Report - crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

Report Overview

Submitted URL
crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
IP
172.67.146.119
ASN
#13335 CLOUDFLARENET
Submitted
2022-10-15 22:57:14
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
crystal-blocker.com	unknown	2022-07-01T12:37:56Z	2023-03-09T12:25:03Z	13 kB	779 kB	172.67.146.119
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	2.3 kB	6.2 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	401 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	321 B	229 B	34.117.237.239
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-09T05:09:50Z	1.7 kB	3.5 kB	142.250.74.3
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	758 B	2.8 kB	143.204.55.36
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-09T12:17:45Z	833 B	7.5 kB	142.250.74.10
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-09T10:01:47Z	475 B	6.3 kB	216.58.207.195
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-09T11:52:10Z	329 B	797 B	93.184.220.29
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	594 B	127 B	54.149.101.24
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-09T10:04:36Z	3.2 kB	57 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-15	medium	crystal-blocker.com	Sinkholed
2022-10-15	medium	crystal-blocker.com	Sinkholed
2022-10-15	medium	crystal-blocker.com	Sinkholed
2022-10-15	medium	crystal-blocker.com	Sinkholed
2022-10-15	medium	crystal-blocker.com	Sinkholed
2022-10-15	medium	crystal-blocker.com	Sinkholed
2022-10-15	medium	crystal-blocker.com	Sinkholed
2022-10-15	medium	crystal-blocker.com	Sinkholed
2022-10-15	medium	crystal-blocker.com	Sinkholed
2022-10-15	medium	crystal-blocker.com	Sinkholed
2022-10-15	medium	crystal-blocker.com	Sinkholed
2022-10-15	medium	crystal-blocker.com	Sinkholed
2022-10-15	medium	crystal-blocker.com	Sinkholed
2022-10-15	medium	crystal-blocker.com	Sinkholed

JavaScript (4)

	URL	Size	First Seen	Last Seen
	crystal-blocker.com/assets/js/vendors.f767109d6b92982db992.js	94 kB	2023-03-07	2024-01-04
Pretty URL crystal-blocker.com/assets/js/vendors.f767109d6b92982db992.js IP 172.67.146.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:36 Last Seen2024-01-04 21:47:20 Times Seen99 Hash d843077f88bffe8b9feb11fda20ded43 326cd609dc7c1eaa9ed7cd45d675ec888ecfa9f4 552e9b44b13309ba572caf1b2ea0bcfbf21dcb1d294c8c445c58fb75ba6e0b56 Loading...

	crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c	1.5 kB	2023-03-07	2023-05-02
Pretty URL crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c IP 172.67.146.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:27:03 Last Seen2023-05-02 14:46:10 Times Seen7 Hash a1ed6c8a61de2a3e84798c91ac568d37 00740f4b18ff871e4d52c348e380eea67ee46f8d 0c2678b09cb18879f2daa74f8cf433979c2a3a1ccb1dc25d6eb61a55322cdcaf Loading...

	crystal-blocker.com/assets/js/runtime.8c6c5b164346b79aab2e.js	1.7 kB	2023-03-07	2024-01-04
Pretty URL crystal-blocker.com/assets/js/runtime.8c6c5b164346b79aab2e.js IP 172.67.146.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23:36 Last Seen2024-01-04 21:47:20 Times Seen100 Hash ce6ddf9b37658933ff7b720c075f5fcc 85b176574fac2970e0e8bce43008131eb8a457f0 0b22b29247d1e47b80848c3c1dc56b0e5a50dae826a7fc09828c747a2844ecff Loading...

	crystal-blocker.com/assets/js/home.089713254ad51ca1c23a.js	19 kB	2023-03-10	2023-03-10
Pretty URL crystal-blocker.com/assets/js/home.089713254ad51ca1c23a.js IP 172.67.146.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:53:28 Last Seen2023-03-10 10:07:29 Times Seen1 Hash 5ac3fcd60756ec0217ff9f7e71d81289 35dd9d2bb74097d087a7a8a1abdd933b247b546f 78946907d0677b77589dec09fef2ea46f1d853207c780dad7b600b2a28ba08cb Loading...

