Report - www.protectfreefasteffective.rest/bc424d50-1e42-426e-9130-7446cf6fc5fd/?btd=dHJrLnNoaW5lLWNhci1kZXNlcnQtYWRqZWN0aXZlLnh5eg&exptoken=MTY2NzEyNjM0Mjk2OA==&lang=en&r_countrycode=GB&r_ip=2a01:4b00:8694:700:4831:dd3f:a7b7:e349&r_lang=en&r_okeyword=amazon%C2%A31000&td=dHJrLmZhdC1wbGFpbi1zdGF0ZW1lbnQtbG92ZWx5Lnh5ei9zbndkYXJ0Zg

Report Overview

Submitted URL
www.protectfreefasteffective.rest/bc424d50-1e42-426e-9130-7446cf6fc5fd/?btd=dHJrLnNoaW5lLWNhci1kZXNlcnQtYWRqZWN0aXZlLnh5eg&exptoken=MTY2NzEyNjM0Mjk2OA==&lang=en&r_countrycode=GB&r_ip=2a01:4b00:8694:700:4831:dd3f:a7b7:e349&r_lang=en&r_okeyword=amazon%C2%A31000&td=dHJrLmZhdC1wbGFpbi1zdGF0ZW1lbnQtbG92ZWx5Lnh5ei9zbndkYXJ0Zg
IP
172.67.145.167
ASN
#13335 CLOUDFLARENET
Submitted
2022-10-30 10:40:20
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
46

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	1.0 kB	2.4 kB	93.184.220.29
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	2.1 kB	4.3 kB	142.250.74.35
cdn.protectfreefasteffective.rest	unknown			11 kB	101 kB	172.67.145.167
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	62 kB	34.120.237.76
www.protectfreefasteffective.rest	unknown	2022-10-21T21:41:17Z	2023-01-18T11:10:03Z	652 B	3.2 kB	104.21.73.147
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.0 kB	5.3 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	44.237.51.86

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed
2022-10-30	medium	protectfreefasteffective.rest	Sinkholed

JavaScript (7)

	URL	Size	First Seen	Last Seen
	www.protectfreefasteffective.rest/bc424d50-1e42-426e-9130-7446cf6fc5fd/?btd=dHJrLnNoaW5lLWNhci1kZXNlcnQtYWRqZWN0aXZlLnh5eg&exptoken=MTY2NzEyNjM0Mjk2OA==&lang=en&r_countrycode=GB&r_ip=2a01:4b00:8694:700:4831:dd3f:a7b7:e349&r_lang=en&r_okeyword=amazon%C2%A31000&td=dHJrLmZhdC1wbGFpbi1zdGF0ZW1lbnQtbG92ZWx5Lnh5ei9zbndkYXJ0Zg	590 B	2023-03-10	2023-03-10
Pretty URL www.protectfreefasteffective.rest/bc424d50-1e42-426e-9130-7446cf6fc5fd/?btd=dHJrLnNoaW5lLWNhci1kZXNlcnQtYWRqZWN0aXZlLnh5eg&exptoken=MTY2NzEyNjM0Mjk2OA==&lang=en&r_countrycode=GB&r_ip=2a01:4b00:8694:700:4831:dd3f:a7b7:e349&r_lang=en&r_okeyword=amazon%C2%A31000&td=dHJrLmZhdC1wbGFpbi1zdGF0ZW1lbnQtbG92ZWx5Lnh5ei9zbndkYXJ0Zg IP 104.21.73.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:44:42 Last Seen2023-03-10 17:44:42 Times Seen1 Hash bf9d9659bc38579809fc9aa8fedd0adc 3bb2aa208cdb3e08496d7e407308e111555b62a9 817dc8aac175b8be6dd797ac976bf6e75c68195d2ce092d66b17389ae0e69d67 Loading...

	www.protectfreefasteffective.rest/bc424d50-1e42-426e-9130-7446cf6fc5fd/?btd=dHJrLnNoaW5lLWNhci1kZXNlcnQtYWRqZWN0aXZlLnh5eg&exptoken=MTY2NzEyNjM0Mjk2OA==&lang=en&r_countrycode=GB&r_ip=2a01:4b00:8694:700:4831:dd3f:a7b7:e349&r_lang=en&r_okeyword=amazon%C2%A31000&td=dHJrLmZhdC1wbGFpbi1zdGF0ZW1lbnQtbG92ZWx5Lnh5ei9zbndkYXJ0Zg	78 B	2023-03-07	2024-04-24
Pretty URL www.protectfreefasteffective.rest/bc424d50-1e42-426e-9130-7446cf6fc5fd/?btd=dHJrLnNoaW5lLWNhci1kZXNlcnQtYWRqZWN0aXZlLnh5eg&exptoken=MTY2NzEyNjM0Mjk2OA==&lang=en&r_countrycode=GB&r_ip=2a01:4b00:8694:700:4831:dd3f:a7b7:e349&r_lang=en&r_okeyword=amazon%C2%A31000&td=dHJrLmZhdC1wbGFpbi1zdGF0ZW1lbnQtbG92ZWx5Lnh5ei9zbndkYXJ0Zg IP 104.21.73.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:25:16 Last Seen2024-04-24 15:26:16 Times Seen42 Hash 985462355c280bd73f8d0f5aa42fae66 9751c8a78d12bf5b18d275d59f347f9e78275d86 001d88eda4af893407ae71661fb48feeebf2fa8b5772f1f6ef2a99be923f238e Loading...

	cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/script1.js	4.3 kB	2023-03-07	2023-03-10
Pretty URL cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/script1.js IP 172.67.145.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:25:16 Last Seen2023-03-10 17:44:42 Times Seen1 Hash c8a5862f16ecab28c2caf35aaea02b28 4824262641437a629d8bc0fb66adbfc5f8873b11 06b8ddbda4d9ed67ed2c84664117583d5d817fbf8603460d9293c2e6fee1c0b1 Loading...

	cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/audio1.js	349 B	2023-03-07	2024-04-24
Pretty URL cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/audio1.js IP 172.67.145.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:25:16 Last Seen2024-04-24 05:07:36 Times Seen17 Hash f18441557cc617ee1b3a0d8be7af32db 24db320f59da11c3c2e41ab24d02f4dad4083bae a066ba39b39fcbd933227e93b5db6c992250c40324eff333c311aaecefa6bb78 Loading...

	cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/confetti.js	5.8 kB	2023-03-07	2024-04-24
Pretty URL cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/confetti.js IP 172.67.145.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:25:16 Last Seen2024-04-24 05:07:36 Times Seen20 Hash 569f8cac29e28c0c0c3840eb3ea57f97 c063225fbdc6653a0881ae93513215ca4cf0e370 620eb11860249bad4de011d39202d9b01ef791565fc332e79047c0e5429e7fba Loading...

