Report - cleaning.homesecuritypc.com/packages/Fduphhq

Report Overview

URL

cleaning.homesecuritypc.com/packages/Fduphhq_Bzaeudor.bmp
IP

79.110.63.239

ASN

#0
Submitted

2023-03-19T08:39:37Z

Access

public
Tags

dyndns
urlquery detections

Suspicious - DynDNS domain

Detections

urlquery

3
Network Intrusion Detection

19
Threat Detection Systems

5

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-26T05:11:59Z	333	391	34.117.237.239
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-26T05:10:29Z	606	127	35.155.0.88
cleaning.homesecuritypc.com (2)	unknown	2022-05-29T21:35:33Z	2023-03-24T10:11:15Z	743	4634696	79.110.63.239
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-26T05:09:08Z	3245	51737	34.120.237.76
r3.o.lencr.org (7)	344	2020-12-02T09:52:13Z	2023-03-25T18:12:03Z	2366	6204	23.36.76.226
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-25T18:14:26Z	782	2373	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-26T05:11:12Z	413	5894	34.160.144.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-03-19T08:39:30Z	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.homesecuritypc .com
2023-03-19T08:39:30Z	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.homesecuritypc .com
2023-03-19T08:39:30Z	medium	Client IP	79.110.63.239	ET INFO DYNAMIC_DNS HTTP Request to a *.homesecuritypc .com Domain
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Observed Suspicious Reversed String Inbound (Microsoft)
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (kernel32.dll)
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (mscoree.dll)
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (VS_VERSION_INFO) M1
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (VarFileInfo) M1
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (StringFileInfo) M1
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (Comments) M1
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (CompanyName) M1
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (FileDescription) M1
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (InternalName) M1
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (FileVersion) M1
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (LegalCopyright) M1
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (LegalTrademarks) M1
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (OriginalFilename) M1
2023-03-19T08:39:30Z	medium	79.110.63.239	Client IP	ETPRO HUNTING Suspicious Reversed String Inbound (ProductName) M1
2023-03-19T08:39:33Z	medium	Client IP	79.110.63.239	ET INFO DYNAMIC_DNS HTTP Request to a *.homesecuritypc .com Domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-19	medium	cleaning.homesecuritypc.com/packages/Fduphhq_Bzaeudor.bmp	Malware

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2023-03-19	medium	cleaning.homesecuritypc.com	Sinkholed
2023-03-19	medium	cleaning.homesecuritypc.com	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-03-19	medium	cleaning.homesecuritypc.com	Sinkholed
2023-03-19	medium	cleaning.homesecuritypc.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (20)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

2857be6f18459c7a4a7f00f6cd6076f1

570609086d72a9be57cde7bfefd25663c1035fba

bd8abb8f420d1e31462fca1d6a7caadf1e2bba6fc7db05684b5811e00e84107f

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD8ABB8F420D1E31462FCA1D6A7CAADF1E2BBA6FC7DB05684B5811E00E84107F"
Last-Modified: Fri, 17 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15498
Expires: Sun, 19 Mar 2023 12:57:44 GMT
Date: Sun, 19 Mar 2023 08:39:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

443a700f85619f4fd8a548421c5c23e2

a58764a07feafb2bb4b340c020b5104c55b35195

0bc80613f3d493ea081bf5672ab76f6f33a1dcc0710fe1431de83c46d7e8d31d

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0BC80613F3D493EA081BF5672AB76F6F33A1DCC0710FE1431DE83C46D7E8D31D"
Last-Modified: Fri, 17 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7934
Expires: Sun, 19 Mar 2023 10:51:40 GMT
Date: Sun, 19 Mar 2023 08:39:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

eddc2a353d39e5ce5c30d7e90b3ed6a5

305e86e4b966344c135c50af9a6509ffd3a83e9e

bd775c38c2e11f1baedde5d92ab17ceaf4c2067f8ea996595a66801758a71813

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD775C38C2E11F1BAEDDE5D92AB17CEAF4C2067F8EA996595A66801758A71813"
Last-Modified: Fri, 17 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2601
Expires: Sun, 19 Mar 2023 09:22:48 GMT
Date: Sun, 19 Mar 2023 08:39:27 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

bc86ef2a0cee04915bc360f5821adc8f

3658f9028cce204d38f7f48fcfaa2a8e4f54383a

aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 19 Mar 2023 08:27:03 GMT
content-type: application/json
age: 744
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

e7bace7c1e04d44012e37ddffe36e5d5

3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2

6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: wdLIUc41OEXTryQ3nNPBrOZvg7ZYyjBL5m7JZYgjYAuDH4gyDsm2Gfw5GkhjECoQPfieNdlVOSJNjuye3djLww==
x-amz-request-id: S6PE8N88PP6Y1FPF
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 19 Mar 2023 07:52:17 GMT
age: 2830
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sun, 19 Mar 2023 08:39:26 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Length, Retry-After, Content-Type, Expires, Alert, Pragma, ETag, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 19 Mar 2023 08:14:32 GMT
age: 1495
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