HTTP Transactions (41)

URL IP Response Size

crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

172.67.146.119

200 OK

2.0 kB

URL HTTP/1.1
crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (6254), with no line terminators
Size
2.0 kB (2048 bytes)
Hash
9455c14314319ec422a9179cfc5b91f1
a35181fb7a0bbdc3c4d4d6fd1c8ed0e602f051fa
86ca65de52b0c81ca5692d63e6d3c1cac63a8aa0b892ef7ab9282b41710b8229

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yRpojTWS1MI%2Bxb0UUXAHI8bs7SzqRg8Cwakx%2FjdT0gEkXDLz0JwfAZLF0vTLxFe%2F5diEbF5xlIkL1HxhUGo0XqCu30RwSL7lNIqoU5dm5J61wHUBPLg1HeGF0xWqPZ%2BU2y%2Fj4Atc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75ac26c9d962b509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2b424d8c01b211c56d5b44b92e4e4153
b1fdab18f23271eee58ae1482f8af25badc2ffda
1c82a5fd2bc3f16a66becb5e1924e8c9edd39386622dc2e5ed296442f4307b2b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1C82A5FD2BC3F16A66BECB5E1924E8C9EDD39386622DC2E5ED296442F4307B2B"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4705
Expires: Sun, 16 Oct 2022 00:15:28 GMT
Date: Sat, 15 Oct 2022 22:57:03 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 15 Oct 2022 22:50:19 GMT
Expires: Sat, 15 Oct 2022 23:47:06 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vmZZqAm8RdRtRl80N5Q4VLS8xL6tJiND7vqd7WhGqKzWldfar30pxQ==
Age: 404

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a57d0f62d9bd29668b94a513fa45d18e
d7cb263502e21f9235b4523a596e2138d22042ec
df7acd4fe34cc9c4945a5d83ef538105a73dfc1a8b485bc7a62488c5406b1294

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF7ACD4FE34CC9C4945A5D83EF538105A73DFC1A8B485BC7A62488C5406B1294"
Last-Modified: Sat, 15 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6124
Expires: Sun, 16 Oct 2022 00:39:07 GMT
Date: Sat, 15 Oct 2022 22:57:03 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: zH6UDom3bf5FfzJOgSM2wIW/KAjaMZPxDsUxjjnBljjG5h07wjiND81UEp1Xe/kf0dOFobFj4wE=
x-amz-request-id: 3P8KDX0F98SN08P4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 15 Oct 2022 22:02:45 GMT
age: 3258
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

crystal-blocker.com/assets/css/crb-home.d303c3bf7be95e8c0998.css

172.67.146.119

200 OK

1.8 kB

URL HTTP/1.1
crystal-blocker.com/assets/css/crb-home.d303c3bf7be95e8c0998.css
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6210)
Size
1.8 kB (1826 bytes)
Hash
2523fdcdce805e587f3a5e73af9e6364
c144026ce8937bad947c35059c87da5596bb4a6b
46d472012398a0d0678782c4337ccf0a0158bb592f47138d3afe74f1ffd021d8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/css/crb-home.d303c3bf7be95e8c0998.css HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: text/css; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26ccac77b509-OSL
Age: 14491
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pWelFGFlhbgYC8hshd6xohRsNcckrl1K9cGHkwSfKr0GSAFB382ZP7K1wr9%2FiYUGF2oaWuUxBmL99Ki3buZckGdXFg9ZJMkOQib5%2B%2FiRfQZS%2FiWhjHPNEkEgetC6lal4I8L6C3Vh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 15 Oct 2022 22:57:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

crystal-blocker.com/assets/js/home.089713254ad51ca1c23a.js

172.67.146.119

200 OK

6.4 kB

URL HTTP/1.1
crystal-blocker.com/assets/js/home.089713254ad51ca1c23a.js
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (18614), with no line terminators
Size
6.4 kB (6375 bytes)
Hash
e51144eab9a83251295541348238c39a
c613a6536185407e0bbce21f34764998d306cab2
f49675ae68123a6927f07f585acbd379eac4b2735d538c495e520cee8d263641

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/js/home.089713254ad51ca1c23a.js HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26ccbd5d1c02-OSL
Age: 133142
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=an12ttdXiAUWSo5AYxBelHniDMDoZMxfSk6H8fqFeoNZIV8AB%2BWujXgNuNDNj46cpr9sg9RqaxqhGY5rGbyNr2zWha2yr07WWa5hRBj8iLb%2FU6sIif1h33baF859RBn2yyXpYjDY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

crystal-blocker.com/assets/js/runtime.8c6c5b164346b79aab2e.js

172.67.146.119

200 OK

923 B

URL HTTP/1.1
crystal-blocker.com/assets/js/runtime.8c6c5b164346b79aab2e.js
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1710), with no line terminators
Size
923 B (923 bytes)
Hash
dd7206ec3cb984a37c4f74734b151e2a
10c83c2d9f51b5b242214cb1f3efa59fe37ec43b
7bf3ef60931f9965b6db9f05d986b2c2b5be13f631f62eeec2348f150cfa48c9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/js/runtime.8c6c5b164346b79aab2e.js HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26ccbc091bfa-OSL
Age: 113162
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bdZdsXo2tbZRDtt7Mgwd3xiN6aszXGvbajvLan7YYNyi2W29mryCFMJru1VnRwWRuwP2%2B26P4zABk%2BTw3qOW9PgHiBSu2AstAPEVlnhm7gHYViIEFwF%2BC1tuzW16F5IunFdk%2BZTL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

crystal-blocker.com/assets/js/vendors.f767109d6b92982db992.js

172.67.146.119

200 OK

33 kB

URL HTTP/1.1
crystal-blocker.com/assets/js/vendors.f767109d6b92982db992.js
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65448)
Size
33 kB (32655 bytes)
Hash
21ef8c24a2bfe872b37d9c0884eede6c
4a5aa86377091dbf3bf906c4ec107f002046b398
64587de8bed141e939b6d0d8aa2e1b406e3afe5838a301f946c4bcdaa430c130

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/js/vendors.f767109d6b92982db992.js HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26ccbbec1c0e-OSL
Age: 112960
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LAptllKH3m0qVWswMg%2BIrTyWsodJNhMq4H7UY7ZPpc7z%2FFSmKXWHxDDNmuZq4%2B%2Fdlmyst9OFfyjxnM5gAPHkwER4bOFZf0C8MhJI4jXqZnFgsfTO4%2BLPmTfdAemwv8gYrKdfjtNV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d3a7a0d85121715a9a3590df07145cd8
7da0f8eba172ed91b10f292054a913b1b33da66d
e77042397dd2555f12bfd9ed17a663845ce9c657c852af3807c90581f91fbb90

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

crystal-blocker.com/assets/media/d7d4e8b56191dbb312411526be9dc4ce.svg

172.67.146.119

200 OK

1.8 kB

URL HTTP/1.1
crystal-blocker.com/assets/media/d7d4e8b56191dbb312411526be9dc4ce.svg
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2095)
Size
1.8 kB (1841 bytes)
Hash
ca5449c96512039d0c3f3c3dbcff6acf
0425910d41508e9d6e145675e5c249ea3405fe80
a24a709b43c40cb5ab8d145a109434488c0148cd2f1ca18b3a9795727c3c5775

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/media/d7d4e8b56191dbb312411526be9dc4ce.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26cd7c9f1bfa-OSL
Age: 99977
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MBUsNWbOV3PoTX36eCSIHjKp1ANQn6rOMCuENQb7Fsrp7aaVyKCQXnn4FqSndB4c0qk7ESgj40D%2FWrmGGpsVvwVlLiMG7ZrWMomhz889lITniFJxcd030Q82EkG940qxjo24Se%2FI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

crystal-blocker.com/assets/media/27349af978f5991fe7fcf1cec71b57df.svg

172.67.146.119

200 OK

1.3 kB

URL HTTP/1.1
crystal-blocker.com/assets/media/27349af978f5991fe7fcf1cec71b57df.svg
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (839)
Size
1.3 kB (1328 bytes)
Hash
790595d62881d955e2817bccb3e4756c
d60dfeb39a596d4e8f9642894c8b2e7adfb988ce
1b418fab41e5bb0991c2986dd0e5874261671a2d06d62e3b7688d949a0a8de95

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/media/27349af978f5991fe7fcf1cec71b57df.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26cd7de91c02-OSL
Age: 99977
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pHbqTb1kLr2bZIAASHX6OK1f9UTbEcVbp9ptW6bJwlE7EuUDpnPzuZ1zvVdEvXk1ZglhGl2J9mEIAHDu4pCQo3kQMf27VTND9QdVMldwFCl%2F1lFYCuVXf4BklqRM%2FdvNqogZerij"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

crystal-blocker.com/assets/media/c2367138ed1f72424223aa2c72c08c35.png

172.67.146.119

200 OK

96 kB

URL HTTP/1.1
crystal-blocker.com/assets/media/c2367138ed1f72424223aa2c72c08c35.png
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 880 x 597, 8-bit/color RGBA, non-interlaced\012- data
Size
96 kB (96328 bytes)
Hash
5a3eb853edcfd20adaad5ecd0b48b60a
8efff4bbf7c8b8187cd9328984838ef5c19daa58
df8665cdcd651db681e0f211f201db127064e5d820b030530bc8dae44dfd56d1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/media/c2367138ed1f72424223aa2c72c08c35.png HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/png
Content-Length: 96328
Connection: keep-alive
CF-Ray: 75ac26cd7ca51c0e-OSL
Accept-Ranges: bytes
Age: 106569
Cache-Control: max-age=2592000
ETag: assets/media/c2367138ed1f72424223aa2c72c08c35.23e205f3eb.png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3kbcTJ4yY9ZsW7U49QtY75ogOo1fpweAtHVGuNAm1C%2BEPVsog8BOvHlQMhy9GCUjlLFYw1HXZ8nbjHtMopKb9S61J7We5Zry0MoPiOQCXpN1nFjvgyY83YgSyLfKVXAsWz7O0nJ3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
alt-svc: h2=":443"; ma=60

crystal-blocker.com/assets/media/303cbcad896fb6361c2574fc511f4fb4.png

172.67.146.119

200 OK

606 kB

URL HTTP/1.1
crystal-blocker.com/assets/media/303cbcad896fb6361c2574fc511f4fb4.png
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 2305 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
606 kB (605782 bytes)
Hash
83f963888aa3e127af1518faee9cce5d
11b29a56d6fd1472440bd56f7c3d2bf804ca2f08
e43d72064c5694542683360c1e19afd98e9e93ce138f35eee2141433624b9d46

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/media/303cbcad896fb6361c2574fc511f4fb4.png HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/png
Content-Length: 605782
Connection: keep-alive
CF-Ray: 75ac26cd7d3ab509-OSL
Accept-Ranges: bytes
Age: 99977
Cache-Control: max-age=2592000
ETag: assets/media/303cbcad896fb6361c2574fc511f4fb4.12f6e97b94.png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QvA9N2dS5%2BOM4qiLDQCN2KTGZFA3%2F109SOfJCpLP0lf2VYZW4d3fq8F9Kx%2BA6Afa%2FCJ7nS8SDfO7%2BFv3m17Fq8Nb6yh2wM5uXc7AUdxWuzGFN3TaVfasubm4KgFTj5Z%2BIIdh4eDu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
alt-svc: h2=":443"; ma=60

crystal-blocker.com/assets/media/7ab05ca025ab63a5e68131bc5f81f9ce.svg

172.67.146.119

200 OK

1.2 kB

URL HTTP/1.1
crystal-blocker.com/assets/media/7ab05ca025ab63a5e68131bc5f81f9ce.svg
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1082)
Size
1.2 kB (1196 bytes)
Hash
df23de56683ad49e459371743a457af2
5fbd1529edaad22e0f4592fcdfd7c839a814dcf2
d180e58227cc77860dbcda6218fafbbb44043564cb742347243303638b9c4c13

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/media/7ab05ca025ab63a5e68131bc5f81f9ce.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26cd8caa1bfa-OSL
Age: 99977
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FPuHRPP6SrdXCkCDbRoCkxVGFATxGhSBBUm8NzzHSNwfV4REBTjYlGpKWhMZ%2F%2FrCk65%2FJCU6L7JlKSSOkRrKGlIOcOB3sv06HXPStpA4KQQfoEjlLhRQRJpW%2FbHvLGUsBNz%2FTp52"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

crystal-blocker.com/assets/media/56b706933fc084a3c96ead1131e9d369.svg

172.67.146.119

200 OK

2.3 kB

URL HTTP/1.1
crystal-blocker.com/assets/media/56b706933fc084a3c96ead1131e9d369.svg
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (831)
Size
2.3 kB (2335 bytes)
Hash
f6f8ce09e1ac7c4fe5dd58c8eb5a42bb
e886a71d25a7bab9d48eaa2269781a848f93f568
3c06aca52b7d309c30d200f7f9a40193da9df47f797dbe1f8f380422081bf69c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/media/56b706933fc084a3c96ead1131e9d369.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26cd8dfe1c02-OSL
Age: 112263
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Im2nTvx9ZVeTZ2EYETT7jGoCWsn8gJR%2FXBRkaaz%2FcohlXQbeRWrxzU1oK%2B%2FUmeiDx4D%2B3pNS4%2BmsCy6E%2Bdi2bHP4BDPbRHDYBBrjLVrEVKpq5Fl81LDbi1yoLXCv5TNAyiKxGl5L"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d3a7a0d85121715a9a3590df07145cd8
7da0f8eba172ed91b10f292054a913b1b33da66d
e77042397dd2555f12bfd9ed17a663845ce9c657c852af3807c90581f91fbb90

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
254c0f79943125eff7adbf9cb30d2b46
e24342391b47646fbbe9fa6a26dd95c0eadda7e5
35052bd13c72ac6c33ec3aa08ae793c5e12d2edeec5c91c9e2b2ac4762c3fc67

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
254c0f79943125eff7adbf9cb30d2b46
e24342391b47646fbbe9fa6a26dd95c0eadda7e5
35052bd13c72ac6c33ec3aa08ae793c5e12d2edeec5c91c9e2b2ac4762c3fc67

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css2?family=Roboto&display=swap

142.250.74.10

200 OK

6.0 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Roboto&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
6.0 kB (5960 bytes)
Hash
f9898c503494b6d8a05d5da32adf2528
1abe34266c9ca0c9d92c875fb97078b11cd39651
2b35b496161ca167b941a579ac71d9a6adc82a5a520a3c7edf66d62dc8f0327f

HTTP Headers

GET /css2?family=Roboto&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://crystal-blocker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 15 Oct 2022 22:57:03 GMT
date: Sat, 15 Oct 2022 22:57:03 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/quantico/v15/rax-HiSdp9cPL3KIF7xrJD0.woff2

216.58.207.195

200 OK

5.4 kB

URL HTTP/2
fonts.gstatic.com/s/quantico/v15/rax-HiSdp9cPL3KIF7xrJD0.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 5384, version 1.0\012- data
Size
5.4 kB (5384 bytes)
Hash
9b626017702a3f43af4052d4c2154dcf
9a21c3f3a89e056a3957fb271ba0dee66e44ddef
93e051a858871edb3ae5f429957710e1fd61737f138600b5f7bef481b06f8cf6

HTTP Headers

GET /s/quantico/v15/rax-HiSdp9cPL3KIF7xrJD0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://crystal-blocker.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5384
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 12 Oct 2022 22:49:13 GMT
expires: Thu, 12 Oct 2023 22:49:13 GMT
cache-control: public, max-age=31536000
age: 259670
last-modified: Wed, 27 Apr 2022 15:37:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
254c0f79943125eff7adbf9cb30d2b46
e24342391b47646fbbe9fa6a26dd95c0eadda7e5
35052bd13c72ac6c33ec3aa08ae793c5e12d2edeec5c91c9e2b2ac4762c3fc67

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:57:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

crystal-blocker.com/assets/media/bc18d8f4758d51184bfdd85f7357b9a3.svg

172.67.146.119

200 OK

1.3 kB

URL HTTP/1.1
crystal-blocker.com/assets/media/bc18d8f4758d51184bfdd85f7357b9a3.svg
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (837)
Size
1.3 kB (1296 bytes)
Hash
00332cc7d17d0e81f7cc4c745872adf9
5de580fddbaaabf6023efd58fb51e25433a7679b
2bc83263841bd6730ee4ba43236b062101d149c037f1e09bbc31a670e25e2dab

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/media/bc18d8f4758d51184bfdd85f7357b9a3.svg HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26cd7f070b4d-OSL
Age: 106569
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FIEL547oSBHGgAw2W1cgaxX7UvWaXn8w0rH5Mm%2F9UX5FCpnz30CHxS%2BVsrzyr20LPRj9eLbh51qa9HBeelKuPW2V8Dsl%2BdAUm51t0Hjzs1Hu8iA3T6OQrTIyLKUQBWwhTV%2B7WRzf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

crystal-blocker.com/assets/images/crb.ico

172.67.146.119

200 OK

14 kB

URL HTTP/1.1
crystal-blocker.com/assets/images/crb.ico
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14085 bytes)
Hash
6dad091aa2a02d75f3471dfbeb19ae6c
81182541c0d711505c9f981237f093792c9bc102
23323e58592a3b65b62bd83382c297965216f754f92edbb2041dcc0bf7541d8e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/images/crb.ico HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/vnd.microsoft.icon
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75ac26cefcacb515-OSL
Age: 110591
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6w8FtERfdAbOUFfbI0JcPcFn%2Bk6BAY26oXdPgbmkanellTE8j8VjXAeJWKB8p2SJPHnKVe3dNMtO9dMQVy5oMbNDvVLfDRPb1Sw97Isj7y9WF1w6tjwb%2BD3KmixV%2FI7%2BfqRzf8NK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 15 Oct 2022 22:07:43 GMT
Cache-Control: max-age=3600
Expires: Sat, 15 Oct 2022 23:03:41 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rp8Jn9Ve0beIpGhHMDQeTyr9Z-7w2Y-BMAuwQIpmCODDmFTHec9Q1A==
Age: 2960

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
301aafc13bc66315321d9476df002258
e6bfd29899543fcd4d1b332623757bbad355306f
c64315afdfcf146b16942d981588ed912650472c5e2bba7b6f8dee396d820860

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2808
Cache-Control: max-age=122199
Content-Type: application/ocsp-response
Date: Sat, 15 Oct 2022 22:57:04 GMT
Etag: "634a6a1f-1d7"
Expires: Mon, 17 Oct 2022 08:53:43 GMT
Last-Modified: Sat, 15 Oct 2022 08:06:55 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.149.101.24

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.101.24:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: g/ih1Dut7d+eRhbCiUeWKA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ddaGknuCijXw9UWxv3hwT1e2rWY=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11587
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:57:05 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11587
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:57:05 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11587
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:57:05 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11587
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:57:05 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a239968682150ba8fb61f7b2101edba3
35724b1e7f236cddd2e9c542a0da63d9e915c310
e2cb65724d3870506a1efcfd90f43c61f87bb694b0c2cb07568bf1aaea7d1d98

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2CB65724D3870506A1EFCFD90F43C61F87BB694B0C2CB07568BF1AAEA7D1D98"
Last-Modified: Fri, 14 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11587
Expires: Sun, 16 Oct 2022 02:10:12 GMT
Date: Sat, 15 Oct 2022 22:57:05 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9623 bytes)
Hash
440811a19987ddee099df289d9b61e79
ce0f78803a81b1c6b3067c78b75bc6f1d5a7f7c1
1309e9dcb36858de70ef82900ec1ad429fbb795ddb9823fd1c290b18f4e2c1a3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6da0eaa5-24ec-42bb-8269-d235104e844f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9623
x-amzn-requestid: b3d5bd8d-111b-4d50-9720-71f72c62f860
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z7Q8oFLRIAMFrEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6347951d-613e5e810f420e4c0ba3e6f6;Sampled=0
x-amzn-remapped-date: Thu, 13 Oct 2022 04:33:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OA9iHADyiam26eo88jYDECifkqeBaTjsuoeHD2YOy0aZJZEGhG-xow==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:36:56 GMT
age: 4809
etag: "ce0f78803a81b1c6b3067c78b75bc6f1d5a7f7c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd598770c-51f9-4f63-b867-7d947fc34662.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9712 bytes)
Hash
f694b16fe6b05fb6a7a65509c4e9632a
85958d2ad645333d91d40b14bebe10615d3e7e53
52cffe400c9af78844421b5205f8913fdb76b1a30ee171a499db970f139eedd4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd598770c-51f9-4f63-b867-7d947fc34662.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9712
x-amzn-requestid: f96ff191-54d0-4789-8ee9-51f385ed3450
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEM6YFxWoAMFXCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b2842-68527bce630fd97470b129d3;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Tzmah-6Mm1YfZULJZ4MsBSl_zo2RMAw89iYzA4BItNNQ7tweQVlNsQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 22:06:40 GMT
age: 3025
etag: "85958d2ad645333d91d40b14bebe10615d3e7e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84cb3cfe-794c-4730-88c6-35e4b3cd9c1d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6722 bytes)
Hash
1741327ab198a2decd032da4f0be91f9
3d9d9f0b0d64600e8b05301120393aaae04e0e6a
863e23e1f5ddb2cfbf19b76817ddb28f646fe53af97e9ca714bbd5d6078fc712

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84cb3cfe-794c-4730-88c6-35e4b3cd9c1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6722
x-amzn-requestid: e29643cd-9d6f-4d27-897d-cb5460fe4735
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEM6ZGdBIAMFalA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b2842-4555e10b7c637c3f792b9cf0;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GL1Ay0ooLsCV3C180mUcMK64TLmAjDcgvll_geN0aN8hNPVVwwfQ0w==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 22:37:10 GMT
etag: "3d9d9f0b0d64600e8b05301120393aaae04e0e6a"
content-type: image/jpeg
age: 1195
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c5bf7f3-2af5-4e40-a5dc-a596e1c0f04a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7267 bytes)
Hash
30232da4d2dc9438982ea90cc10dc912
cace2a97bcc0d2678a3291b82bac8abb61eda167
36a0176591f89a7c754964fb130b49da13cd78c006b4121fb77f7514f521eed5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c5bf7f3-2af5-4e40-a5dc-a596e1c0f04a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7267
x-amzn-requestid: 4b433a90-541f-4733-9435-0ef316859640
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEMu0F7roAMFrEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b27f8-2a43cdc93330ecc44acc6d69;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:36:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: D90f8cqKzjV5zxBkcPhx39iwI6-_SEZiYsIJwCDEV_makqa_s4hXKQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:36:56 GMT
etag: "cace2a97bcc0d2678a3291b82bac8abb61eda167"
content-type: image/jpeg
age: 4809
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb91747-1466-4fb0-9c5c-e679a1294f9a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6248 bytes)
Hash
9460ab18b402041fc437809f09b5ca07
83129b8fcd100f7de5e79f685c8dd49a226fb6bd
bbd9f2db14ede4b5711042f892621aaf6602ccec6be2bee07534b11f2b73e671

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb91747-1466-4fb0-9c5c-e679a1294f9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6248
x-amzn-requestid: 0170ca13-eaee-4645-b3ca-0e3db5067dbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEMw5HMVIAMF2Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b2805-272b5ffb16c194ba746d74b6;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:37:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: a8j08kCiCITu5kWwdriG13kuFbvBss29qGNLThJAa_EF-ux3OLP5gA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:37:49 GMT
age: 4756
etag: "83129b8fcd100f7de5e79f685c8dd49a226fb6bd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b614d2-adbf-45ee-99ac-e4af9744b875.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11351 bytes)
Hash
547b1dc796288f5c4f2afee1cb5fa073
65221ad29339e14482d0f4520a116287936af308
3efc0ffc960d12ea1de4c1dde9b4356e1621ad17caef69690776638d697ce0a8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b614d2-adbf-45ee-99ac-e4af9744b875.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11351
x-amzn-requestid: 8dea889d-00dd-4ac8-9992-a622ffe6cb4a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aENseG_XoAMFYfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b2982-75a03a0d57ca7d6010516b54;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:43:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: cbwjQWtMLkxVetKotUNS3nnjjHBJOuuFEch68uz17zlMOPx2q3kVeA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:58:49 GMT
age: 3496
etag: "65221ad29339e14482d0f4520a116287936af308"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Quantico:wght@100;300;400;500;600;700;900&display=swap

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Quantico:wght@100;300;400;500;600;700;900&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Quantico:wght@100;300;400;500;600;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://crystal-blocker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 15 Oct 2022 22:57:03 GMT
date: Sat, 15 Oct 2022 22:57:03 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

crystal-blocker.com/assets/media/deddcf701154302a2852f7d01e10dac5.png

172.67.146.119

200 OK

0 B

URL HTTP/1.1
crystal-blocker.com/assets/media/deddcf701154302a2852f7d01e10dac5.png
IP
172.67.146.119:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/media/deddcf701154302a2852f7d01e10dac5.png HTTP/1.1
Host: crystal-blocker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://crystal-blocker.com/?scenario=promo9v1&step2=direct&trackingdomain=t.solaranalytics.org&source_id=e6773e24-cd6f-4dcb-a1f9-72b3990ec835&cep=fdhJaCEybIWV0yd6XjUemd3f6M0WqS52W3P-66KyzJzRaEcDQKJwnzjVrkgzyk8wYGb7aVVcHibWNRabHwgMAN1sqTdiTdNpBTCGJA3t2wcRkhRx7FkM-KCrWRL36vbY5CxY9H7PClQdrYYyQpAvHWc9qWFVTYjE5eHgJY_WqbKAcwYD7CZxjUvP1TVoAGGcn3JQhYljentw_18IvPDoBPed9euawGPngtu0tgy46CX7p1T7rRHheu5SabKrfUaFecbgysEDdScshCHG_dDpszfEQ-QmLuvJMmsXRhld6dko935hzaDuaFE8JoDTFIgTUcZKQ1q6EV6HEYx21UuptFe1rN4wPjmukP7KrWwAwdl8Ip_Dbo0EPU_XQ22S3ygvUXbn9EZmX5UZ77X9I8eKJ-EPGllRNWbbDOLYJ9bcUQ8&lptoken=166f655687856460174c

HTTP/1.1 200 OK
Date: Sat, 15 Oct 2022 22:57:03 GMT
Content-Type: image/png
Content-Length: 217986
Connection: keep-alive
CF-Ray: 75ac26cd7b07b515-OSL
Accept-Ranges: bytes
Age: 99977
Cache-Control: max-age=2592000
ETag: assets/media/deddcf701154302a2852f7d01e10dac5.f76402aa01.png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
CF-Cache-Status: HIT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P0w46hyoD8ydvneFntRwPRtLJOsPlEeh3wYGCp39dkOhI7jiKt9J66yqgdM6r6%2B7nY4th1j%2BFyC99sKDSTVKd%2FMXKrKju2FFnFiKzuuGPAF8ACoaKORPn%2ByQYVXNhMMMUFOCDENN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
alt-svc: h2=":443"; ma=60

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (41)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type