	www.protectfreefasteffective.rest/bc424d50-1e42-426e-9130-7446cf6fc5fd/?btd=dHJrLnNoaW5lLWNhci1kZXNlcnQtYWRqZWN0aXZlLnh5eg&exptoken=MTY2NzEyNjM0Mjk2OA==&lang=en&r_countrycode=GB&r_ip=2a01:4b00:8694:700:4831:dd3f:a7b7:e349&r_lang=en&r_okeyword=amazon%C2%A31000&td=dHJrLmZhdC1wbGFpbi1zdGF0ZW1lbnQtbG92ZWx5Lnh5ei9zbndkYXJ0Zg	133 B	2023-03-10	2023-03-10
Pretty URL www.protectfreefasteffective.rest/bc424d50-1e42-426e-9130-7446cf6fc5fd/?btd=dHJrLnNoaW5lLWNhci1kZXNlcnQtYWRqZWN0aXZlLnh5eg&exptoken=MTY2NzEyNjM0Mjk2OA==&lang=en&r_countrycode=GB&r_ip=2a01:4b00:8694:700:4831:dd3f:a7b7:e349&r_lang=en&r_okeyword=amazon%C2%A31000&td=dHJrLmZhdC1wbGFpbi1zdGF0ZW1lbnQtbG92ZWx5Lnh5ei9zbndkYXJ0Zg IP 104.21.73.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:44:42 Last Seen2023-03-10 17:44:42 Times Seen1 Hash 472e5ea3df079618ffaa5e0ccf0a5737 0c52e256304c66fce7e5d4fb761a427fb99f0d85 fc4011e2da7b164169c14df0ad9f9071fb0067386b56cc12cff2e2b2acc917e5 Loading...

		Size	First Seen	Last Seen
	#1 Write - 3a824154b16ed7dab899bf000b80eeee	4 B	2023-03-07	2024-02-13
Pretty Observations First Seen2023-03-07 01:02:03 Last Seen2024-02-13 04:29:14 Times Seen34 Hash 3a824154b16ed7dab899bf000b80eeee e575dccc71140754dd85beda5965b6a358150309 b1ab1e892617f210425f658cf1d361b5489028c8771b56d845fe1c62c1fbc8b0 Loading...

HTTP Transactions (47)

URL IP Response Size

www.protectfreefasteffective.rest/bc424d50-1e42-426e-9130-7446cf6fc5fd/?btd=dHJrLnNoaW5lLWNhci1kZXNlcnQtYWRqZWN0aXZlLnh5eg&exptoken=MTY2NzEyNjM0Mjk2OA==&lang=en&r_countrycode=GB&r_ip=2a01:4b00:8694:700:4831:dd3f:a7b7:e349&r_lang=en&r_okeyword=amazon%C2%A31000&td=dHJrLmZhdC1wbGFpbi1zdGF0ZW1lbnQtbG92ZWx5Lnh5ei9zbndkYXJ0Zg

104.21.73.147

200 OK

2.5 kB

URL HTTP/1.1
www.protectfreefasteffective.rest/bc424d50-1e42-426e-9130-7446cf6fc5fd/?btd=dHJrLnNoaW5lLWNhci1kZXNlcnQtYWRqZWN0aXZlLnh5eg&exptoken=MTY2NzEyNjM0Mjk2OA==&lang=en&r_countrycode=GB&r_ip=2a01:4b00:8694:700:4831:dd3f:a7b7:e349&r_lang=en&r_okeyword=amazon%C2%A31000&td=dHJrLmZhdC1wbGFpbi1zdGF0ZW1lbnQtbG92ZWx5Lnh5ei9zbndkYXJ0Zg
IP
104.21.73.147:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Size
2.5 kB (2507 bytes)
Hash
a69e3b30d71d4d2b9179b2d7958f781e
1e9bcaa9048b914d2c3f9ab36b320eb8c35c1443
94e1b818cacac17ab2be0cdb9e0368af09f0b8fcf75e6088012ef5f840c7199e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bc424d50-1e42-426e-9130-7446cf6fc5fd/?btd=dHJrLnNoaW5lLWNhci1kZXNlcnQtYWRqZWN0aXZlLnh5eg&exptoken=MTY2NzEyNjM0Mjk2OA==&lang=en&r_countrycode=GB&r_ip=2a01:4b00:8694:700:4831:dd3f:a7b7:e349&r_lang=en&r_okeyword=amazon%C2%A31000&td=dHJrLmZhdC1wbGFpbi1zdGF0ZW1lbnQtbG92ZWx5Lnh5ei9zbndkYXJ0Zg HTTP/1.1
Host: www.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 30 Oct 2022 10:40:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Origin
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0SeQ2FME125zvEJ%2BSFx%2B8x8OycjXF9tDuFSChAKGKs9R4h%2FOnss9wFONfccZ%2Fd4NcCuA8onfGEcHqrOhE7VcDYgIkp%2BlUFM4y74AsMi6C54wwGNiYGDgCoJ9lROhQUMjOerb57dXJJVO3UU7kGcEkOGSj1A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 762387fbaf9fb515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
08e6c2a84b9de97bdd5a18a3a63ae614
7efc3c3550bf303438e0ec910f78714588f3c72b
a3bfd5d99c99a5956cf91510743a0911b300938ae2095bfbadbc7f9485b4e3b9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3BFD5D99C99A5956CF91510743A0911B300938AE2095BFBADBC7F9485B4E3B9"
Last-Modified: Sat, 29 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14039
Expires: Sun, 30 Oct 2022 14:34:08 GMT
Date: Sun, 30 Oct 2022 10:40:09 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
856ee3167a1a6efa13187b6d726d61e4
30d121bebc8f164b38d929e94193ca0caa9ce708
c79ab5ce8d207664a2e0b63762e68f1a906d68c31c59139965201c870619063a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3724
Cache-Control: max-age=85977
Content-Type: application/ocsp-response
Date: Sun, 30 Oct 2022 10:40:09 GMT
Etag: "635cf2d6-1d7"
Expires: Mon, 31 Oct 2022 10:33:06 GMT
Last-Modified: Sat, 29 Oct 2022 09:31:02 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
856ee3167a1a6efa13187b6d726d61e4
30d121bebc8f164b38d929e94193ca0caa9ce708
c79ab5ce8d207664a2e0b63762e68f1a906d68c31c59139965201c870619063a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3724
Cache-Control: max-age=85977
Content-Type: application/ocsp-response
Date: Sun, 30 Oct 2022 10:40:09 GMT
Etag: "635cf2d6-1d7"
Expires: Mon, 31 Oct 2022 10:33:06 GMT
Last-Modified: Sat, 29 Oct 2022 09:31:02 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e59d16ee0744a08cb29d0f7e664a3827
f64722982e24ecc948f599edc76e36250ddf5112
2ef6e5bddd86663d50c9c66bc8b46f92534f4d0ef5e490a24fb876355ec006b9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EF6E5BDDD86663D50C9C66BC8B46F92534F4D0EF5E490A24FB876355EC006B9"
Last-Modified: Sat, 29 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6474
Expires: Sun, 30 Oct 2022 12:28:03 GMT
Date: Sun, 30 Oct 2022 10:40:09 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: tXqkQyUOHDWPl1wNLgbzEdZkh8hfGtxlJ5oK1N7R/lpKA6zwsQwJGvyuZ02K8j9Fk5L/9+3ced0=
x-amz-request-id: 8DAGGN2E1AH4VPEG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 30 Oct 2022 09:44:27 GMT
age: 3342
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 30 Oct 2022 10:40:09 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/W9c7UrtayLo

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/W9c7UrtayLo
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b1cc61063e9dfdbe5b6b5eb6985291a2
7eab4a5de0bbb07c6db6f8f14c3f0bfa5a5b2394
d156938c6d3b709799a675794f5cc49a0bd16d0c96fcf4e6898351c0bc4ac356

HTTP Headers

POST /s/gts1p5/W9c7UrtayLo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 30 Oct 2022 10:40:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/W9c7UrtayLo

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/W9c7UrtayLo
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b1cc61063e9dfdbe5b6b5eb6985291a2
7eab4a5de0bbb07c6db6f8f14c3f0bfa5a5b2394
d156938c6d3b709799a675794f5cc49a0bd16d0c96fcf4e6898351c0bc4ac356

HTTP Headers

POST /s/gts1p5/W9c7UrtayLo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 30 Oct 2022 10:40:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/W9c7UrtayLo

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/W9c7UrtayLo
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b1cc61063e9dfdbe5b6b5eb6985291a2
7eab4a5de0bbb07c6db6f8f14c3f0bfa5a5b2394
d156938c6d3b709799a675794f5cc49a0bd16d0c96fcf4e6898351c0bc4ac356

HTTP Headers

POST /s/gts1p5/W9c7UrtayLo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 30 Oct 2022 10:40:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/W9c7UrtayLo

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/W9c7UrtayLo
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b1cc61063e9dfdbe5b6b5eb6985291a2
7eab4a5de0bbb07c6db6f8f14c3f0bfa5a5b2394
d156938c6d3b709799a675794f5cc49a0bd16d0c96fcf4e6898351c0bc4ac356

HTTP Headers

POST /s/gts1p5/W9c7UrtayLo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 30 Oct 2022 10:40:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/W9c7UrtayLo

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/W9c7UrtayLo
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b1cc61063e9dfdbe5b6b5eb6985291a2
7eab4a5de0bbb07c6db6f8f14c3f0bfa5a5b2394
d156938c6d3b709799a675794f5cc49a0bd16d0c96fcf4e6898351c0bc4ac356

HTTP Headers

POST /s/gts1p5/W9c7UrtayLo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 30 Oct 2022 10:40:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_type/gsw2022ii/_style.css

172.67.145.167

200 OK

41 B

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_type/gsw2022ii/_style.css
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
41 B (41 bytes)
Hash
4e138f3e8428e2b23ffb9d7b8982d418
419d7251869456ea2bbd805e3d66a3496979eec4
9eb9d7cd1eb1a573385364334d1828322f6849a0cb5a0f6d401de9592a1073ab

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_type/gsw2022ii/_style.css HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: text/css
content-length: 41
x-guploader-uploadid: ADPycdsCeItU-V2vDy4RgL1rEJRVm4rPOGfBoY4EMoNuXPsa0VpJtNJRdXbPNkILe6fZ6lnFrcZdfHeCPCEglqOuAQ4TLA
x-goog-generation: 1664729328132597
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 41
x-goog-hash: crc32c=GY3ADg==, md5=ThOPPoQo4rI/+517iYLUGA==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
expires: Sun, 30 Oct 2022 11:40:10 GMT
cache-control: public, max-age=14400
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "4e138f3e8428e2b23ffb9d7b8982d418"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yt8d8%2Bkbpsplge33wjQ%2Ffi5%2FHmium3tSqdezkbYdmMA53Cp53BP9M8gEZcjJW1mWidEiGG7tebb0twlz9cDJDRgyqMz1aumTNLpry3clkmWTfRFB9E%2BerH0YoxDbSfR%2BbU1HjlmkSH3wjDydgY44hIrMMJo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a2f1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_initial_m.jpg

172.67.145.167

200 OK

950 B

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_initial_m.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3\012- data
Size
950 B (950 bytes)
Hash
62a261739e9a386d39d542903d5ab050
6cc87f77a580ce13068a1324b397070db3817511
669c7de8cc4685bb673f13db0b8de84fd8142005c4db680cbe35fad7b852c631

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_initial_m.jpg HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/jpeg
content-length: 950
x-guploader-uploadid: ADPycdsoc2gh7u0eqmLry2sAqkljCeXdG55A8VMJpEA1Wuumsj6c3Gy5jpibUxpWYOsv_S3bYD4bG43I68_tZnf67yNwOD1OsRmQ
x-goog-generation: 1664729328166537
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 950
x-goog-hash: crc32c=2LDN9Q==, md5=YqJhc56aOG051UKQPVqwUA==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
expires: Sun, 30 Oct 2022 11:40:10 GMT
cache-control: public, max-age=14400
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "62a261739e9a386d39d542903d5ab050"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xTMTRrl69Iquz8QOVjMc%2BefpU%2B73umeopfiaKLaWkc6qy81RewoGzBVDOb9QnM269cpm5HmSxdj3Ob1GILITjpetl%2BUyBq6y2p4pPnMRnYr101reTypn9bjEjHy49mC5B1fcRmPMQP%2BDlYGke7kwLyFjry4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a391c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/confetti.js

172.67.145.167

200 OK

5.8 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/confetti.js
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
5.8 kB (5802 bytes)
Hash
569f8cac29e28c0c0c3840eb3ea57f97
c063225fbdc6653a0881ae93513215ca4cf0e370
620eb11860249bad4de011d39202d9b01ef791565fc332e79047c0e5429e7fba

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/confetti.js HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: application/octet-stream
content-length: 5802
x-guploader-uploadid: ADPycdvNR5fQN92HDRClmegbV6di7LKGP7MiTIuxEUeQxkL1gltNCEyEGygIxLbJk9VdHnCxOMkW1QRN2BeLp41PQ6BqS-m3zyuG
x-goog-generation: 1664729329287214
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5802
x-goog-hash: crc32c=+NDKIg==, md5=Vp+MrCnijAwMOEDrPqV/lw==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
expires: Sun, 30 Oct 2022 11:40:10 GMT
cache-control: public, max-age=14400
last-modified: Sun, 02 Oct 2022 16:48:49 GMT
etag: "569f8cac29e28c0c0c3840eb3ea57f97"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ASVY2%2F%2BH0Zl5aY3LJ1n9kh%2F9WbI89DZz6yoceo53yR2h%2FEIU1%2FGxOdP3PWhz%2FZM1hiTfTuEfQCEybd8VoaauwYM7UCWVazmq6E6e4cdUNsy0nJmO9G71lTscAouOnUrhhLWiyGDHZOJzew9Rw%2Bp9xT2LSso%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a4d1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/W9c7UrtayLo

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/W9c7UrtayLo
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b1cc61063e9dfdbe5b6b5eb6985291a2
7eab4a5de0bbb07c6db6f8f14c3f0bfa5a5b2394
d156938c6d3b709799a675794f5cc49a0bd16d0c96fcf4e6898351c0bc4ac356

HTTP Headers

POST /s/gts1p5/W9c7UrtayLo HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 30 Oct 2022 10:40:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/_style01.css

172.67.145.167

200 OK

2.9 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/_style01.css
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
2.9 kB (2886 bytes)
Hash
1418fb25c6523650e2d47dede4712206
04d1df9f3e59829e78a01550e14c68b1fe17ee55
76298911eeb95ac6984922064f122752b82f5d3a73df2c5daf97154785b1097a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/_style01.css HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: text/css
x-guploader-uploadid: ADPycdvza69ohMl-tOu3eBOH8ElLHHBx3PUmpvdFfsi1bmI2wlbsiZ037VtcrYiSZt-oudLc6bu9hIttvYmfrDwx9sCoSQ
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Thu, 27 Oct 2022 18:43:44 GMT
etag: W/"b071f2505e015701d8ef6c695e1de096"
x-goog-generation: 1666896224800664
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 10115
x-goog-hash: crc32c=92suyw==, md5=sHHyUF4BVwHY72xpXh3glg==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0v3VtPk7p%2BG1yRSDZCMMY%2BS3kFPRnwf2LOVcMWpNvfkLLDkRiKRp4qyGnOro%2FlbKevghqazxOtnvRr2SOyhL1mr3as6Nu%2FWU8x2lmv5ICP0lhAtfnQpWEtPRvA9KIVbhzVfiaCjjYEZ11PKW6GqMiDGTDNY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff7a6c1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_2.jpg

172.67.145.167

200 OK

1.3 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_2.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Size
1.3 kB (1342 bytes)
Hash
95002cd3fbc38552be3bd52eb11e1eda
3233afcc53bb01622592cb14b7fdaa590fca697c
b942e9ba4c5f2ae8d8895aff97ab414b4aaef7e5d93097a29bc8570bd4057558

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_2.jpg HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/jpeg
content-length: 1342
x-guploader-uploadid: ADPycduh3mLcSg0fKWnDOz-vFbA8V_ydkVzU1jHN4X-qeYJHpyI7DWPGF0X-Z48HCiq5vx-Rk9uq09bCoHWai2zyZy4ErQ-mfFEu
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "95002cd3fbc38552be3bd52eb11e1eda"
x-goog-generation: 1664729328162441
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1342
x-goog-hash: crc32c=dwqn1Q==, md5=lQAs0/vDhVK+O9UusR4e2g==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WCvHv7EDV4jWcJ3GggTuAVxVE9yuZJJ%2FztyOum%2B1HcMHj78xBKxjp488Bz10P2JmhajsTXtRbMyezqp5zqpwjsv9N0ZRYb%2BYBUL5BhAYtG6nfI%2FSXjYmrU6TI7qs1zjsThC59bY8bcT%2F4Xk9Po%2B86oZBZL0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a3e1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_4.jpg

172.67.145.167

200 OK

1.2 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_4.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Size
1.2 kB (1172 bytes)
Hash
19fdf1324a5920f70b9be0dcd7a59590
3bf1ae07a2b6cc66a9451e380f5cfe69d5fa0c3a
693cd7b96cc6f528b604624a2ba915041b093203d956986fe4f57f1f230c7ad9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_4.jpg HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/jpeg
content-length: 1172
x-guploader-uploadid: ADPycdtV_Dyf9JmiYvOxzrrYj3teHip4_t_n75_yE5NVSvi0Lxwsq72p50gzCa18ug46xZ6Sv72MkpUY_u28noKRxAY57YXNUQAh
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "19fdf1324a5920f70b9be0dcd7a59590"
x-goog-generation: 1664729328138038
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1172
x-goog-hash: crc32c=mJlmDw==, md5=Gf3xMkpZIPcLm+Dc16WVkA==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7D3rU1W0ZRO8g0nsuzrF4Ags4ZKAyo0NkJZbSkSanPP8j%2FZ8p0MLUG7ls1ieMmrIiHKDPwbW5hAU82xYBOp0lD6Wa4zQS06PAKuKXDsSUqVvCMVLLNTgvYK8tvm9iD1UUaocmX4dYQ6SUbpVaBiR6iljkqs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a461c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_heart.jpg

172.67.145.167

200 OK

1.3 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_heart.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Size
1.3 kB (1337 bytes)
Hash
d3a09cd99db03d6956fc6823501a54ef
4d79137e1c2a2fd217c1afeccc8ad72e837b221c
c522456471f528146faf2bd9f46bd771e11fd37016a819cf9106a996e8affcb4

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_heart.jpg HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/jpeg
content-length: 1337
x-guploader-uploadid: ADPycdsT_oV_VUqt_RSrMjM1ov6mj5Gw5bdn64TEKXXqq6GzrfBiCvvsOWbODbteeNMiiEMDA1ZwWnhi5l3dABQ9z_UNVduGCwat
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "d3a09cd99db03d6956fc6823501a54ef"
x-goog-generation: 1664729328142418
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1337
x-goog-hash: crc32c=XCLv6A==, md5=06Cc2Z2wPWlW/GgjUBpU7w==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WbOGF62zzwp5DO6Z%2BkWqECJ3NmEEZgAoaFADOXS2Z7y2aN9LqJH5xAxk9JaicHe2yhblpvNng32J%2B3DwlvA%2F%2FL%2Bc65iGJwLZLvug4MjG7dn7ZGyVb5awQiUZslkVnX6WRWHVk%2FBZDUorckuQ3okt%2B7i%2FsSk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a3c1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/loading4.gif

172.67.145.167

200 OK

7.9 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/loading4.gif
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 50 x 50\012- data
Size
7.9 kB (7916 bytes)
Hash
2b19ca3439b94b7a398b56ea9b5afa49
d132175327753974c4b00e47f4ee91c0cd2065fb
11894f102437796ba20a1b49a71253e51c340d5ae28ea83e7dcb6fcf9d83e2d1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/loading4.gif HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: application/octet-stream
content-length: 7916
x-guploader-uploadid: ADPycdtNRWUgp4v5x5GRZR2sbu2NNUPiFVvTLpa1hRI7TBEEYpMcFBF65NYV3sxkbvqNxAMUunLetkhWU618NSFb8vUC0w
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:49 GMT
etag: "2b19ca3439b94b7a398b56ea9b5afa49"
x-goog-generation: 1664729329406085
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7916
x-goog-hash: crc32c=D2nRgA==, md5=KxnKNDm5S3o5i1bqm1r6SQ==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1KtTcBial9pV1p0nhFz8uSnK5Ewp7lwAUEI8j2vqnb%2FXs%2BDIMh9OHGw8UNyqQkOViZ1N4%2FbgQJP8tlBq9ddD5wT9CM9EMHlfwy3HTFwWA2OlnIYWnjMcE7vZacw0WOh04yd6YG3hq1MIHjrGJAeuyLNZ%2FLk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a431c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_cat.jpg

172.67.145.167

200 OK

1.3 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_cat.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Size
1.3 kB (1340 bytes)
Hash
78fddcaf244f729ef63e328e049f2110
e6f80bbc3c7e2d1c23ddfb9ceaf73c359647ce0f
6ece261ffa4d54c68f8fc1b0441fe423a121d7f4bdfd72613e9187e310944ae1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_cat.jpg HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/jpeg
content-length: 1340
x-guploader-uploadid: ADPycdsvSG29qS8VF1gxN6bItqoM5f47NCX0IgQMVEdXWqs5IoCrsBnaIU9hKbtFCY4CP9Ke8oqQxMLGDVbT3d99pwI1Jg
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "78fddcaf244f729ef63e328e049f2110"
x-goog-generation: 1664729328150053
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1340
x-goog-hash: crc32c=bJkVcw==, md5=eP3cryRPcp72PjKOBJ8hEA==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z0ThjeYUSGEqdoh1swSAY4Caqz4NvycE693zUQak8ZuHYoBr7rA3fUySR1xc36tVFG3AjxcG%2FUQ3gDrh%2BWIpRDv%2BCYdGkHChLpbxYLXQUmH2NGQ7rUVViwJPW8sLFfns7SRgYKwqWvc7g76KRe1jpcGnPCA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a411c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_initial_r.jpg

172.67.145.167

200 OK

807 B

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_initial_r.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3\012- data
Size
807 B (807 bytes)
Hash
3c777668dafeeb70ccc712b2772d7bc5
c896b95b8de6a5773f805862b7eda76afdcee5bf
7fbbaed15a8beaf623f6eaab8c739875e3f90dd929e09a03bcdb2327e486c438

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_initial_r.jpg HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/jpeg
content-length: 807
x-guploader-uploadid: ADPycdtBzwf84zez5-_Ep8Qw3BCfdWEcLO2SxIF1_AQ0a_Hqi86dRPanEIATg9Sfhu2A2uaOWnbuBLS_g2C4EVxzZvKK7g
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "3c777668dafeeb70ccc712b2772d7bc5"
x-goog-generation: 1664729328146977
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 807
x-goog-hash: crc32c=98kVEQ==, md5=PHd2aNr+63DMxxKydy17xQ==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNfCpGFfywsUa3Sv88PoByIrU4LYQB8n%2Bamq0feECL1RHnVwO23jURxMB6lfHKRrvX8DX1UYJxGsmqHe925Yxe%2F%2Bh9QnISe3lDCWsLNwopuPcDAj5o3ldb3lwPxxvxO5hHQS8DWZ1b64XXVVqd31qmzGPzI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a481c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_3.jpg

172.67.145.167

200 OK

1.3 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_3.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Size
1.3 kB (1265 bytes)
Hash
cdf43a51ae38685e65481ccdce3577e5
581a7ab85b933f840aa43b33c6f1b63252b4f0c6
6f56c67fa70da83eee1efc01fc4249d2dbe12787d9b1496cd568ebdaab17ff15

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_3.jpg HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/jpeg
content-length: 1265
x-guploader-uploadid: ADPycduRlLpnoxclt6KUJphvV71my1TZnITnLJBWFR-BZmPnBPwI8l28WOMI-R8gMPNSmP4BB6YAyVckz813U1-XsQUOmQ
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "cdf43a51ae38685e65481ccdce3577e5"
x-goog-generation: 1664729328163479
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1265
x-goog-hash: crc32c=iatI5Q==, md5=zfQ6Ua44aF5lSBzNzjV35Q==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4bhJ39JElFWMaTC3RGx7mu7dfGJ%2FAqq25S2bSGaqpnRydPobZpT652CLuhw3aMDk8YCjqgsnx5%2FhrxDueva%2FNsQKS%2BG1zLpucq4o3TZOIGQnzgM2s%2FNqVDeRpRe3r96iOoO5%2FBz1ylPimYqrawSiwPoeMfg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a3a1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_brand/google/logo.png

172.67.145.167

200 OK

22 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_brand/google/logo.png
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 300 x 112, 8-bit/color RGBA, non-interlaced\012- data
Size
22 kB (21993 bytes)
Hash
5174f0e365f25d1db538eb424cda65f1
64893ed4e3d3a40a89a04552137cc400bd3f0086
d28c8d82a8cd25f75e54a83d258fde5c00d2d13e783b0b49ece6adfc4be7104e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_brand/google/logo.png HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/png
content-length: 21993
x-guploader-uploadid: ADPycdsWvB7X8tbeCLNIn2AvmGUxgF0SfzgR28iUYjYcvm1kSTMcnKrMPcwJ4HTmAclU8PDpiJQLa2H9uy8P4-Pq7U-dhg
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "5174f0e365f25d1db538eb424cda65f1"
x-goog-generation: 1664729328187281
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 21993
x-goog-hash: crc32c=f8SwIw==, md5=UXTw42XyXR21OOtCTNpl8Q==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8DuJQfG5pI8fkxrGeGgWbTf4vARRVdd46wrbTEEdqgRm5V3r9%2Fwcx0DLJksus3wPSTLLLVSRa%2Fswjdp56QC0MTGJWDcHDIp0OoOsHU13xaG0ObosFoVKO623Cy3pIoeqxoDvkWqNz%2Be4oN5cRq7uKXbD1yg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a351c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_brand/google/trophy.jpg

172.67.145.167

200 OK

11 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_brand/google/trophy.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 276x276, components 3\012- data
Size
11 kB (10902 bytes)
Hash
8e4c1ba9f0874a6a954cf0049b97b99e
2f04b63303ab930d291b2b8efbf92e1c42128501
41fd835af982f40043cd15cea0c03c558e39f4db87c18349157f83a7e5443d76

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_brand/google/trophy.jpg HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/jpeg
content-length: 10902
x-guploader-uploadid: ADPycdt29zDuf0UaOU3UAw_CXSbMfjY_b5VYYV9ikd46r5E2otxRhy60jBwIGDnz5-QKej2nEJSGWQHNYHxlwiyvYDGv5w
x-goog-generation: 1664729328149083
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 10902
x-goog-hash: crc32c=lh8pTg==, md5=jkwbqfCHSmqVTPAEm5e5ng==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
expires: Sun, 30 Oct 2022 11:40:10 GMT
cache-control: public, max-age=14400
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "8e4c1ba9f0874a6a954cf0049b97b99e"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xJOr1bYhBUuqoeucnZquTdhhO%2FT2H8yLhmpBBvQS4UeZP1P5g4enLW7nT3A8qQwBuQl6ZMyVgI%2Fe7keiCr18Z%2BZljpPQHK%2FgsR%2Bn1HWTKfV5%2B7G%2F%2BLqLtXdBlB6LkOqFPwdTRIhfQ9Yl25EHVY%2FoZmWSBvs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a371c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_cat2.jpg

172.67.145.167

200 OK

1.1 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_cat2.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Size
1.1 kB (1074 bytes)
Hash
3f485bf10773a10e38ddafe8c5a8b7d9
e0d0f5a89ae566ef2b31ce067cb212551a1b2f2a
40babb909cb2cf358b9ee157f2e4c3a562cc30c76f95a1c5305270d020391ce2

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_cat2.jpg HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/jpeg
content-length: 1074
x-guploader-uploadid: ADPycdsYvSOmV42sPN9r6PjpZBl4FhBh6aaOwLJ21SrL8YUpC2P97zaRp5VIJ85hmwHs88yzjkxF6p6kz2ATZD8ZBaVRpw
x-goog-generation: 1664729328150101
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1074
x-goog-hash: crc32c=0YMQoQ==, md5=P0hb8QdzoQ443a/oxai32Q==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
expires: Sun, 30 Oct 2022 11:40:10 GMT
cache-control: public, max-age=14400
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "3f485bf10773a10e38ddafe8c5a8b7d9"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ub8vUr87NNUnlyRd%2BHlutImJxhl3rOkH6MHw6D6kvZ6pjjqOw435cgV%2F1uVJwP5usuJAVz3wNdSaysXPVRkbrRJgGTVsy%2BRw5eq8xVEWriRrFEvSId1W3l%2BUjEuqZEGBN7h8QOwWLtrwAHOReV6chCx1Ep8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a3b1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/script1.js

172.67.145.167

200 OK

4.3 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/script1.js
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
4.3 kB (4348 bytes)
Hash
c8a5862f16ecab28c2caf35aaea02b28
4824262641437a629d8bc0fb66adbfc5f8873b11
06b8ddbda4d9ed67ed2c84664117583d5d817fbf8603460d9293c2e6fee1c0b1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/script1.js HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: application/octet-stream
content-length: 4348
x-guploader-uploadid: ADPycdtkglcUsKEAHZEaSlAXPEDPLpNZpCUtbBvRyY-kZKz8kZDRtSVsdcCKyDwKGMSNcM88BOLKes7oA5VwqapcMtTB0g
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "c8a5862f16ecab28c2caf35aaea02b28"
x-goog-generation: 1664729328150738
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4348
x-goog-hash: crc32c=6BeIDw==, md5=yKWGLxbsqyjCyvNarqArKA==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r02zGRdzrb%2F4OM6chgor2h8XbwzFHUJ8NIxrs9aQ2J5c22weBt%2FZ5xPxuA0CSfMsfxy%2FE1cNTrpd2%2FDmwtTjG0WQ1TJ9R6p4NhJk0sMnI%2BdlM2FBEZ7pUPA4AjZu0V4dPgDy5h1db9oGvSjJehApPp4v6Aw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a321c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9764c875002c224f81bd966db2995460
dd384811c207f54188bd097e286b2880bfcbc28b
13d0f25b1d045a816fe13b56d04af6ae00a5e2862412c781e53e069c2d33a3a1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4743
Cache-Control: max-age=168340
Content-Type: application/ocsp-response
Date: Sun, 30 Oct 2022 10:40:10 GMT
Etag: "635e3097-1d7"
Expires: Tue, 01 Nov 2022 09:25:50 GMT
Last-Modified: Sun, 30 Oct 2022 08:06:47 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_initial_s.jpg

172.67.145.167

200 OK

751 B

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_initial_s.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3\012- data
Size
751 B (751 bytes)
Hash
e8c1454c15c6596bb21d99f4d907f632
60e15b6db64c05951cfdafafe7bf75309f8e8e3f
7125f531b9cdb3ef75f1b5b608b974f492794764638bfe482c4b4c5083acbcdb

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_initial_s.jpg HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/jpeg
content-length: 751
x-guploader-uploadid: ADPycds-22AeURVClbU3nmvZyJMrA8oN-sgHnGLhKQoURrMIIPoRcEIQiIqWUCarWGLMm9xTCwYdjDG8lT6jU6CjLGoaNQ
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "e8c1454c15c6596bb21d99f4d907f632"
x-goog-generation: 1664729328160024
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 751
x-goog-hash: crc32c=xTtf5Q==, md5=6MFFTBXGWWuyHZn02Qf2Mg==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IlZFJlkJFC0o7UmHV4ZoHDFgKjl4%2Fd8MDCY5sArjV2yQigS1gnO8t3zue5KhJer1z7z6gnQN%2BOtXHNjxI0Yp3O5pUf%2Frio%2BoUHMfpWhoz22eUFTk8VYWvbZrwShXPp9rncsQLRMpZYVaU3w9KsrheIZE%2Bm0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a401c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/audio1.js

172.67.145.167

200 OK

349 B

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/audio1.js
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
349 B (349 bytes)
Hash
f18441557cc617ee1b3a0d8be7af32db
24db320f59da11c3c2e41ab24d02f4dad4083bae
a066ba39b39fcbd933227e93b5db6c992250c40324eff333c311aaecefa6bb78

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/audio1.js HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: application/octet-stream
content-length: 349
x-guploader-uploadid: ADPycdt0YpCst8FR5CW3gdcaurCnS2Ny_1ltd71jrysQfSAnp5zTHTKLqAeWn7vaqfBCh76CV8uXRazvEK7uFzE8A4T-0A
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "f18441557cc617ee1b3a0d8be7af32db"
x-goog-generation: 1664729328147975
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 349
x-goog-hash: crc32c=EfWotQ==, md5=8YRBVXzGF+4bOg2L568y2w==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XAlNQhkfM2F%2BDynTnBLvgJQAiU4zktM6mq1DoDSqbJAuZg%2F%2BY1YYo%2BZs123h%2Fqze27WSWYK6d2dgTplaFP4aFpPBOoe664s4mOttbPRe3mAkLjHl7zKfECooeDWGoDKPmROSX7vmRTKd6abGwD1LMKRBu4w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a331c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_okeyword/amazon%C2%A31000/iphone.jpg

172.67.145.167

200 OK

6.3 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_okeyword/amazon%C2%A31000/iphone.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 155x116, components 3\012- data
Size
6.3 kB (6292 bytes)
Hash
f8cdc9ec2eb60ec7f6453154570f138d
7fd26674097945f0ddd1e8697a7e0a0d05a96d8f
55bd9f098315ba3094a6a7617ffa8daaa9aff99cf69e0eac5d281e8bd7dd11fd

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_okeyword/amazon%C2%A31000/iphone.jpg HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/jpeg
content-length: 6292
x-guploader-uploadid: ADPycdvhnx3NiHUkW-Akb7oG7Mc_Em-wKSEHnH9ainfkaQqNv7hMURujkT2_ZgSkrb6ebPtsLXMKCppQr_kkfc7Wmtglaw
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "f8cdc9ec2eb60ec7f6453154570f138d"
x-goog-generation: 1664729328133965
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 6292
x-goog-hash: crc32c=d5WWHQ==, md5=+M3J7C62Dsf2RTFUVw8TjQ==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6e3jhpZurpm5FlyUPqd7NApaI3lFvrInz33T5T0UaArCzqlEF2gci8Ioin1ltQ6FM%2BhchfTslB62JxNgqkZZdhCDHAOtEefjrZv%2BRUq5wAlpyly%2BSqzMZgJ1HtQHAcdCXo8IM%2B1Zno1pMCcbCDa8Ft%2FOBJY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a451c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_1.jpg

172.67.145.167

200 OK

1.2 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_1.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Size
1.2 kB (1182 bytes)
Hash
309e0c6e696ab0d985dcac8a2043e5a3
e69adc2f0232d33accd670005f52e72431f5893b
a501e4ab792d9c068357fef9f2cd69ebaedce0dbb67f4f861696736dc41fbd4f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/winner_1.jpg HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/jpeg
content-length: 1182
x-guploader-uploadid: ADPycduJ20-4HTA_h3imyngzqouhcEM2Wiuvy54szhQXzVglu0E3cWC9dXen1WXEW8EbW9RBBc83KriJ439a0wzhEV9NXA
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "309e0c6e696ab0d985dcac8a2043e5a3"
x-goog-generation: 1664729328153605
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1182
x-goog-hash: crc32c=VL6e0A==, md5=MJ4MbmlqsNmF3KyKIEPlow==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Js%2FWNjiDISity96bq8BoPRyAnsnsyDAkWmZLgUllF54yc1ZkZSW%2FRt5AwF4OERIDfnFYnNjhxujc2yAL5LuQdZfOMZ%2FZsO6KG3XOA6j8wZlsL9rFqBp%2FsiFwAabnAs%2FmB4PxegFpq3ZlO7zv%2BKpFtIMlWDo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a381c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_brand/google/user.png

172.67.145.167

200 OK

2.2 kB

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_brand/google/user.png
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 96 x 96, 8-bit colormap, non-interlaced\012- data
Size
2.2 kB (2208 bytes)
Hash
54f5f2e7c2c3e4eddc04cfdd5360e68d
4cbbe8136fcee8d5ae78a207eff3a5c08dce46a8
7c4575354c41980db26473d56e60e1e4e43da1cff091af0819bdc05acfea442d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_brand/google/user.png HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: image/png
content-length: 2208
x-guploader-uploadid: ADPycduXXskmaAc83Aj4Ud5YSlwFdgzs0I5LxXYhxvio7fIy9ePhdZfX_qTnTR-pAYQQgWYXTNOCg-HwxMuVu90HMOLsjmeyu0jY
cache-control: public, max-age=14400
expires: Sun, 30 Oct 2022 11:40:10 GMT
last-modified: Sun, 02 Oct 2022 16:48:48 GMT
etag: "54f5f2e7c2c3e4eddc04cfdd5360e68d"
x-goog-generation: 1664729328159569
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2208
x-goog-hash: crc32c=ddKJCA==, md5=VPXy58LD5O3cBM/dU2DmjQ==
x-goog-storage-class: REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EC6fP%2BDgBgq%2FSwyM9GDACpG%2FU9%2FhrQ2lX%2Brnzj7Jcuxk76ItiVcfI2%2FukVpHuzB0JEUQxf9ZqZSTjXjvTJiV4wV5bWEcZnpoU5ot51vnjTowpx%2F3aRdJiJacbiJtifkaUr5E%2BdxXq1CEfG0XrE6gU57CFfA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a361c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

push.services.mozilla.com/

44.237.51.86

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.237.51.86:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2CLN68LqPB/ruliXUicrog==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: b14lCr/D/XrAjFirwWuM+zAaXeI=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
10bb93a98239b802cfec26cfddeccc4d
c4f43ee05234b55bd797f96d1659b2411b44af75
be5d3d66888797f522e871f4cfccccadcf2e6a215e73a8b58d1fffc9945a69d3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE5D3D66888797F522E871F4CFCCCCADCF2E6A215E73A8B58D1FFFC9945A69D3"
Last-Modified: Sat, 29 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11687
Expires: Sun, 30 Oct 2022 13:54:59 GMT
Date: Sun, 30 Oct 2022 10:40:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
10bb93a98239b802cfec26cfddeccc4d
c4f43ee05234b55bd797f96d1659b2411b44af75
be5d3d66888797f522e871f4cfccccadcf2e6a215e73a8b58d1fffc9945a69d3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE5D3D66888797F522E871F4CFCCCCADCF2E6A215E73A8B58D1FFFC9945A69D3"
Last-Modified: Sat, 29 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11687
Expires: Sun, 30 Oct 2022 13:54:59 GMT
Date: Sun, 30 Oct 2022 10:40:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
10bb93a98239b802cfec26cfddeccc4d
c4f43ee05234b55bd797f96d1659b2411b44af75
be5d3d66888797f522e871f4cfccccadcf2e6a215e73a8b58d1fffc9945a69d3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE5D3D66888797F522E871F4CFCCCCADCF2E6A215E73A8B58D1FFFC9945A69D3"
Last-Modified: Sat, 29 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11687
Expires: Sun, 30 Oct 2022 13:54:59 GMT
Date: Sun, 30 Oct 2022 10:40:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
10bb93a98239b802cfec26cfddeccc4d
c4f43ee05234b55bd797f96d1659b2411b44af75
be5d3d66888797f522e871f4cfccccadcf2e6a215e73a8b58d1fffc9945a69d3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE5D3D66888797F522E871F4CFCCCCADCF2E6A215E73A8B58D1FFFC9945A69D3"
Last-Modified: Sat, 29 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11687
Expires: Sun, 30 Oct 2022 13:54:59 GMT
Date: Sun, 30 Oct 2022 10:40:12 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2dbe3786-c660-4094-863e-c9a825039886.jpeg

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2dbe3786-c660-4094-863e-c9a825039886.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7399 bytes)
Hash
0c6fc18e90fdc40f230b1a5d3c39012e
e9ffd2135ccaa7f5a43cdb4cc6a4141c5e6cde68
a6e604757ce85505fe9752dae525e8ce225bd5939a1ee85141051cee56d50cc1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2dbe3786-c660-4094-863e-c9a825039886.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7399
x-amzn-requestid: 7d50f817-e1b1-409f-bd6e-379bdf6e66f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ayWR3EgCoAMFqTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635d9da5-37041eb3647be5772487941b;Sampled=0
x-amzn-remapped-date: Sat, 29 Oct 2022 21:39:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Jkr1mCfHMu-iFKDO_YstRDqUikbJuQS4OEWq6a0FJSXc40nqCDy_CA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 29 Oct 2022 21:47:53 GMT
age: 46339
etag: "e9ffd2135ccaa7f5a43cdb4cc6a4141c5e6cde68"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09483ec7-425b-46d9-83ba-7a1eec83ffa7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11612 bytes)
Hash
d2c3d66f884108631944e3c3fb4c3656
7ee980a232f0cb09c52d8210e0fe2bdbfc61afec
e5920d86c7d7cfae0b51ff7f7dcd3424ef1c387ad5d920ed122443df8a1b872a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09483ec7-425b-46d9-83ba-7a1eec83ffa7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11612
x-amzn-requestid: 580b4255-ed27-470e-a332-1a1f87162938
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ayV2QHPMIAMF9Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635d9cf4-29e90a7c5a3362547bcfffd5;Sampled=0
x-amzn-remapped-date: Sat, 29 Oct 2022 21:36:52 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: oftWi38n7q7SuEl3MtEwD2dQ5Vc6d0F3RseaUYQdTHnm80JFeYhhrg==
via: 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Sat, 29 Oct 2022 22:15:52 GMT
age: 44660
etag: "7ee980a232f0cb09c52d8210e0fe2bdbfc61afec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79049f5d-175e-4d0f-94ea-6d5a1fcadca0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9460 bytes)
Hash
fb1110221ffc54766308cbf62f94cd9f
926f36919d5875592200b78d286edcb4c3ba884c
8344d57bc8358da2a5911c62a344a3dcf819ce44dac0da0624c73ab40ac1ef44

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79049f5d-175e-4d0f-94ea-6d5a1fcadca0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9460
x-amzn-requestid: bba12ac1-b0d8-46f7-b218-9e2b85c0c650
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aPYZ7GU5oAMF_hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634fa10c-3e2bab543800bfa84c231cf1;Sampled=0
x-amzn-remapped-date: Wed, 19 Oct 2022 07:02:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MG0t11rp-RYiUJRFIrNvDOxuZqjVWGy7Pu4t4ERfH9eKA0v7Z6zknA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Sat, 29 Oct 2022 23:23:50 GMT
age: 40582
etag: "926f36919d5875592200b78d286edcb4c3ba884c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b59021c-e4a3-4226-8666-11a368e3991c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5168 bytes)
Hash
625f12776f86a1abe47242055a954df7
3a987bb297d6b02cae3de5f4da6fc044b701d35a
6f3f3f42c7e0838fca904788eb61bdd83e357f09641afd49464d730344b38e89

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b59021c-e4a3-4226-8666-11a368e3991c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5168
x-amzn-requestid: 8a38fa3d-b5b5-4ed6-a477-fc37480c826d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ayV34GlhIAMF0mQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635d9cff-002a895c371f1db13f05071c;Sampled=0
x-amzn-remapped-date: Sat, 29 Oct 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eZK3CQnAaQDARHCyy1CHgpi-jyTJ1Lu2XexoVYlPQwvB9VC1_OMqig==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 29 Oct 2022 21:37:16 GMT
age: 46976
etag: "3a987bb297d6b02cae3de5f4da6fc044b701d35a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca9b1449-9118-4f7b-8444-7c8d22164616.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10683 bytes)
Hash
6138c205ed582180977c00ae3231e5dd
76e15ea81dc440923032e72c3a8601124d895712
f5e7c84c06192e19ff0d5743031a770f79e89a7b41903ef37dab1bafb3978ac6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca9b1449-9118-4f7b-8444-7c8d22164616.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10683
x-amzn-requestid: e8e77d09-5ea6-4ac8-8327-d18c78168383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ayV3aGtsoAMFa-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635d9cfc-3af1e39158fbc9dd3b1f3cf9;Sampled=0
x-amzn-remapped-date: Sat, 29 Oct 2022 21:37:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: LQcGQaZ_pYAr1ZAcFoBGWBe6HznR6pzTcRLS56bxA4hcbRgEhme00A==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sat, 29 Oct 2022 21:48:29 GMT
age: 46303
etag: "76e15ea81dc440923032e72c3a8601124d895712"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62536f42-fe8b-43e8-b86c-7ba6e78c7317.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11117 bytes)
Hash
14865d370280b14d629c0fb398917860
70445ea4b83456064d60323aad563e8c134d83cc
15533e8170f7fa7d9b26b20b3c1b728070617c9eb839d64545fa9b198dea6f02

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62536f42-fe8b-43e8-b86c-7ba6e78c7317.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11117
x-amzn-requestid: 85355003-aaf7-4698-a3d2-c311c200bca0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ayV2OFhEoAMFw5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635d9cf4-6e467b7c2cb39637327ea20c;Sampled=0
x-amzn-remapped-date: Sat, 29 Oct 2022 21:36:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TbUpGP9JArE3dOzS_TPYrmzFo2zGqlPicZhgXQpqq9N-m4PHRpbjpw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 29 Oct 2022 22:05:49 GMT
age: 45263
etag: "70445ea4b83456064d60323aad563e8c134d83cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_okeyword/amazon%C2%A31000/_style.css

172.67.145.167

403 Forbidden

0 B

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_okeyword/amazon%C2%A31000/_style.css
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_okeyword/amazon%C2%A31000/_style.css HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: application/xml; charset=UTF-8
x-guploader-uploadid: ADPycdtTi3iG4j147jDIChKMmLBCRLcru36qIT2Qc6NxT0805_FAzDXj2wA0nmZDGv7_9u95qy7iMVLtWTVFNdMEOa3pbBXiQb7J
access-control-allow-origin: *
access-control-expose-headers: Content-Type
expires: Sun, 30 Oct 2022 10:40:10 GMT
cache-control: private, max-age=0
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B7zWjT7rO5tH4HcBjb4%2FOo3HBNw70FbAFka3rJtYo%2B2bTDjjPygBM%2BddUhjF871gRfgKk8tZk7z5gFXJPlV9Zv4ZaXi5erLTjT9e1RXuJxho7SW56HMaRJ7KAIgsxJX4eFhQ9oZh4hdkPLq%2BLIfhu5sy%2FQg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a4c1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_brand/google/_style.css

172.67.145.167

403 Forbidden

0 B

URL HTTP/2
cdn.protectfreefasteffective.rest/bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_brand/google/_style.css
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bundles/837dfd7b-6981-4f7a-9791-90f1fd7eb574/static/r_brand/google/_style.css HTTP/1.1
Host: cdn.protectfreefasteffective.rest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.protectfreefasteffective.rest/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
date: Sun, 30 Oct 2022 10:40:10 GMT
content-type: application/xml; charset=UTF-8
x-guploader-uploadid: ADPycdvjWyO1mMUBltVXKBoQJWTX9P-URA0WLEOuBoP6-d3-_W4yWP9hzC1IORh4A-oPUQl8X7eYp0A042-nKR5uyZRjkJJwvjgs
access-control-allow-origin: *
access-control-expose-headers: Content-Type
expires: Sun, 30 Oct 2022 10:40:10 GMT
cache-control: private, max-age=0
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yq8XLPfAK9QxOPuWjTtLitWW1hN2NeX284MtRCOauRqseTSBmNQlyrSwcm2ms1H4dwDZiXJAZIV4j9M5KCAZfdnoJOGEmEv7ooqpEPZITyC7ZG7IAcDkUXf6%2FJ06l%2F5ti0DWa8N%2FBrVJv4%2BNHQmtRrpHpLw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 762387ff3a4b1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (47)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP