ZmZjNkNmNmZDA5YTJjNTM3NGU3NDgwYmJhNzJhYTcxMWFlYjdlIiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlcvSHBqMXRJbmxSRGQ5ODBnR2plYUE9PSIsInZhbHVlIjoiTkdwN1M2TFE5TnorMVh6V29BL28yMEdackVVTE9LQ0lETmV0OTVtSnptcWI0b0JncjBlTG9mU0MxVTM0R3dsOExQWXhuT2lmQ0tyVjFTbGdCRHl6RzdrMTVrR1EwYndYeXdTZUF1UUIweGJjQXBrNjM5NWkzUXN4VUtjdjZkS24iLCJtYWMiOiI3NjY1NGM0MjAwNTdkYjVlN2UyNDE5Y2IwNDY5ZjhmOGJmMmJlMTdhZDYyYmYyMzAyNGM3ODkyNTQyYjJhMWMzIiwidGFnIjoiIn0%3D; 707YqE4xA8OYWVnP4ztluB932Lm02gonE3iSiTfi=eyJpdiI6InhzeVYwZTdjeWRxZVk1d2lSZW9tU2c9PSIsInZhbHVlIjoiTEVMbmxocXYvL0M1VWVZRW0yTXJkbG1MS1hHenlXYThqbzh2Snh1VUc2TjlPVW1oMG9sc3M5azlZY3dWS0dXbEN6NU94amYzaTVKalg3dFZxSVU1dG9zb3dickcvZHJuWC9BZHM3aWdUY25xczAzb1NLMXI5b1VhbzFRSTRvanFwRDFoOC9KLzN5SUVrUmRDcWhsbWtOc2VaLzlVdHJxYm1PZ3JXSU8zK0wzQ3BPRXlMdFhNcGZrdDIyNHZsb0FrMittM2tIMXVzTlFQVE1QSjZJSC9sa0dNbkNzV3ZBRVJpZ1pkOHFjNURyVVp2SmUrdlpXc0h2dnhjMHR6amxkWGxpaXBqZmhkRFIxdXdic01JVk1UKzNpcWZjWEdlSUFMdEd5ejZJTEFzMHowUUFCaVkwMEFLRWtHTTdGU1kyM2kzb1lKclc0bkFYejZxdEFsTnpTbW50enpCT1Jpb3BsNXRaVC9yQjBGNWl5eHVOcTRGalVaa2xIK3FZOXNMYmJSekF4SWFDMWNFRm5kWnhqVWptWjRiaWZpdW91Y2pCSW92aDRqb3c2TDBXSEVOcmI0WXlTcUV3UFllRU5DNTgrMElFeDNkUGpUVzRFQiszdk0zY3gxUmZXVTNKNVExKzE3YlBXQ0RBblUvT0ozcTZnZElycjhRU1pESlg5ZEhmNmprSGFmZEJqUHU4ZVlYU0V5TFN0bzNDeVBWcDh3YVpMbGVMTUx5ank2UXF3elAvTEFwS1htYmYxdmZhVkhRQ2ZvQSt1dkFuNGJmSUFOaU9ScDUvZGZad2JKRWgwVDAxaE11L2Z6bEVaMGM4QWorQlBBWHpSb2Uza3hkY2hsQnRzdFNCclR5TktWekpML0FUbUVUT2pjeVJZdmlrQmI2MlZvdHdGRHhjcW5RM3JXQ3g1RFkwNmRLeTBQZTJaOVBxbDNYeTQxVzZLaSt4RkExNGdraGJnWXRNekpZdnRHdzNHNm5tUDVSQ09ldVkzRFZLREx3MllLZlRUZ2ZvaHZRWVUvQlBqbmVMb01JKy9xZEJhVDBnUDArTzRNbU1SNlhYWmY1NlQ5SmNrNHB2R1hCSmd4V3NFYXExVFd3SlFhaFMrR3QzTFNaNmJHQ2NKR053bVpTakdUN1QyVFFrZmc2ZC93YVFtZ01nVTdHUHJuaVM3eU9xMWFKSmZ3WDdQMHFRQWswQTl4THhIM3IzUmo4bVIwODZFcHYzeW8zWlAzUC9iZmFhQjhXdWcyUjFBTEtDU0hQRVBXTStlSW9LRGRuaUNxdVBURjFRa0lMek1Wb3g4RkpocTU1SGJ4V3RMZEhQUUxZdnhFUWtNZkx6MFZmd3JyTXJMSzFxaWpGZlBNTXNZMnZ1VDNwS0sxcVZMRUpUSG5MRzh5NEFkZ01ZSFd4cTI1TkR1b3BGaUlxZTZQVElpTklZUGtaTW96WGNuNytEcisxZHJmbHozVTdPWEsrRHkrcVBTSUxvbFhlWmw0N1E4YXZPazFmSTh2RWc3Vy96MWRNRnBpdERCYlJNSmloWG9NMyt0STdJeGorVytaTWtGcFRhMllJVXRid09EWkNlQTNNSzlNZUtiQm9HdTQvZlVKdjQ1bDdBTnhFVllCR3RNWVZSUHhIeDdmMUxKOFVzQU5FMUdQZmZTL3RPNGdYcnhXQjFkM2dzTU5DNUxyOFhqNVhzQ3Rka1dwdjJzRUNiR1BteWNlSEx5SitZODA1bzNBb1EvZ2VCTmtWR1BSUmZyTjVEZ2lHY0o3TFdXR3p4NnFGREIvUC92d0hVRURyeGw2b3BZQkM4eUFNb2h1MkhObllsdnAvV3NWUzNYaGR1WHZKMHNjZ2U2WE05RT0iLCJtYWMiOiJjNzhlMTg3NTFhZDc3Y2NiNGZhNDkzOWY2NDAyN2Q2MmYzNjcyZTRiZGUxM2I5MzIyNDE5ZjAwZTc3MGVkODQ4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 19:55:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
vary: Accept-Encoding
etag: W/"6316f125-185d1"
expires: Sun, 10 Sep 2023 19:55:35 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f1fa8224847ea7d9b4dc8e598fae4142
cb703a2944e58d97dd48a7e56ee9f4510ced78b4
920094aad2886535e2ba9e38d4731f63fbde93038d92b38f0030b0a0f47c2ac8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 19:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

1d6ce0440a1.prizessites.net/css/landers/squid-game/app.css?id=ffeb130bc020daad465f

94.237.93.242

200 OK

18 kB

URL HTTP/2
1d6ce0440a1.prizessites.net/css/landers/squid-game/app.css?id=ffeb130bc020daad465f
IP
94.237.93.242:0
ASN
#202053 UpCloud Ltd

File type
data
Size
18 kB (17547 bytes)
Hash
125ef008c7ff7e3466ac30fafc44a213
0dcb18f4f05137ada870d3f808c5adedd4e070a8
b3dd300398b701c329e52a488141c5c53ab808e357084912a91cfa2319d640b6

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /css/landers/squid-game/app.css?id=ffeb130bc020daad465f HTTP/1.1
Host: 1d6ce0440a1.prizessites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==
Cookie: XSRF-TOKEN=eyJpdiI6IkNPWXRWajNiekhuaDh6TGFoQ2d5ZXc9PSIsInZhbHVlIjoibVY5UnBtSytYbWg3alNQdjdKb2Z5QzgxUUN3QmZGb3hwMFFqaVZwMlRlbjlRM05MU3FZTXJLRzFINU9Lb1hmZkRGaUZvV0FuY0k2WDdlZTlkQlQyYkN5WUNjVkZLZ1BQclpQb3p4VFdLenh4bVJFQThaZ1JlUU9KYzFLVGI2KysiLCJtYWMiOiJlYTM4YWQ2MmQ0NjE5YTcxNTEwNGEwZGY5M2ZmZjNkNmNmZDA5YTJjNTM3NGU3NDgwYmJhNzJhYTcxMWFlYjdlIiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlcvSHBqMXRJbmxSRGQ5ODBnR2plYUE9PSIsInZhbHVlIjoiTkdwN1M2TFE5TnorMVh6V29BL28yMEdackVVTE9LQ0lETmV0OTVtSnptcWI0b0JncjBlTG9mU0MxVTM0R3dsOExQWXhuT2lmQ0tyVjFTbGdCRHl6RzdrMTVrR1EwYndYeXdTZUF1UUIweGJjQXBrNjM5NWkzUXN4VUtjdjZkS24iLCJtYWMiOiI3NjY1NGM0MjAwNTdkYjVlN2UyNDE5Y2IwNDY5ZjhmOGJmMmJlMTdhZDYyYmYyMzAyNGM3ODkyNTQyYjJhMWMzIiwidGFnIjoiIn0%3D; 707YqE4xA8OYWVnP4ztluB932Lm02gonE3iSiTfi=eyJpdiI6InhzeVYwZTdjeWRxZVk1d2lSZW9tU2c9PSIsInZhbHVlIjoiTEVMbmxocXYvL0M1VWVZRW0yTXJkbG1MS1hHenlXYThqbzh2Snh1VUc2TjlPVW1oMG9sc3M5azlZY3dWS0dXbEN6NU94amYzaTVKalg3dFZxSVU1dG9zb3dickcvZHJuWC9BZHM3aWdUY25xczAzb1NLMXI5b1VhbzFRSTRvanFwRDFoOC9KLzN5SUVrUmRDcWhsbWtOc2VaLzlVdHJxYm1PZ3JXSU8zK0wzQ3BPRXlMdFhNcGZrdDIyNHZsb0FrMittM2tIMXVzTlFQVE1QSjZJSC9sa0dNbkNzV3ZBRVJpZ1pkOHFjNURyVVp2SmUrdlpXc0h2dnhjMHR6amxkWGxpaXBqZmhkRFIxdXdic01JVk1UKzNpcWZjWEdlSUFMdEd5ejZJTEFzMHowUUFCaVkwMEFLRWtHTTdGU1kyM2kzb1lKclc0bkFYejZxdEFsTnpTbW50enpCT1Jpb3BsNXRaVC9yQjBGNWl5eHVOcTRGalVaa2xIK3FZOXNMYmJSekF4SWFDMWNFRm5kWnhqVWptWjRiaWZpdW91Y2pCSW92aDRqb3c2TDBXSEVOcmI0WXlTcUV3UFllRU5DNTgrMElFeDNkUGpUVzRFQiszdk0zY3gxUmZXVTNKNVExKzE3YlBXQ0RBblUvT0ozcTZnZElycjhRU1pESlg5ZEhmNmprSGFmZEJqUHU4ZVlYU0V5TFN0bzNDeVBWcDh3YVpMbGVMTUx5ank2UXF3elAvTEFwS1htYmYxdmZhVkhRQ2ZvQSt1dkFuNGJmSUFOaU9ScDUvZGZad2JKRWgwVDAxaE11L2Z6bEVaMGM4QWorQlBBWHpSb2Uza3hkY2hsQnRzdFNCclR5TktWekpML0FUbUVUT2pjeVJZdmlrQmI2MlZvdHdGRHhjcW5RM3JXQ3g1RFkwNmRLeTBQZTJaOVBxbDNYeTQxVzZLaSt4RkExNGdraGJnWXRNekpZdnRHdzNHNm5tUDVSQ09ldVkzRFZLREx3MllLZlRUZ2ZvaHZRWVUvQlBqbmVMb01JKy9xZEJhVDBnUDArTzRNbU1SNlhYWmY1NlQ5SmNrNHB2R1hCSmd4V3NFYXExVFd3SlFhaFMrR3QzTFNaNmJHQ2NKR053bVpTakdUN1QyVFFrZmc2ZC93YVFtZ01nVTdHUHJuaVM3eU9xMWFKSmZ3WDdQMHFRQWswQTl4THhIM3IzUmo4bVIwODZFcHYzeW8zWlAzUC9iZmFhQjhXdWcyUjFBTEtDU0hQRVBXTStlSW9LRGRuaUNxdVBURjFRa0lMek1Wb3g4RkpocTU1SGJ4V3RMZEhQUUxZdnhFUWtNZkx6MFZmd3JyTXJMSzFxaWpGZlBNTXNZMnZ1VDNwS0sxcVZMRUpUSG5MRzh5NEFkZ01ZSFd4cTI1TkR1b3BGaUlxZTZQVElpTklZUGtaTW96WGNuNytEcisxZHJmbHozVTdPWEsrRHkrcVBTSUxvbFhlWmw0N1E4YXZPazFmSTh2RWc3Vy96MWRNRnBpdERCYlJNSmloWG9NMyt0STdJeGorVytaTWtGcFRhMllJVXRid09EWkNlQTNNSzlNZUtiQm9HdTQvZlVKdjQ1bDdBTnhFVllCR3RNWVZSUHhIeDdmMUxKOFVzQU5FMUdQZmZTL3RPNGdYcnhXQjFkM2dzTU5DNUxyOFhqNVhzQ3Rka1dwdjJzRUNiR1BteWNlSEx5SitZODA1bzNBb1EvZ2VCTmtWR1BSUmZyTjVEZ2lHY0o3TFdXR3p4NnFGREIvUC92d0hVRURyeGw2b3BZQkM4eUFNb2h1MkhObllsdnAvV3NWUzNYaGR1WHZKMHNjZ2U2WE05RT0iLCJtYWMiOiJjNzhlMTg3NTFhZDc3Y2NiNGZhNDkzOWY2NDAyN2Q2MmYzNjcyZTRiZGUxM2I5MzIyNDE5ZjAwZTc3MGVkODQ4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 19:55:35 GMT
content-type: text/css
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
vary: Accept-Encoding
etag: W/"6316f125-d64"
expires: Sun, 10 Sep 2023 19:55:35 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
43e44f5fe147594a8dd7e263eabca2ae
99a970746a212194f339b3fdc7df516af9f2ffdf
f716e38cbb8632487d1ce62a37e0662ef8611fbe0449a82b9301118b68c7548d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 19:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

142.250.74.163

200 OK

8.0 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Size
8.0 kB (8000 bytes)
Hash
72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1d6ce0440a1.prizessites.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:30:59 GMT
expires: Thu, 07 Sep 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 260676
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
682283c53733d130566bf46bdcfcdd8a
a421d727287d14cf5af08a3d87b2f2be6528dea9
b79592c1f631d8eed3e52b6c9dee0ad5ccd08d682e5bbb5111a820564a6fd84e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B79592C1F631D8EED3E52B6C9DEE0AD5CCD08D682E5BBB5111A820564A6FD84E"
Last-Modified: Sat, 10 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16859
Expires: Sun, 11 Sep 2022 00:36:34 GMT
Date: Sat, 10 Sep 2022 19:55:35 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ebc205cf750164c31d1fce2318d1636b
9309949107d69193b1c5156d45fbcc91e20a0fe4
4ab7f53d17c5d642e17a3e78aa93dc133c4713e44ccccb849f04fdcca62be8b6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 19:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 10 Sep 2022 18:56:07 GMT
Cache-Control: max-age=3600
Expires: Sat, 10 Sep 2022 19:10:55 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8eIMHAuNGN8Zdz5PtyOmEfUM_FcpT347neVIO6MgDnHMmcwB-lTJTw==
Age: 3568

foapsovi.net/zone?&pub=0&zone_id=3714385&is_mobile=false&domain=1d6ce0440a1.prizessites.net&var=&ymid=&var_3=&dsig=&action=prerequest

139.45.197.251

200 OK

0 B

URL HTTP/2
foapsovi.net/zone?&pub=0&zone_id=3714385&is_mobile=false&domain=1d6ce0440a1.prizessites.net&var=&ymid=&var_3=&dsig=&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=3714385&is_mobile=false&domain=1d6ce0440a1.prizessites.net&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1d6ce0440a1.prizessites.net
Connection: keep-alive
Referer: https://1d6ce0440a1.prizessites.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 19:55:35 GMT
content-length: 0
x-trace-id: a67ea99a5103ed5c827817e08ed39c95
access-control-allow-origin: https://1d6ce0440a1.prizessites.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
36fe04277220227ba5ecfe7d2ff1d9d9
2eb9f6560336248cc45c1cd66d87505b5ebdf5d4
94f8f2f8f3b67db18825ea48740ff0ce218d7156fe851d6b023ef43b6bee4f7f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4145
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 19:55:35 GMT
Last-Modified: Sat, 10 Sep 2022 18:46:30 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

1d6ce0440a1.prizessites.net/img/landers/squid-game/cardboard.jpg

94.237.93.242

200 OK

1.9 kB

URL HTTP/2
1d6ce0440a1.prizessites.net/img/landers/squid-game/cardboard.jpg
IP
94.237.93.242:0
ASN
#202053 UpCloud Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 284x217, components 3\012- data
Size
1.9 kB (1912 bytes)
Hash
7a7e336446b1597be7e00e91091b8bc6
24f1b787ac2552c29881fbe69669cbb377ab5f85
43cd137089a9dc62774c57dfc55e14ea6cff5453a5fba0f0c29df9fc18ab7642

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /img/landers/squid-game/cardboard.jpg HTTP/1.1
Host: 1d6ce0440a1.prizessites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce0440a1.prizessites.net/css/landers/squid-game/app.css?id=ffeb130bc020daad465f
Cookie: XSRF-TOKEN=eyJpdiI6IkNPWXRWajNiekhuaDh6TGFoQ2d5ZXc9PSIsInZhbHVlIjoibVY5UnBtSytYbWg3alNQdjdKb2Z5QzgxUUN3QmZGb3hwMFFqaVZwMlRlbjlRM05MU3FZTXJLRzFINU9Lb1hmZkRGaUZvV0FuY0k2WDdlZTlkQlQyYkN5WUNjVkZLZ1BQclpQb3p4VFdLenh4bVJFQThaZ1JlUU9KYzFLVGI2KysiLCJtYWMiOiJlYTM4YWQ2MmQ0NjE5YTcxNTEwNGEwZGY5M2ZmZjNkNmNmZDA5YTJjNTM3NGU3NDgwYmJhNzJhYTcxMWFlYjdlIiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlcvSHBqMXRJbmxSRGQ5ODBnR2plYUE9PSIsInZhbHVlIjoiTkdwN1M2TFE5TnorMVh6V29BL28yMEdackVVTE9LQ0lETmV0OTVtSnptcWI0b0JncjBlTG9mU0MxVTM0R3dsOExQWXhuT2lmQ0tyVjFTbGdCRHl6RzdrMTVrR1EwYndYeXdTZUF1UUIweGJjQXBrNjM5NWkzUXN4VUtjdjZkS24iLCJtYWMiOiI3NjY1NGM0MjAwNTdkYjVlN2UyNDE5Y2IwNDY5ZjhmOGJmMmJlMTdhZDYyYmYyMzAyNGM3ODkyNTQyYjJhMWMzIiwidGFnIjoiIn0%3D; 707YqE4xA8OYWVnP4ztluB932Lm02gonE3iSiTfi=eyJpdiI6InhzeVYwZTdjeWRxZVk1d2lSZW9tU2c9PSIsInZhbHVlIjoiTEVMbmxocXYvL0M1VWVZRW0yTXJkbG1MS1hHenlXYThqbzh2Snh1VUc2TjlPVW1oMG9sc3M5azlZY3dWS0dXbEN6NU94amYzaTVKalg3dFZxSVU1dG9zb3dickcvZHJuWC9BZHM3aWdUY25xczAzb1NLMXI5b1VhbzFRSTRvanFwRDFoOC9KLzN5SUVrUmRDcWhsbWtOc2VaLzlVdHJxYm1PZ3JXSU8zK0wzQ3BPRXlMdFhNcGZrdDIyNHZsb0FrMittM2tIMXVzTlFQVE1QSjZJSC9sa0dNbkNzV3ZBRVJpZ1pkOHFjNURyVVp2SmUrdlpXc0h2dnhjMHR6amxkWGxpaXBqZmhkRFIxdXdic01JVk1UKzNpcWZjWEdlSUFMdEd5ejZJTEFzMHowUUFCaVkwMEFLRWtHTTdGU1kyM2kzb1lKclc0bkFYejZxdEFsTnpTbW50enpCT1Jpb3BsNXRaVC9yQjBGNWl5eHVOcTRGalVaa2xIK3FZOXNMYmJSekF4SWFDMWNFRm5kWnhqVWptWjRiaWZpdW91Y2pCSW92aDRqb3c2TDBXSEVOcmI0WXlTcUV3UFllRU5DNTgrMElFeDNkUGpUVzRFQiszdk0zY3gxUmZXVTNKNVExKzE3YlBXQ0RBblUvT0ozcTZnZElycjhRU1pESlg5ZEhmNmprSGFmZEJqUHU4ZVlYU0V5TFN0bzNDeVBWcDh3YVpMbGVMTUx5ank2UXF3elAvTEFwS1htYmYxdmZhVkhRQ2ZvQSt1dkFuNGJmSUFOaU9ScDUvZGZad2JKRWgwVDAxaE11L2Z6bEVaMGM4QWorQlBBWHpSb2Uza3hkY2hsQnRzdFNCclR5TktWekpML0FUbUVUT2pjeVJZdmlrQmI2MlZvdHdGRHhjcW5RM3JXQ3g1RFkwNmRLeTBQZTJaOVBxbDNYeTQxVzZLaSt4RkExNGdraGJnWXRNekpZdnRHdzNHNm5tUDVSQ09ldVkzRFZLREx3MllLZlRUZ2ZvaHZRWVUvQlBqbmVMb01JKy9xZEJhVDBnUDArTzRNbU1SNlhYWmY1NlQ5SmNrNHB2R1hCSmd4V3NFYXExVFd3SlFhaFMrR3QzTFNaNmJHQ2NKR053bVpTakdUN1QyVFFrZmc2ZC93YVFtZ01nVTdHUHJuaVM3eU9xMWFKSmZ3WDdQMHFRQWswQTl4THhIM3IzUmo4bVIwODZFcHYzeW8zWlAzUC9iZmFhQjhXdWcyUjFBTEtDU0hQRVBXTStlSW9LRGRuaUNxdVBURjFRa0lMek1Wb3g4RkpocTU1SGJ4V3RMZEhQUUxZdnhFUWtNZkx6MFZmd3JyTXJMSzFxaWpGZlBNTXNZMnZ1VDNwS0sxcVZMRUpUSG5MRzh5NEFkZ01ZSFd4cTI1TkR1b3BGaUlxZTZQVElpTklZUGtaTW96WGNuNytEcisxZHJmbHozVTdPWEsrRHkrcVBTSUxvbFhlWmw0N1E4YXZPazFmSTh2RWc3Vy96MWRNRnBpdERCYlJNSmloWG9NMyt0STdJeGorVytaTWtGcFRhMllJVXRid09EWkNlQTNNSzlNZUtiQm9HdTQvZlVKdjQ1bDdBTnhFVllCR3RNWVZSUHhIeDdmMUxKOFVzQU5FMUdQZmZTL3RPNGdYcnhXQjFkM2dzTU5DNUxyOFhqNVhzQ3Rka1dwdjJzRUNiR1BteWNlSEx5SitZODA1bzNBb1EvZ2VCTmtWR1BSUmZyTjVEZ2lHY0o3TFdXR3p4NnFGREIvUC92d0hVRURyeGw2b3BZQkM4eUFNb2h1MkhObllsdnAvV3NWUzNYaGR1WHZKMHNjZ2U2WE05RT0iLCJtYWMiOiJjNzhlMTg3NTFhZDc3Y2NiNGZhNDkzOWY2NDAyN2Q2MmYzNjcyZTRiZGUxM2I5MzIyNDE5ZjAwZTc3MGVkODQ4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 19:55:35 GMT
content-type: image/jpeg
content-length: 1912
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
etag: "6316f125-778"
expires: Sun, 10 Sep 2023 19:55:35 GMT
pragma: public
cache-control: max-age=31536000, public
accept-ranges: bytes
X-Firefox-Spdy: h2

foapsovi.net/zone?&pub=0&zone_id=3714385&is_mobile=false&domain=1d6ce0440a1.prizessites.net&var=&ymid=&var_3=&dsig=&action=settings

139.45.197.251

200 OK

693 B

URL HTTP/2
foapsovi.net/zone?&pub=0&zone_id=3714385&is_mobile=false&domain=1d6ce0440a1.prizessites.net&var=&ymid=&var_3=&dsig=&action=settings
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (692)
Size
693 B (693 bytes)
Hash
d739a91378315792c1d6d65bd8cabfdb
3f79c6ab8105136e297236b7adcaa0fa904c4dce
33e73c633c3fec4b42125d03d13ed5ed5c5e7f6d721676cf3e2ae6c053f53988

HTTP Headers

GET /zone?&pub=0&zone_id=3714385&is_mobile=false&domain=1d6ce0440a1.prizessites.net&var=&ymid=&var_3=&dsig=&action=settings HTTP/1.1
Host: foapsovi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1d6ce0440a1.prizessites.net/
Origin: https://1d6ce0440a1.prizessites.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 19:55:35 GMT
content-type: application/json; charset=utf-8
content-length: 693
x-trace-id: a06a1391519acf8dee681006c6bfd110
access-control-allow-origin: https://1d6ce0440a1.prizessites.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5b36f6508bf779a395d4b559b41d267d
a653f55ef7e337bd259cd76d14fe2adc91c11603
91e3696c53649e8d76b738dca29ed03b8b935f9fc230c735d2fd729428742605

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 19:55:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=425983,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 748ab8dd8ec20b06-OSL

my.rtmark.net/gid.js?pub=0&userId=&zoneId=3714385&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=3714385&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
593e5ecdfc9b8ec4beda7d500b8a2aab
d1f67099b344da420c15ff7ff75ce8203f223170
ae69176dadef207782dd720b87360cfbaea81e90d8249ae358c2c8c3ad2fbb05

HTTP Headers

GET /gid.js?pub=0&userId=&zoneId=3714385&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1d6ce0440a1.prizessites.net/
Origin: https://1d6ce0440a1.prizessites.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 19:55:36 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://1d6ce0440a1.prizessites.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=da331e17ff3a4052b837f7b9f6cf613f; expires=Sun, 10 Sep 2023 19:55:36 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.148.17.90

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.17.90:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3/6wW37Xv5o66rWdnfJhCw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2/xuxPhGJIasJZZXsH/oVTUiSbI=

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10240
Expires: Sat, 10 Sep 2022 22:46:17 GMT
Date: Sat, 10 Sep 2022 19:55:37 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10240
Expires: Sat, 10 Sep 2022 22:46:17 GMT
Date: Sat, 10 Sep 2022 19:55:37 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10240
Expires: Sat, 10 Sep 2022 22:46:17 GMT
Date: Sat, 10 Sep 2022 19:55:37 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10240
Expires: Sat, 10 Sep 2022 22:46:17 GMT
Date: Sat, 10 Sep 2022 19:55:37 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10240
Expires: Sat, 10 Sep 2022 22:46:17 GMT
Date: Sat, 10 Sep 2022 19:55:37 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e72c2e9-6d47-42ac-9514-316cd8f8f6c5.jpeg

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e72c2e9-6d47-42ac-9514-316cd8f8f6c5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8676 bytes)
Hash
e8f11aeba65478b039cfb4100aa23435
88db17a82ea0207ccb4826c2961875c5106b427a
6f6ec5922ec54d824e7f933de87608c5a763da119ae9461d99c6525649b1a9af

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e72c2e9-6d47-42ac-9514-316cd8f8f6c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8676
x-amzn-requestid: 64a58aa8-8321-4c91-98fe-dbf97996c513
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNiuZEjnIAMFRFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb18f-77b635593b202d7d3cd0ac84;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:35:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: VWwNSpFvcDq3nrn91QvYjrJX5hLjp96vrKgZzR-pOdrdHx7MlcagGQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d1d67b07408bba8c682597d8303642e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:56:34 GMT
age: 79143
etag: "88db17a82ea0207ccb4826c2961875c5106b427a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4e8861b-4d5e-4f2e-8b1c-e85d23f02c52.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8626 bytes)
Hash
2b83fa95ed30533299bc754adaced672
27eda8377e1c00c53fb66b4e2fa4f0dd6c7020af
bc59e5ba6abafd8e7b10d6f8ae2269cbf739a4b28f9cbbf3adfc29a9195e6985

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4e8861b-4d5e-4f2e-8b1c-e85d23f02c52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8626
x-amzn-requestid: af5e61ab-4f7b-4b03-8413-5d750b17e0df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLj9TH7vIAMFVMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ae6bb-309144fb6e02564c4fcdb966;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 07:09:47 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 3gzR4efCGz9QsLoxAMuTUgBAwEc5WdyHBhw_wRPGmfnS9SWm-0vE7w==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 a8e5d5aeee6eacca5c379e5059b1f68c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 07:23:29 GMT
age: 45128
etag: "27eda8377e1c00c53fb66b4e2fa4f0dd6c7020af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb150ddb5-18a6-405d-8041-cdea0c0e6a85.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8266 bytes)
Hash
d21a3e07583d9fad4104b6457f7915e7
fdc9453562f993e2545ca99731a7741e748b6082
8ea38264c82c6b544447079cc92eae70d0968a070ba39022af0e18c498916338

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb150ddb5-18a6-405d-8041-cdea0c0e6a85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8266
x-amzn-requestid: 3411ec4b-ac18-4b4e-8876-c99b94d3a4a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNitWEjhIAMFWpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb188-4d9e496e7ff141b46748d850;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:35:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: vyV1_onImxuLNGp4UI1W5grcuVW3LHJFJjvmO0VXU-OYorF6RVcoDw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 7d01bcfcfe27ce0b8979cf621dd081de.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:51:58 GMT
age: 79419
etag: "fdc9453562f993e2545ca99731a7741e748b6082"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F242561c0-8a95-468b-ba61-6859edfe8518.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7218 bytes)
Hash
3f8aeb20a6543be83f3e422796c4dc70
4e4e127039dd8099c63c3bde198118d2874f7342
0f9fdd1b577e4719f88620bb451131bfb120790479b4feccb4222647fb3ea453

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F242561c0-8a95-468b-ba61-6859edfe8518.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7218
x-amzn-requestid: 4e9672b6-5415-4808-9508-22e8c42de448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE_QzHffIAMFYTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6318459e-743b975a2770e2a90c616d87;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:17:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dR6KtfbMJzFz0j8zIFUNtdkJHUaerjxWbUyYKBD-jR_uAAvCCty01Q==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 03:23:21 GMT
age: 59536
etag: "4e4e127039dd8099c63c3bde198118d2874f7342"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde1c872-426a-4aec-b295-a2cac8b36edf.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4477 bytes)
Hash
71bafbee3867c04c3712ff98a123d52c
ccf471cd30f5aa96f4e5fdb9e0fbbcdbb475a0bf
58ff1700e0b125caefb73719e2b3d734b2fbcc5ed1aabe5a11bb73b43edab831

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde1c872-426a-4aec-b295-a2cac8b36edf.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4477
x-amzn-requestid: bbdca46e-5628-4faf-a0fe-ea1b5b39ac2a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNjzaHrIoAMF-iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb348-567e946e7cf77f2e11c17c97;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:42:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: f2Av7EDI_l1jZfe0kR6K2yQNzxbBXdcXJGycIZbOTp4ZkCuusLk4Sw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 27fe6f224e0cfa3f3a446471ee256e56.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:50:47 GMT
age: 79490
etag: "ccf471cd30f5aa96f4e5fdb9e0fbbcdbb475a0bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9766 bytes)
Hash
7ade70e6dbcfb3ca1765f95112671e69
3768753be084c0e0fc268be5b192d02d769114b6
9670a3bf2476ba193cfeb3153c1254bdcfc980a28503dda0d9b398a3a59f53f4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9766
x-amzn-requestid: 720a4111-91de-4672-88c8-f40db517c07d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YHsjRE13oAMFbCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63195ae1-288f1f5456bf4d146dcf774c;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 03:00:49 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: CjZw9xgHd4_7KvhiiZEIBivRgoQeh1BYxEc_bOBbTvWoqHgTPq0sSA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 d2575afea3774df33dcf5e5ff475025e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 05:37:01 GMT
age: 51516
etag: "3768753be084c0e0fc268be5b192d02d769114b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

1d6ce0440a1.prizessites.net/js/app.js?id=d75b4cfe9b4f0f2f3a56

94.237.93.242

200 OK

0 B

URL HTTP/2
1d6ce0440a1.prizessites.net/js/app.js?id=d75b4cfe9b4f0f2f3a56
IP
94.237.93.242:0
ASN
#202053 UpCloud Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /js/app.js?id=d75b4cfe9b4f0f2f3a56 HTTP/1.1
Host: 1d6ce0440a1.prizessites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==
Cookie: XSRF-TOKEN=eyJpdiI6IkNPWXRWajNiekhuaDh6TGFoQ2d5ZXc9PSIsInZhbHVlIjoibVY5UnBtSytYbWg3alNQdjdKb2Z5QzgxUUN3QmZGb3hwMFFqaVZwMlRlbjlRM05MU3FZTXJLRzFINU9Lb1hmZkRGaUZvV0FuY0k2WDdlZTlkQlQyYkN5WUNjVkZLZ1BQclpQb3p4VFdLenh4bVJFQThaZ1JlUU9KYzFLVGI2KysiLCJtYWMiOiJlYTM4YWQ2MmQ0NjE5YTcxNTEwNGEwZGY5M2ZmZjNkNmNmZDA5YTJjNTM3NGU3NDgwYmJhNzJhYTcxMWFlYjdlIiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlcvSHBqMXRJbmxSRGQ5ODBnR2plYUE9PSIsInZhbHVlIjoiTkdwN1M2TFE5TnorMVh6V29BL28yMEdackVVTE9LQ0lETmV0OTVtSnptcWI0b0JncjBlTG9mU0MxVTM0R3dsOExQWXhuT2lmQ0tyVjFTbGdCRHl6RzdrMTVrR1EwYndYeXdTZUF1UUIweGJjQXBrNjM5NWkzUXN4VUtjdjZkS24iLCJtYWMiOiI3NjY1NGM0MjAwNTdkYjVlN2UyNDE5Y2IwNDY5ZjhmOGJmMmJlMTdhZDYyYmYyMzAyNGM3ODkyNTQyYjJhMWMzIiwidGFnIjoiIn0%3D; 707YqE4xA8OYWVnP4ztluB932Lm02gonE3iSiTfi=eyJpdiI6InhzeVYwZTdjeWRxZVk1d2lSZW9tU2c9PSIsInZhbHVlIjoiTEVMbmxocXYvL0M1VWVZRW0yTXJkbG1MS1hHenlXYThqbzh2Snh1VUc2TjlPVW1oMG9sc3M5azlZY3dWS0dXbEN6NU94amYzaTVKalg3dFZxSVU1dG9zb3dickcvZHJuWC9BZHM3aWdUY25xczAzb1NLMXI5b1VhbzFRSTRvanFwRDFoOC9KLzN5SUVrUmRDcWhsbWtOc2VaLzlVdHJxYm1PZ3JXSU8zK0wzQ3BPRXlMdFhNcGZrdDIyNHZsb0FrMittM2tIMXVzTlFQVE1QSjZJSC9sa0dNbkNzV3ZBRVJpZ1pkOHFjNURyVVp2SmUrdlpXc0h2dnhjMHR6amxkWGxpaXBqZmhkRFIxdXdic01JVk1UKzNpcWZjWEdlSUFMdEd5ejZJTEFzMHowUUFCaVkwMEFLRWtHTTdGU1kyM2kzb1lKclc0bkFYejZxdEFsTnpTbW50enpCT1Jpb3BsNXRaVC9yQjBGNWl5eHVOcTRGalVaa2xIK3FZOXNMYmJSekF4SWFDMWNFRm5kWnhqVWptWjRiaWZpdW91Y2pCSW92aDRqb3c2TDBXSEVOcmI0WXlTcUV3UFllRU5DNTgrMElFeDNkUGpUVzRFQiszdk0zY3gxUmZXVTNKNVExKzE3YlBXQ0RBblUvT0ozcTZnZElycjhRU1pESlg5ZEhmNmprSGFmZEJqUHU4ZVlYU0V5TFN0bzNDeVBWcDh3YVpMbGVMTUx5ank2UXF3elAvTEFwS1htYmYxdmZhVkhRQ2ZvQSt1dkFuNGJmSUFOaU9ScDUvZGZad2JKRWgwVDAxaE11L2Z6bEVaMGM4QWorQlBBWHpSb2Uza3hkY2hsQnRzdFNCclR5TktWekpML0FUbUVUT2pjeVJZdmlrQmI2MlZvdHdGRHhjcW5RM3JXQ3g1RFkwNmRLeTBQZTJaOVBxbDNYeTQxVzZLaSt4RkExNGdraGJnWXRNekpZdnRHdzNHNm5tUDVSQ09ldVkzRFZLREx3MllLZlRUZ2ZvaHZRWVUvQlBqbmVMb01JKy9xZEJhVDBnUDArTzRNbU1SNlhYWmY1NlQ5SmNrNHB2R1hCSmd4V3NFYXExVFd3SlFhaFMrR3QzTFNaNmJHQ2NKR053bVpTakdUN1QyVFFrZmc2ZC93YVFtZ01nVTdHUHJuaVM3eU9xMWFKSmZ3WDdQMHFRQWswQTl4THhIM3IzUmo4bVIwODZFcHYzeW8zWlAzUC9iZmFhQjhXdWcyUjFBTEtDU0hQRVBXTStlSW9LRGRuaUNxdVBURjFRa0lMek1Wb3g4RkpocTU1SGJ4V3RMZEhQUUxZdnhFUWtNZkx6MFZmd3JyTXJMSzFxaWpGZlBNTXNZMnZ1VDNwS0sxcVZMRUpUSG5MRzh5NEFkZ01ZSFd4cTI1TkR1b3BGaUlxZTZQVElpTklZUGtaTW96WGNuNytEcisxZHJmbHozVTdPWEsrRHkrcVBTSUxvbFhlWmw0N1E4YXZPazFmSTh2RWc3Vy96MWRNRnBpdERCYlJNSmloWG9NMyt0STdJeGorVytaTWtGcFRhMllJVXRid09EWkNlQTNNSzlNZUtiQm9HdTQvZlVKdjQ1bDdBTnhFVllCR3RNWVZSUHhIeDdmMUxKOFVzQU5FMUdQZmZTL3RPNGdYcnhXQjFkM2dzTU5DNUxyOFhqNVhzQ3Rka1dwdjJzRUNiR1BteWNlSEx5SitZODA1bzNBb1EvZ2VCTmtWR1BSUmZyTjVEZ2lHY0o3TFdXR3p4NnFGREIvUC92d0hVRURyeGw2b3BZQkM4eUFNb2h1MkhObllsdnAvV3NWUzNYaGR1WHZKMHNjZ2U2WE05RT0iLCJtYWMiOiJjNzhlMTg3NTFhZDc3Y2NiNGZhNDkzOWY2NDAyN2Q2MmYzNjcyZTRiZGUxM2I5MzIyNDE5ZjAwZTc3MGVkODQ4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 19:55:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
vary: Accept-Encoding
etag: W/"6316f125-4891"
expires: Sun, 10 Sep 2023 19:55:35 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2

1d6ce0440a1.prizessites.net/js/private.js?id=3bbacd180255e91f507b

94.237.93.242

200 OK

0 B

URL HTTP/2
1d6ce0440a1.prizessites.net/js/private.js?id=3bbacd180255e91f507b
IP
94.237.93.242:0
ASN
#202053 UpCloud Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /js/private.js?id=3bbacd180255e91f507b HTTP/1.1
Host: 1d6ce0440a1.prizessites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==
Cookie: XSRF-TOKEN=eyJpdiI6IkNPWXRWajNiekhuaDh6TGFoQ2d5ZXc9PSIsInZhbHVlIjoibVY5UnBtSytYbWg3alNQdjdKb2Z5QzgxUUN3QmZGb3hwMFFqaVZwMlRlbjlRM05MU3FZTXJLRzFINU9Lb1hmZkRGaUZvV0FuY0k2WDdlZTlkQlQyYkN5WUNjVkZLZ1BQclpQb3p4VFdLenh4bVJFQThaZ1JlUU9KYzFLVGI2KysiLCJtYWMiOiJlYTM4YWQ2MmQ0NjE5YTcxNTEwNGEwZGY5M2ZmZjNkNmNmZDA5YTJjNTM3NGU3NDgwYmJhNzJhYTcxMWFlYjdlIiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlcvSHBqMXRJbmxSRGQ5ODBnR2plYUE9PSIsInZhbHVlIjoiTkdwN1M2TFE5TnorMVh6V29BL28yMEdackVVTE9LQ0lETmV0OTVtSnptcWI0b0JncjBlTG9mU0MxVTM0R3dsOExQWXhuT2lmQ0tyVjFTbGdCRHl6RzdrMTVrR1EwYndYeXdTZUF1UUIweGJjQXBrNjM5NWkzUXN4VUtjdjZkS24iLCJtYWMiOiI3NjY1NGM0MjAwNTdkYjVlN2UyNDE5Y2IwNDY5ZjhmOGJmMmJlMTdhZDYyYmYyMzAyNGM3ODkyNTQyYjJhMWMzIiwidGFnIjoiIn0%3D; 707YqE4xA8OYWVnP4ztluB932Lm02gonE3iSiTfi=eyJpdiI6InhzeVYwZTdjeWRxZVk1d2lSZW9tU2c9PSIsInZhbHVlIjoiTEVMbmxocXYvL0M1VWVZRW0yTXJkbG1MS1hHenlXYThqbzh2Snh1VUc2TjlPVW1oMG9sc3M5azlZY3dWS0dXbEN6NU94amYzaTVKalg3dFZxSVU1dG9zb3dickcvZHJuWC9BZHM3aWdUY25xczAzb1NLMXI5b1VhbzFRSTRvanFwRDFoOC9KLzN5SUVrUmRDcWhsbWtOc2VaLzlVdHJxYm1PZ3JXSU8zK0wzQ3BPRXlMdFhNcGZrdDIyNHZsb0FrMittM2tIMXVzTlFQVE1QSjZJSC9sa0dNbkNzV3ZBRVJpZ1pkOHFjNURyVVp2SmUrdlpXc0h2dnhjMHR6amxkWGxpaXBqZmhkRFIxdXdic01JVk1UKzNpcWZjWEdlSUFMdEd5ejZJTEFzMHowUUFCaVkwMEFLRWtHTTdGU1kyM2kzb1lKclc0bkFYejZxdEFsTnpTbW50enpCT1Jpb3BsNXRaVC9yQjBGNWl5eHVOcTRGalVaa2xIK3FZOXNMYmJSekF4SWFDMWNFRm5kWnhqVWptWjRiaWZpdW91Y2pCSW92aDRqb3c2TDBXSEVOcmI0WXlTcUV3UFllRU5DNTgrMElFeDNkUGpUVzRFQiszdk0zY3gxUmZXVTNKNVExKzE3YlBXQ0RBblUvT0ozcTZnZElycjhRU1pESlg5ZEhmNmprSGFmZEJqUHU4ZVlYU0V5TFN0bzNDeVBWcDh3YVpMbGVMTUx5ank2UXF3elAvTEFwS1htYmYxdmZhVkhRQ2ZvQSt1dkFuNGJmSUFOaU9ScDUvZGZad2JKRWgwVDAxaE11L2Z6bEVaMGM4QWorQlBBWHpSb2Uza3hkY2hsQnRzdFNCclR5TktWekpML0FUbUVUT2pjeVJZdmlrQmI2MlZvdHdGRHhjcW5RM3JXQ3g1RFkwNmRLeTBQZTJaOVBxbDNYeTQxVzZLaSt4RkExNGdraGJnWXRNekpZdnRHdzNHNm5tUDVSQ09ldVkzRFZLREx3MllLZlRUZ2ZvaHZRWVUvQlBqbmVMb01JKy9xZEJhVDBnUDArTzRNbU1SNlhYWmY1NlQ5SmNrNHB2R1hCSmd4V3NFYXExVFd3SlFhaFMrR3QzTFNaNmJHQ2NKR053bVpTakdUN1QyVFFrZmc2ZC93YVFtZ01nVTdHUHJuaVM3eU9xMWFKSmZ3WDdQMHFRQWswQTl4THhIM3IzUmo4bVIwODZFcHYzeW8zWlAzUC9iZmFhQjhXdWcyUjFBTEtDU0hQRVBXTStlSW9LRGRuaUNxdVBURjFRa0lMek1Wb3g4RkpocTU1SGJ4V3RMZEhQUUxZdnhFUWtNZkx6MFZmd3JyTXJMSzFxaWpGZlBNTXNZMnZ1VDNwS0sxcVZMRUpUSG5MRzh5NEFkZ01ZSFd4cTI1TkR1b3BGaUlxZTZQVElpTklZUGtaTW96WGNuNytEcisxZHJmbHozVTdPWEsrRHkrcVBTSUxvbFhlWmw0N1E4YXZPazFmSTh2RWc3Vy96MWRNRnBpdERCYlJNSmloWG9NMyt0STdJeGorVytaTWtGcFRhMllJVXRid09EWkNlQTNNSzlNZUtiQm9HdTQvZlVKdjQ1bDdBTnhFVllCR3RNWVZSUHhIeDdmMUxKOFVzQU5FMUdQZmZTL3RPNGdYcnhXQjFkM2dzTU5DNUxyOFhqNVhzQ3Rka1dwdjJzRUNiR1BteWNlSEx5SitZODA1bzNBb1EvZ2VCTmtWR1BSUmZyTjVEZ2lHY0o3TFdXR3p4NnFGREIvUC92d0hVRURyeGw2b3BZQkM4eUFNb2h1MkhObllsdnAvV3NWUzNYaGR1WHZKMHNjZ2U2WE05RT0iLCJtYWMiOiJjNzhlMTg3NTFhZDc3Y2NiNGZhNDkzOWY2NDAyN2Q2MmYzNjcyZTRiZGUxM2I5MzIyNDE5ZjAwZTc3MGVkODQ4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 19:55:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
vary: Accept-Encoding
etag: W/"6316f125-30d39"
expires: Sun, 10 Sep 2023 19:55:35 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Poppins:wght@600&family=Roboto+Mono:wght@500&display=swap

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Poppins:wght@600&family=Roboto+Mono:wght@500&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Poppins:wght@600&family=Roboto+Mono:wght@500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce0440a1.prizessites.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 10 Sep 2022 19:55:35 GMT
date: Sat, 10 Sep 2022 19:55:35 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

94.237.93.242

200 OK

0 B

URL HTTP/2
1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==
IP
94.237.93.242:0
ASN
#202053 UpCloud Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ== HTTP/1.1
Host: 1d6ce0440a1.prizessites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Sat, 10 Sep 2022 19:55:35 GMT
set-cookie: XSRF-TOKEN=eyJpdiI6IkNPWXRWajNiekhuaDh6TGFoQ2d5ZXc9PSIsInZhbHVlIjoibVY5UnBtSytYbWg3alNQdjdKb2Z5QzgxUUN3QmZGb3hwMFFqaVZwMlRlbjlRM05MU3FZTXJLRzFINU9Lb1hmZkRGaUZvV0FuY0k2WDdlZTlkQlQyYkN5WUNjVkZLZ1BQclpQb3p4VFdLenh4bVJFQThaZ1JlUU9KYzFLVGI2KysiLCJtYWMiOiJlYTM4YWQ2MmQ0NjE5YTcxNTEwNGEwZGY5M2ZmZjNkNmNmZDA5YTJjNTM3NGU3NDgwYmJhNzJhYTcxMWFlYjdlIiwidGFnIjoiIn0%3D; expires=Sat, 10-Sep-2022 21:55:35 GMT; Max-Age=7200; path=/
traffic_prelanders_session=eyJpdiI6IlcvSHBqMXRJbmxSRGQ5ODBnR2plYUE9PSIsInZhbHVlIjoiTkdwN1M2TFE5TnorMVh6V29BL28yMEdackVVTE9LQ0lETmV0OTVtSnptcWI0b0JncjBlTG9mU0MxVTM0R3dsOExQWXhuT2lmQ0tyVjFTbGdCRHl6RzdrMTVrR1EwYndYeXdTZUF1UUIweGJjQXBrNjM5NWkzUXN4VUtjdjZkS24iLCJtYWMiOiI3NjY1NGM0MjAwNTdkYjVlN2UyNDE5Y2IwNDY5ZjhmOGJmMmJlMTdhZDYyYmYyMzAyNGM3ODkyNTQyYjJhMWMzIiwidGFnIjoiIn0%3D; expires=Sat, 10-Sep-2022 21:55:35 GMT; Max-Age=7200; path=/; httponly
707YqE4xA8OYWVnP4ztluB932Lm02gonE3iSiTfi=eyJpdiI6InhzeVYwZTdjeWRxZVk1d2lSZW9tU2c9PSIsInZhbHVlIjoiTEVMbmxocXYvL0M1VWVZRW0yTXJkbG1MS1hHenlXYThqbzh2Snh1VUc2TjlPVW1oMG9sc3M5azlZY3dWS0dXbEN6NU94amYzaTVKalg3dFZxSVU1dG9zb3dickcvZHJuWC9BZHM3aWdUY25xczAzb1NLMXI5b1VhbzFRSTRvanFwRDFoOC9KLzN5SUVrUmRDcWhsbWtOc2VaLzlVdHJxYm1PZ3JXSU8zK0wzQ3BPRXlMdFhNcGZrdDIyNHZsb0FrMittM2tIMXVzTlFQVE1QSjZJSC9sa0dNbkNzV3ZBRVJpZ1pkOHFjNURyVVp2SmUrdlpXc0h2dnhjMHR6amxkWGxpaXBqZmhkRFIxdXdic01JVk1UKzNpcWZjWEdlSUFMdEd5ejZJTEFzMHowUUFCaVkwMEFLRWtHTTdGU1kyM2kzb1lKclc0bkFYejZxdEFsTnpTbW50enpCT1Jpb3BsNXRaVC9yQjBGNWl5eHVOcTRGalVaa2xIK3FZOXNMYmJSekF4SWFDMWNFRm5kWnhqVWptWjRiaWZpdW91Y2pCSW92aDRqb3c2TDBXSEVOcmI0WXlTcUV3UFllRU5DNTgrMElFeDNkUGpUVzRFQiszdk0zY3gxUmZXVTNKNVExKzE3YlBXQ0RBblUvT0ozcTZnZElycjhRU1pESlg5ZEhmNmprSGFmZEJqUHU4ZVlYU0V5TFN0bzNDeVBWcDh3YVpMbGVMTUx5ank2UXF3elAvTEFwS1htYmYxdmZhVkhRQ2ZvQSt1dkFuNGJmSUFOaU9ScDUvZGZad2JKRWgwVDAxaE11L2Z6bEVaMGM4QWorQlBBWHpSb2Uza3hkY2hsQnRzdFNCclR5TktWekpML0FUbUVUT2pjeVJZdmlrQmI2MlZvdHdGRHhjcW5RM3JXQ3g1RFkwNmRLeTBQZTJaOVBxbDNYeTQxVzZLaSt4RkExNGdraGJnWXRNekpZdnRHdzNHNm5tUDVSQ09ldVkzRFZLREx3MllLZlRUZ2ZvaHZRWVUvQlBqbmVMb01JKy9xZEJhVDBnUDArTzRNbU1SNlhYWmY1NlQ5SmNrNHB2R1hCSmd4V3NFYXExVFd3SlFhaFMrR3QzTFNaNmJHQ2NKR053bVpTakdUN1QyVFFrZmc2ZC93YVFtZ01nVTdHUHJuaVM3eU9xMWFKSmZ3WDdQMHFRQWswQTl4THhIM3IzUmo4bVIwODZFcHYzeW8zWlAzUC9iZmFhQjhXdWcyUjFBTEtDU0hQRVBXTStlSW9LRGRuaUNxdVBURjFRa0lMek1Wb3g4RkpocTU1SGJ4V3RMZEhQUUxZdnhFUWtNZkx6MFZmd3JyTXJMSzFxaWpGZlBNTXNZMnZ1VDNwS0sxcVZMRUpUSG5MRzh5NEFkZ01ZSFd4cTI1TkR1b3BGaUlxZTZQVElpTklZUGtaTW96WGNuNytEcisxZHJmbHozVTdPWEsrRHkrcVBTSUxvbFhlWmw0N1E4YXZPazFmSTh2RWc3Vy96MWRNRnBpdERCYlJNSmloWG9NMyt0STdJeGorVytaTWtGcFRhMllJVXRid09EWkNlQTNNSzlNZUtiQm9HdTQvZlVKdjQ1bDdBTnhFVllCR3RNWVZSUHhIeDdmMUxKOFVzQU5FMUdQZmZTL3RPNGdYcnhXQjFkM2dzTU5DNUxyOFhqNVhzQ3Rka1dwdjJzRUNiR1BteWNlSEx5SitZODA1bzNBb1EvZ2VCTmtWR1BSUmZyTjVEZ2lHY0o3TFdXR3p4NnFGREIvUC92d0hVRURyeGw2b3BZQkM4eUFNb2h1MkhObllsdnAvV3NWUzNYaGR1WHZKMHNjZ2U2WE05RT0iLCJtYWMiOiJjNzhlMTg3NTFhZDc3Y2NiNGZhNDkzOWY2NDAyN2Q2MmYzNjcyZTRiZGUxM2I5MzIyNDE5ZjAwZTc3MGVkODQ4IiwidGFnIjoiIn0%3D; expires=Sat, 10-Sep-2022 21:55:35 GMT; Max-Age=7200; path=/; httponly
content-encoding: gzip
X-Firefox-Spdy: h2

1d6ce0440a1.prizessites.net/css/app.css?id=2fbe2d9a9a40ca9b2489

94.237.93.242

200 OK

0 B

URL HTTP/2
1d6ce0440a1.prizessites.net/css/app.css?id=2fbe2d9a9a40ca9b2489
IP
94.237.93.242:0
ASN
#202053 UpCloud Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /css/app.css?id=2fbe2d9a9a40ca9b2489 HTTP/1.1
Host: 1d6ce0440a1.prizessites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1d6ce0440a1.prizessites.net/squid-game?ctrack=1662839720.3637419573&traffic=eyJpdiI6ImQ2NHRcL1QzNDZ2N01lUlA3WTdkanBBPT0iLCJ2YWx1ZSI6IktSektYcU1lcUN6K01OM1BNUmNIVVE4dmphWHlIZmx3cVVkN0NBS1pvSkFoZnVLTXprM1BiMWdEVHZ0XC8wUkhzIiwibWFjIjoiMzk2ZWI5ZTA2ZDIwZGEyMWZhYjcwYWY2YzQxZDUxYjNmMGE4ZTM4OTI3MGY0MmIwMGMwOTJjZmJiYjk0Mjg4MSJ9&out=eyJpdiI6IitGY3o3dG5DT2RwK1BjSFJucFh2RVE9PSIsInZhbHVlIjoiS0FKRU5IUU9IS0J1UlhUOHVDQUp5ZVg4YU9IeU5UR2t6VVFnTHhGZkdFbSs4VjFIdDJENUpJU0ZPaFJzVml0cnByTmVjdVE1M0Nma295Zmh4bW1YaTJoSXhRRHB6OTcrcTlST0Y4SnJMUmhwZW1CdmNyWXk1MHo5YnFTZ29FVEFSUCtQWVo5YWVXblB6a2ErdlFjWHJTOVF0TmVVVExZNTJVejZZKzNcL2FIZXhOaFI0R0lvc2xMcGlKUnpJK3pxaEFCK2JVemZ6elNhWTlOQXZiU0g5VHc9PSIsIm1hYyI6IjBjYzIxYWMxOTU0NDIxOTZjM2I4MjEwYjdlZjcxOTMxZmI1MTlkZmI5NWUzMmZhZmVjNDY5YWE3Y2I4ZmRjNTQifQ==
Cookie: XSRF-TOKEN=eyJpdiI6IkNPWXRWajNiekhuaDh6TGFoQ2d5ZXc9PSIsInZhbHVlIjoibVY5UnBtSytYbWg3alNQdjdKb2Z5QzgxUUN3QmZGb3hwMFFqaVZwMlRlbjlRM05MU3FZTXJLRzFINU9Lb1hmZkRGaUZvV0FuY0k2WDdlZTlkQlQyYkN5WUNjVkZLZ1BQclpQb3p4VFdLenh4bVJFQThaZ1JlUU9KYzFLVGI2KysiLCJtYWMiOiJlYTM4YWQ2MmQ0NjE5YTcxNTEwNGEwZGY5M2ZmZjNkNmNmZDA5YTJjNTM3NGU3NDgwYmJhNzJhYTcxMWFlYjdlIiwidGFnIjoiIn0%3D; traffic_prelanders_session=eyJpdiI6IlcvSHBqMXRJbmxSRGQ5ODBnR2plYUE9PSIsInZhbHVlIjoiTkdwN1M2TFE5TnorMVh6V29BL28yMEdackVVTE9LQ0lETmV0OTVtSnptcWI0b0JncjBlTG9mU0MxVTM0R3dsOExQWXhuT2lmQ0tyVjFTbGdCRHl6RzdrMTVrR1EwYndYeXdTZUF1UUIweGJjQXBrNjM5NWkzUXN4VUtjdjZkS24iLCJtYWMiOiI3NjY1NGM0MjAwNTdkYjVlN2UyNDE5Y2IwNDY5ZjhmOGJmMmJlMTdhZDYyYmYyMzAyNGM3ODkyNTQyYjJhMWMzIiwidGFnIjoiIn0%3D; 707YqE4xA8OYWVnP4ztluB932Lm02gonE3iSiTfi=eyJpdiI6InhzeVYwZTdjeWRxZVk1d2lSZW9tU2c9PSIsInZhbHVlIjoiTEVMbmxocXYvL0M1VWVZRW0yTXJkbG1MS1hHenlXYThqbzh2Snh1VUc2TjlPVW1oMG9sc3M5azlZY3dWS0dXbEN6NU94amYzaTVKalg3dFZxSVU1dG9zb3dickcvZHJuWC9BZHM3aWdUY25xczAzb1NLMXI5b1VhbzFRSTRvanFwRDFoOC9KLzN5SUVrUmRDcWhsbWtOc2VaLzlVdHJxYm1PZ3JXSU8zK0wzQ3BPRXlMdFhNcGZrdDIyNHZsb0FrMittM2tIMXVzTlFQVE1QSjZJSC9sa0dNbkNzV3ZBRVJpZ1pkOHFjNURyVVp2SmUrdlpXc0h2dnhjMHR6amxkWGxpaXBqZmhkRFIxdXdic01JVk1UKzNpcWZjWEdlSUFMdEd5ejZJTEFzMHowUUFCaVkwMEFLRWtHTTdGU1kyM2kzb1lKclc0bkFYejZxdEFsTnpTbW50enpCT1Jpb3BsNXRaVC9yQjBGNWl5eHVOcTRGalVaa2xIK3FZOXNMYmJSekF4SWFDMWNFRm5kWnhqVWptWjRiaWZpdW91Y2pCSW92aDRqb3c2TDBXSEVOcmI0WXlTcUV3UFllRU5DNTgrMElFeDNkUGpUVzRFQiszdk0zY3gxUmZXVTNKNVExKzE3YlBXQ0RBblUvT0ozcTZnZElycjhRU1pESlg5ZEhmNmprSGFmZEJqUHU4ZVlYU0V5TFN0bzNDeVBWcDh3YVpMbGVMTUx5ank2UXF3elAvTEFwS1htYmYxdmZhVkhRQ2ZvQSt1dkFuNGJmSUFOaU9ScDUvZGZad2JKRWgwVDAxaE11L2Z6bEVaMGM4QWorQlBBWHpSb2Uza3hkY2hsQnRzdFNCclR5TktWekpML0FUbUVUT2pjeVJZdmlrQmI2MlZvdHdGRHhjcW5RM3JXQ3g1RFkwNmRLeTBQZTJaOVBxbDNYeTQxVzZLaSt4RkExNGdraGJnWXRNekpZdnRHdzNHNm5tUDVSQ09ldVkzRFZLREx3MllLZlRUZ2ZvaHZRWVUvQlBqbmVMb01JKy9xZEJhVDBnUDArTzRNbU1SNlhYWmY1NlQ5SmNrNHB2R1hCSmd4V3NFYXExVFd3SlFhaFMrR3QzTFNaNmJHQ2NKR053bVpTakdUN1QyVFFrZmc2ZC93YVFtZ01nVTdHUHJuaVM3eU9xMWFKSmZ3WDdQMHFRQWswQTl4THhIM3IzUmo4bVIwODZFcHYzeW8zWlAzUC9iZmFhQjhXdWcyUjFBTEtDU0hQRVBXTStlSW9LRGRuaUNxdVBURjFRa0lMek1Wb3g4RkpocTU1SGJ4V3RMZEhQUUxZdnhFUWtNZkx6MFZmd3JyTXJMSzFxaWpGZlBNTXNZMnZ1VDNwS0sxcVZMRUpUSG5MRzh5NEFkZ01ZSFd4cTI1TkR1b3BGaUlxZTZQVElpTklZUGtaTW96WGNuNytEcisxZHJmbHozVTdPWEsrRHkrcVBTSUxvbFhlWmw0N1E4YXZPazFmSTh2RWc3Vy96MWRNRnBpdERCYlJNSmloWG9NMyt0STdJeGorVytaTWtGcFRhMllJVXRid09EWkNlQTNNSzlNZUtiQm9HdTQvZlVKdjQ1bDdBTnhFVllCR3RNWVZSUHhIeDdmMUxKOFVzQU5FMUdQZmZTL3RPNGdYcnhXQjFkM2dzTU5DNUxyOFhqNVhzQ3Rka1dwdjJzRUNiR1BteWNlSEx5SitZODA1bzNBb1EvZ2VCTmtWR1BSUmZyTjVEZ2lHY0o3TFdXR3p4NnFGREIvUC92d0hVRURyeGw2b3BZQkM4eUFNb2h1MkhObllsdnAvV3NWUzNYaGR1WHZKMHNjZ2U2WE05RT0iLCJtYWMiOiJjNzhlMTg3NTFhZDc3Y2NiNGZhNDkzOWY2NDAyN2Q2MmYzNjcyZTRiZGUxM2I5MzIyNDE5ZjAwZTc3MGVkODQ4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 19:55:35 GMT
content-type: text/css
last-modified: Tue, 06 Sep 2022 07:05:09 GMT
vary: Accept-Encoding
etag: W/"6316f125-45"
expires: Sun, 10 Sep 2023 19:55:35 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (42)

URL HTTP/1.1

IP

ASN