0a4b141e90b0fb22cf6d10a6a4fd360d

37b081be1a69edb97a7c562b71474f4d7405d94e

5db17bb0a40658845e03d8237a69458a0576d955006ee224930b0310179af9af

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5DB17BB0A40658845E03D8237A69458A0576D955006EE224930B0310179AF9AF"
Last-Modified: Fri, 17 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13161
Expires: Sun, 19 Mar 2023 12:18:48 GMT
Date: Sun, 19 Mar 2023 08:39:27 GMT
Connection: keep-alive

push.services.mozilla.com/

35.155.0.88

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

35.155.0.88:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7VMwqqbHTRpxrQBYaUdGuw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 0zyCm2uNQFUK6EA5t6NmYmFAn9U=

cleaning.homesecuritypc.com/packages/Fduphhq_Bzaeudor.bmp

79.110.63.239

200 OK

4633088

URL HTTP/1.1

cleaning.homesecuritypc.com/packages/Fduphhq_Bzaeudor.bmp
IP

79.110.63.239:0
ASN

#0

Magic

data

Size

4633088
Hash

82f94837ffafc656e50ce0597fa229d5

1b70f3867ac03b10d432303f1b6af70c714b8980

c459dc15c34eca2eb5d8846c17a8b0c3d644ce84ad23f49a7dedd87fb669c38f

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.homesecuritypc .com Domain
suricata	medium	ETPRO HUNTING Observed Suspicious Reversed String Inbound (Microsoft)
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (kernel32.dll)
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (mscoree.dll)
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (VS_VERSION_INFO) M1
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (VarFileInfo) M1
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (StringFileInfo) M1
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (Comments) M1
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (CompanyName) M1
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (FileDescription) M1
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (InternalName) M1
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (FileVersion) M1
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (LegalCopyright) M1
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (LegalTrademarks) M1
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (OriginalFilename) M1
suricata	medium	ETPRO HUNTING Suspicious Reversed String Inbound (ProductName) M1

HTTP Headers

                                        GET /packages/Fduphhq_Bzaeudor.bmp HTTP/1.1
Host: cleaning.homesecuritypc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Content-Type: image/bmp
Last-Modified: Sat, 16 Jul 2022 21:56:01 GMT
Accept-Ranges: bytes
ETag: "411aa3d65e99d81:0"
Server: Microsoft-IIS/10.0
Date: Sun, 19 Mar 2023 08:39:26 GMT
Content-Length: 4633088

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

de95776582936b8e129e876cf6d80fa8

0233251e1cf0123f1260d980d7c8ef92718723f9

49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4455
Expires: Sun, 19 Mar 2023 09:53:44 GMT
Date: Sun, 19 Mar 2023 08:39:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

de95776582936b8e129e876cf6d80fa8

0233251e1cf0123f1260d980d7c8ef92718723f9

49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4455
Expires: Sun, 19 Mar 2023 09:53:44 GMT
Date: Sun, 19 Mar 2023 08:39:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

de95776582936b8e129e876cf6d80fa8

0233251e1cf0123f1260d980d7c8ef92718723f9

49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4455
Expires: Sun, 19 Mar 2023 09:53:44 GMT
Date: Sun, 19 Mar 2023 08:39:29 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png

34.120.237.76

200 OK

10338

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10338
Hash

78453ba98b72eff3879ef163b59c86ed

80519bb3726ee1f9f211344cd433cefaed3a7f2e

61adfeff11af9583355ac7d1500e8a8d97357b2846f151f2421001994fb06655

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10338
x-amzn-requestid: 9f880b5b-056c-44bb-a811-36ea27c232aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgFGENoAMFuVw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-2318d444248f7610300c658f;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: K19FG80YIBs-7NnPFJQEodETe4DpifB_BA2FpyYtB0W-sXXjNlLKxw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 21618d080c6bfbcd465fc55a167a8c1a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 19 Mar 2023 07:04:47 GMT
age: 5682
etag: "80519bb3726ee1f9f211344cd433cefaed3a7f2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7842

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F58bd5191-7eab-437d-a18c-a930f08c6cc6.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

7842
Hash

916a27eee94b9be1c268cd17c11c4824

4530492308074d7f4f7f888593149377e70ee561

a7aeaf49047efb11e4cd8b72bd2e00b4afdfe461b5be50d88c343ffbf3d3ca45

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F58bd5191-7eab-437d-a18c-a930f08c6cc6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 7842
x-amzn-requestid: 6e6fff9e-c942-498d-b649-9f7f6d82fba6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B6lDbHn4oAMF5BA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64141baf-268367ad5333899e40d8353d;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 07:50:07 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: k1cHkKf_bxsiXniP1nGXKi6fUo9WFRCOkvu7hewwOQZdtkWnBtoktQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 0906d4887f6625f4a4467d8d4fd268d2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 18 Mar 2023 22:13:50 GMT
age: 37539
etag: "4530492308074d7f4f7f888593149377e70ee561"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8189

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe323f22e-6800-4578-a34f-a8fa940499e0.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8189
Hash

6645ef8b7e2b10326cc1cb7c76f82769

cc7b05fa466c6ecd6c8a0e0d6ccc96ecbd59aced

1076fa495f0b7cc23922f64cc6a6f596de9a6f08ea7549eef785d804db0be7fc

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe323f22e-6800-4578-a34f-a8fa940499e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8189
x-amzn-requestid: 3815c61d-6d05-4794-bd9a-d417d1270527
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B_wqgGsdIAMFi6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64162e42-6af86b2a21b89d38559ca754;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 21:33:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: n-Dbnb07Rsh0y_T4UW0VQSyRcV96MehdMiFlhdUtcrCiqZVL5ZVJxg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Sat, 18 Mar 2023 22:14:54 GMT
age: 37475
etag: "cc7b05fa466c6ecd6c8a0e0d6ccc96ecbd59aced"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7432

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F834645cc-a32c-47ac-a12f-235778429d48.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

7432
Hash

082117af513213d5b43e25c97b2b2ed6

f7f8151a3827455579613bf12a3e45c049fb2e33

bb31257b2410493e8ab481ce3f2a3215c7ca5af9702319afbafc17b988d5bde1

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F834645cc-a32c-47ac-a12f-235778429d48.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 7432
x-amzn-requestid: eadf4a39-81bf-4e09-b9e4-45e3c9592996
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B_w2HEzSoAMFTxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64162e8d-099b5c3d32d7d7300266dd95;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 21:35:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: geY0kRQBa0RwG_aW9n_18KoQrJNNNR3zRMKkmsA2OOXQHGkEE4N0Qw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 a06140ffee86972bad90c57fc682df36.cloudfront.net (CloudFront), 1.1 google
date: Sat, 18 Mar 2023 22:13:23 GMT
age: 37566
etag: "f7f8151a3827455579613bf12a3e45c049fb2e33"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6265

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae7f77f1-adab-464f-87e7-4a15dcd322ba.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6265
Hash

c70e6317e3ccd8783db05f712ab8b319

ae05abedca84094ff077fdfb6b5ea0e6148a086b

9d3edfaeab32dfa522cd0eac659b93eb561b33a91149428e7a5d7ec84431bb72

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae7f77f1-adab-464f-87e7-4a15dcd322ba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6265
x-amzn-requestid: a40c18f5-e26f-48d0-982a-ebfc9fa92b9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B_wYuEa7IAMFneQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64162dd1-42b70f637dc3b2d222d98f9b;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 21:32:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: UI-PcxN2YSytmygeVp4WBCSbtLH9egiAhP5vyJI7xN7iN1QAe1mqEA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Sat, 18 Mar 2023 21:44:34 GMT
age: 39295
etag: "ae05abedca84094ff077fdfb6b5ea0e6148a086b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5311

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffb155f3-4b60-4d8c-879f-3b7bd1c5c129.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5311
Hash

07289211ce045b31693c7bb59c06f338

210abec1182bb94b9d0e48827ecb8023611c4489

808b7bfa4b75cfb91e003d6375802da7d2719de29d4f64776dea57992b7632c4

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffb155f3-4b60-4d8c-879f-3b7bd1c5c129.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5311
x-amzn-requestid: 3e000f36-3e2a-4008-950b-2e9f83306e51
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B_w3eFmtIAMF7EA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64162e95-1b9e4cc8033920ea365de22f;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 21:35:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: mB-sWMCTChGtVbvW4TkpKqqpSACyRLw9x32bDY3kvV3f0IrEsti9cg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 9adef5b1c5fc9ca80d6f4f8d19e103a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 18 Mar 2023 21:48:16 GMT
etag: "210abec1182bb94b9d0e48827ecb8023611c4489"
content-type: image/jpeg
age: 39073
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cleaning.homesecuritypc.com/favicon.ico

79.110.63.239

404 Not Found

1245

URL HTTP/1.1

cleaning.homesecuritypc.com/favicon.ico
IP

79.110.63.239:0
ASN

#0

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators

Size

1245
Hash

5343c1a8b203c162a3bf3870d9f50fd4

04b5b886c20d88b57eea6d8ff882624a4ac1e51d

dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
mnemonic_dns	Sinkholed
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.homesecuritypc .com Domain

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: cleaning.homesecuritypc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cleaning.homesecuritypc.com/packages/Fduphhq_Bzaeudor.bmp

                                        HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
Date: Sun, 19 Mar 2023 08:39:28 GMT
Content-Length: 1245

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (20)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash