bm.paidcpftraining.com/go/fdde7e00-6861-4791-bf43-0dbfe741d684?bid=[bid]&clickid=[clickid]&subid=[subid]&zoneid=[zoneid]&campaignid=[campaignid]&creativeid=[creativeid]&subscriptionage=[subscriptionage]&country=[country]&os=[os]&browser=[browser]&carrier=[carrier]
3.70.16.242200 OK 520 B URL HTTP/1.1 bm.paidcpftraining.com/go/fdde7e00-6861-4791-bf43-0dbfe741d684?bid=[bid]&clickid=[clickid]&subid=[subid]&zoneid=[zoneid]&campaignid=[campaignid]&creativeid=[creativeid]&subscriptionage=[subscriptionage]&country=[country]&os=[os]&browser=[browser]&carrier=[carrier]
IP 3.70.16.242:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (833), with no line terminators
Hash 354793fb09f306fca35947cdc1cf4541
b76be93b8a7ad207c7a5b1521dd394f844c5c03b
5d406ca89000076db78d1535a8116f43ab3fa6da13011010a9dc51acfaacfca7
GET /go/fdde7e00-6861-4791-bf43-0dbfe741d684?bid=[bid]&clickid=[clickid]&subid=[subid]&zoneid=[zoneid]&campaignid=[campaignid]&creativeid=[creativeid]&subscriptionage=[subscriptionage]&country=[country]&os=[os]&browser=[browser]&carrier=[carrier] HTTP/1.1
Host: bm.paidcpftraining.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 09 Feb 2023 06:21:24 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
Access-Control-Allow-Origin: *
ETag: W/"341-F/0PGbFuqF0uYA6Mbs8bkyfZM8w"
Set-Cookie: bemob-uniq-visit:fdde7e00-6861-4791-bf43-0dbfe741d684=1; Domain=bm.paidcpftraining.com; Path=/; Expires=Fri, 10 Feb 2023 06:21:24 GMT; HttpOnly
bemob-rotation:fdde7e00-6861-4791-bf43-0dbfe741d684:random:3e18516c50d90ed4c8de6c9e13f455a7=0-0-1; Domain=bm.paidcpftraining.com; Path=/; Expires=Fri, 10 Feb 2023 06:21:24 GMT; HttpOnly
bemob-track-url=https%3A%2F%2Fwin.dll-software-update.shop%2Fmc%2Findex_27debox25a.html%3Fkey%3DeyJ0aW1lc3RhbXAiOiIxNjc1OTIzNjg0IiwiaGFzaCI6IjVhNGJkMTEyYTU2YmFjMjViNzc1MTJjZjQ5ODg1ZjNiMTdkOGU2NTIifQ%253D%253D%26bemobdata%3Dc%253Dfdde7e00-6861-4791-bf43-0dbfe741d684..l%253D5c4552e9-5f19-421b-80f8-afaa41d1f830..f%253Def1f50e3-d50c-46de-8b50-9191a9788215..a%253D0..b%253D0..e%253D%25255Bclickid%25255D..c1%253D%25255Bsubid%25255D..c2%253D%25255Bzoneid%25255D..c3%253D%25255Bcampaignid%25255D..c4%253D%25255Bcreativeid%25255D..c5%253D%25255Bsubscriptionage%25255D..c6%253D%25255Bcountry%25255D..c7%253D%25255Bos%25255D..c8%253D%25255Bbrowser%25255D..c9%253D%25255Bcarrier%25255D; Domain=bm.paidcpftraining.com; Path=/; Expires=Fri, 10 Feb 2023 06:21:24 GMT; HttpOnly
X-Response-Time: 17.708ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: gzip
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7720
Expires: Thu, 09 Feb 2023 08:30:05 GMT
Date: Thu, 09 Feb 2023 06:21:25 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2436
Expires: Thu, 09 Feb 2023 07:02:01 GMT
Date: Thu, 09 Feb 2023 06:21:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 05:34:15 GMT
content-type: application/json
age: 2830
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4342
Expires: Thu, 09 Feb 2023 07:33:47 GMT
Date: Thu, 09 Feb 2023 06:21:25 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 06:21:25 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: VZhMC85di197mzSO45H1u43urGNzcjjgHhZJJFQ/jMHi9Jk4iLvMzIA8JGCKtuco+7LNVum32rs=
x-amz-request-id: MF74ZJ0A9JPPE50W
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 05:36:14 GMT
age: 2711
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 51e276d389d811fc9e1c830b5ba1b046
1e96104541adf65a927a57f6949aeac81ad27834
e97a19e5524af31bc2a838953a6227fabce8ced2c7ecea7192c4027e697430d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E97A19E5524AF31BC2A838953A6227FABCE8CED2C7ECEA7192C4027E697430D0"
Last-Modified: Tue, 07 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20379
Expires: Thu, 09 Feb 2023 12:01:04 GMT
Date: Thu, 09 Feb 2023 06:21:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 06:14:53 GMT
age: 392
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8775
Expires: Thu, 09 Feb 2023 08:47:40 GMT
Date: Thu, 09 Feb 2023 06:21:25 GMT
Connection: keep-alive
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash 0a66ddb373534538b68cba975ede0559
aa4d7ca94531f95ec29b7a08fd8336e2c290eb04
d8dc6282326c39f02173d8660020593f4356c13089bdd13a1891d47148aedb2a
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=118660
Date: Thu, 09 Feb 2023 06:21:26 GMT
Etag: "63e3bd6a-1d7"
Expires: Fri, 10 Feb 2023 15:19:06 GMT
Last-Modified: Wed, 08 Feb 2023 15:19:06 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Q6D6rIUEbhJbJUmlqKXhd9QkDQ2YHtkrb29yJgxh8kFdCiUIYSAgyg==
win.dll-software-update.shop/mc/alert.png
54.230.111.46200 OK 12 kB URL HTTP/2 win.dll-software-update.shop/mc/alert.png
IP 54.230.111.46:0
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ed5d207c8f6df7fb44949bf59b0d9aa
eceedbe21385b2063304eeb091b327f059102a4a
5a54ff1f189090954bc51ef197b0c3615cda8a5473466253db5acdf4451f1878
Analyzer Verdict Alert quad9 Sinkholed
GET /mc/alert.png HTTP/1.1
Host: win.dll-software-update.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 11951
date: Wed, 08 Feb 2023 07:00:31 GMT
last-modified: Wed, 01 Feb 2023 18:38:34 GMT
etag: "0ed5d207c8f6df7fb44949bf59b0d9aa"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bujotur92B1mm1Z6EcS2DdJZfSlm7Ka7CIHcYvgRSPdvv0YdLmHp1Q==
age: 84056
X-Firefox-Spdy: h2
win.dll-software-update.shop/mc/backfix.min.js.download
54.230.111.46200 OK 70 B URL HTTP/2 win.dll-software-update.shop/mc/backfix.min.js.download
IP 54.230.111.46:0
File type HTML document, ASCII text, with no line terminators
Hash cb75a4a5436bc5f23fd500aed9ab3ad4
270ba1020384007ebcd50e4985b6a3bbe63f194b
cd08cc3cd7dbd890951754b1e187e2fbe4d68d6a77b2618eb00740a8281c9b56
Analyzer Verdict Alert quad9 Sinkholed
GET /mc/backfix.min.js.download HTTP/1.1
Host: win.dll-software-update.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 70
last-modified: Wed, 01 Feb 2023 18:38:37 GMT
server: AmazonS3
date: Wed, 08 Feb 2023 13:45:38 GMT
etag: "cb75a4a5436bc5f23fd500aed9ab3ad4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MZfmNRbp7E2GGw0n6Hrjn150v9yQflHL0l5l7yi_E58S1Lgr3bbllQ==
age: 59749
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b8ad5b23aac490c2e9ccbac5a9dbcc6b
ef73076be963061b44563356cb33201e401f65e8
92d2469a14b9fe0eb637029f9f2782228441a65c44feb1a37b73ccc606e2b55d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6507
Cache-Control: max-age=143525
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 06:21:26 GMT
Etag: "63e40520-117"
Expires: Fri, 10 Feb 2023 22:13:31 GMT
Last-Modified: Wed, 08 Feb 2023 20:25:04 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
cl.paidcpftraining.com/?redirectUrl=https%3A%2F%2Fwin.dll-software-update.shop%2Fmc%2Findex_27debox25a.html%3Fkey%3DeyJ0aW1lc3RhbXAiOiIxNjc1OTIzNjg0IiwiaGFzaCI6IjVhNGJkMTEyYTU2YmFjMjViNzc1MTJjZjQ5ODg1ZjNiMTdkOGU2NTIifQ%253D%253D%26bemobdata%3Dc%253Dfdde7e00-6861-4791-bf43-0dbfe741d684..l%253D5c4552e9-5f19-421b-80f8-afaa41d1f830..f%253Def1f50e3-d50c-46de-8b50-9191a9788215..a%253D0..b%253D0..e%253D%25255Bclickid%25255D..c1%253D%25255Bsubid%25255D..c2%253D%25255Bzoneid%25255D..c3%253D%25255Bcampaignid%25255D..c4%253D%25255Bcreativeid%25255D..c5%253D%25255Bsubscriptionage%25255D..c6%253D%25255Bcountry%25255D..c7%253D%25255Bos%25255D..c8%253D%25255Bbrowser%25255D..c9%253D%25255Bcarrier%25255D
3.70.16.242200 OK 465 B URL HTTP/2 cl.paidcpftraining.com/?redirectUrl=https%3A%2F%2Fwin.dll-software-update.shop%2Fmc%2Findex_27debox25a.html%3Fkey%3DeyJ0aW1lc3RhbXAiOiIxNjc1OTIzNjg0IiwiaGFzaCI6IjVhNGJkMTEyYTU2YmFjMjViNzc1MTJjZjQ5ODg1ZjNiMTdkOGU2NTIifQ%253D%253D%26bemobdata%3Dc%253Dfdde7e00-6861-4791-bf43-0dbfe741d684..l%253D5c4552e9-5f19-421b-80f8-afaa41d1f830..f%253Def1f50e3-d50c-46de-8b50-9191a9788215..a%253D0..b%253D0..e%253D%25255Bclickid%25255D..c1%253D%25255Bsubid%25255D..c2%253D%25255Bzoneid%25255D..c3%253D%25255Bcampaignid%25255D..c4%253D%25255Bcreativeid%25255D..c5%253D%25255Bsubscriptionage%25255D..c6%253D%25255Bcountry%25255D..c7%253D%25255Bos%25255D..c8%253D%25255Bbrowser%25255D..c9%253D%25255Bcarrier%25255D
IP 3.70.16.242:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (622), with no line terminators
Hash 4ce9ced3f0e89d5c1362fb32b0c093f1
91e95a9f2c4b0fce311cd5943cab02f649aab506
2be79be6821a066ce138f1d09034d73f32a609772893589a69e410ea167beade
GET /?redirectUrl=https%3A%2F%2Fwin.dll-software-update.shop%2Fmc%2Findex_27debox25a.html%3Fkey%3DeyJ0aW1lc3RhbXAiOiIxNjc1OTIzNjg0IiwiaGFzaCI6IjVhNGJkMTEyYTU2YmFjMjViNzc1MTJjZjQ5ODg1ZjNiMTdkOGU2NTIifQ%253D%253D%26bemobdata%3Dc%253Dfdde7e00-6861-4791-bf43-0dbfe741d684..l%253D5c4552e9-5f19-421b-80f8-afaa41d1f830..f%253Def1f50e3-d50c-46de-8b50-9191a9788215..a%253D0..b%253D0..e%253D%25255Bclickid%25255D..c1%253D%25255Bsubid%25255D..c2%253D%25255Bzoneid%25255D..c3%253D%25255Bcampaignid%25255D..c4%253D%25255Bcreativeid%25255D..c5%253D%25255Bsubscriptionage%25255D..c6%253D%25255Bcountry%25255D..c7%253D%25255Bos%25255D..c8%253D%25255Bbrowser%25255D..c9%253D%25255Bcarrier%25255D HTTP/1.1
Host: cl.paidcpftraining.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Thu, 09 Feb 2023 06:21:25 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
access-control-allow-origin: *
etag: W/"26e-YX7I2WP5uc3dxb1lVF/sbh/8BtQ"
x-response-time: 3.055ms
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.min.js
104.17.25.14200 OK 14 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (32008)
Hash f037fecc7f406e0b114bbc11c1518ca6
0adf995c5a242e82fd8368cd8183c95f2b8821a2
d67b687aaab490f49910a9a8c531a4c56172923aadeefc4611013b7eecaacdde
GET /ajax/libs/crypto-js/3.1.9-1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 06:21:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 13696
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e2d-bb47"
last-modified: Mon, 04 May 2020 16:09:17 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 18061137
expires: Tue, 30 Jan 2024 06:21:26 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F5qeJXwS6l9M2JtdoThrZjCrorqvd5hccQ%2BXGRytVPSbsRgEnTaPLG21qoU8qzniV3MKmndvSwuOq%2BQlyF4yx5bBnaB%2BwuSjYPkUDncoyZRYCycdsSOa0Kv1w8cS8DFgMTkkObbK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 796a813f8ad9b4e8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b8ad5b23aac490c2e9ccbac5a9dbcc6b
ef73076be963061b44563356cb33201e401f65e8
92d2469a14b9fe0eb637029f9f2782228441a65c44feb1a37b73ccc606e2b55d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6507
Cache-Control: max-age=143525
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 06:21:26 GMT
Etag: "63e40520-117"
Expires: Fri, 10 Feb 2023 22:13:31 GMT
Last-Modified: Wed, 08 Feb 2023 20:25:04 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
win.dll-software-update.shop/favicon.ico
54.230.111.46404 Not Found 346 B URL HTTP/2 win.dll-software-update.shop/favicon.ico
IP 54.230.111.46:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 5bd39346643c93af6d2a874555f77bba
0362bb516dec2066bbd10960acc7b3fa75bcb563
a2d1088586285889e47d14d162f53463db685055660f950030707554eb014b84
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: win.dll-software-update.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
content-length: 346
date: Thu, 09 Feb 2023 06:21:26 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VeNN7JrFlhB57wnGyQSS-4FjxlsXBco7A98TNySH953SFvxocttI2Q==
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11171
Expires: Thu, 09 Feb 2023 09:27:38 GMT
Date: Thu, 09 Feb 2023 06:21:27 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11171
Expires: Thu, 09 Feb 2023 09:27:38 GMT
Date: Thu, 09 Feb 2023 06:21:27 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11171
Expires: Thu, 09 Feb 2023 09:27:38 GMT
Date: Thu, 09 Feb 2023 06:21:27 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11171
Expires: Thu, 09 Feb 2023 09:27:38 GMT
Date: Thu, 09 Feb 2023 06:21:27 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6c45da743665658afcfbf2309e1594b
04d025452dcec571f3eb6068499290d86e0c4c30
3ddfcf83ea18ba20700364c7095750a142a15575c988ba5688ed2f4dbbba4ee8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3509a9bb-f5d1-4723-96d3-e2a87a28bbf4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6471
x-amzn-requestid: ab4c8119-a2f0-4b3d-bbed-b34c5a0a7a30
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ACiGaGsjoAMFmZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e416f5-7298e0530bee8f997b552e6e;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:41:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qxzdVgRauaFA1GnS6m2WJr7zkXVIpFUNZN0r_mdAQvkDu4nzYanjzQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:10:41 GMT
age: 29446
etag: "04d025452dcec571f3eb6068499290d86e0c4c30"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F718f24db-3c28-422f-953f-730a3ae78cb5.jpeg
34.120.237.76200 OK 3.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F718f24db-3c28-422f-953f-730a3ae78cb5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 28ae39b238f62d6c0aee7bb16ff863d5
3c2247e40747c3ca72dd7877facee9a9fecf0f59
c530ba92455ea45e14410f497d2df04cc1321e2937cc7e81aa75f4fc14206a7c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F718f24db-3c28-422f-953f-730a3ae78cb5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3014
x-amzn-requestid: bec40915-584b-48fc-94c2-293e96567474
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKGrGoAMFelg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-2250ff00772341353151dd34;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmJxNCnPKUD5O4HCWIjqeVaanXL50KZ60Xu1iOC6bisRBDJNkVXvww==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:42:38 GMT
etag: "3c2247e40747c3ca72dd7877facee9a9fecf0f59"
content-type: image/jpeg
age: 31129
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4930c104-0ac3-49ae-9506-13702874f821.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4930c104-0ac3-49ae-9506-13702874f821.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c1f5626e7ff7e681468c3c5820f3633
a8bb267f929b734a53b3dab0283c717270f6eb43
38d81274cc9f71f149091f72494c74872d99909c69d612a595c930c4755c4da3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4930c104-0ac3-49ae-9506-13702874f821.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3474
x-amzn-requestid: 1b0f88cf-460b-4ed2-8235-86c9e3e3ff93
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffW2uG3LIAMF3cg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d604f7-42e5c38315bdbd47615985b6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 05:32:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nfLYmz3SEBzBp32-FDPDF-rqh4-pAjLixYD4abVqF5fl3awttBNRUA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:47:56 GMT
age: 27211
etag: "a8bb267f929b734a53b3dab0283c717270f6eb43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
win.dll-software-update.shop/mc/index_27debox25a.html?key=eyJ0aW1lc3RhbXAiOiIxNjc1OTIzNjg0IiwiaGFzaCI6IjVhNGJkMTEyYTU2YmFjMjViNzc1MTJjZjQ5ODg1ZjNiMTdkOGU2NTIifQ==&bemobdata=c=fdde7e00-6861-4791-bf43-0dbfe741d684..l=5c4552e9-5f19-421b-80f8-afaa41d1f830..f=ef1f50e3-d50c-46de-8b50-9191a9788215..a=0..b=0..e=%5Bclickid%5D..c1=%5Bsubid%5D..c2=%5Bzoneid%5D..c3=%5Bcampaignid%5D..c4=%5Bcreativeid%5D..c5=%5Bsubscriptionage%5D..c6=%5Bcountry%5D..c7=%5Bos%5D..c8=%5Bbrowser%5D..c9=%5Bcarrier%5D
54.230.111.46200 OK 18 kB URL HTTP/2 win.dll-software-update.shop/mc/index_27debox25a.html?key=eyJ0aW1lc3RhbXAiOiIxNjc1OTIzNjg0IiwiaGFzaCI6IjVhNGJkMTEyYTU2YmFjMjViNzc1MTJjZjQ5ODg1ZjNiMTdkOGU2NTIifQ==&bemobdata=c=fdde7e00-6861-4791-bf43-0dbfe741d684..l=5c4552e9-5f19-421b-80f8-afaa41d1f830..f=ef1f50e3-d50c-46de-8b50-9191a9788215..a=0..b=0..e=%5Bclickid%5D..c1=%5Bsubid%5D..c2=%5Bzoneid%5D..c3=%5Bcampaignid%5D..c4=%5Bcreativeid%5D..c5=%5Bsubscriptionage%5D..c6=%5Bcountry%5D..c7=%5Bos%5D..c8=%5Bbrowser%5D..c9=%5Bcarrier%5D
IP 54.230.111.46:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (366)
Hash 0eec099e619c490e1d429cbc2c839045
1000aba6a8841c4569cf025fba4b5c13c673fb1c
1d85622b285dc03ad8bab94ccb9dc388691985e8ee26cbec8b182e54672145c6
Analyzer Verdict Alert quad9 Sinkholed
GET /mc/index_27debox25a.html?key=eyJ0aW1lc3RhbXAiOiIxNjc1OTIzNjg0IiwiaGFzaCI6IjVhNGJkMTEyYTU2YmFjMjViNzc1MTJjZjQ5ODg1ZjNiMTdkOGU2NTIifQ==&bemobdata=c=fdde7e00-6861-4791-bf43-0dbfe741d684..l=5c4552e9-5f19-421b-80f8-afaa41d1f830..f=ef1f50e3-d50c-46de-8b50-9191a9788215..a=0..b=0..e=%5Bclickid%5D..c1=%5Bsubid%5D..c2=%5Bzoneid%5D..c3=%5Bcampaignid%5D..c4=%5Bcreativeid%5D..c5=%5Bsubscriptionage%5D..c6=%5Bcountry%5D..c7=%5Bos%5D..c8=%5Bbrowser%5D..c9=%5Bcarrier%5D HTTP/1.1
Host: win.dll-software-update.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 01 Feb 2023 18:38:49 GMT
server: AmazonS3
content-encoding: br
date: Wed, 08 Feb 2023 06:47:28 GMT
etag: W/"c17f696b1b8fae549251e859a78f4b00"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: frKk52gKBj8ZtSjJpezwYYdY6UDU_7-FYjkyIejuBnVuHRdf-dfBEw==
age: 84839
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce710ab5746832fe637fada3e6d63abf
d545c85d4a8cf92dc8b88db0a056623d1ef7a943
40bae4a2fb9dd60e9339d15ad0838f3ca83b5b6275c35cd22878b6783fcd6247
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7450
x-amzn-requestid: c3dabd4b-797b-4bbe-8824-5f502ff477b0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2aG-IoAMFfnQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf5-68de905b2ed5bfe46a87e688;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AX-TsURes3Bn0RrAnH7TnsouJdkcOpbq7f7KAzPMWq4RMBH8FWMz7g==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 17:45:22 GMT
age: 45365
etag: "d545c85d4a8cf92dc8b88db0a056623d1ef7a943"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bb7c8b758fe17f6c06ce2bebb5008495
032d747cf20951f6ca6fd51489fefd7c09c4948d
835d89e028ec4c85a845f2835cb5eddb9653937f6736e2713b671419474608ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12811
x-amzn-requestid: be33f9ef-31cb-4572-9f22-0a433423e195
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChzZFiWIAMFgmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4167b-70ed2a756b8da4372ccc1f83;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:39:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HB03bmBiXVTrYbU01OssMQ_EbKhhFPhoUa-qcze2ZgD9Hr48Q8mEbQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:15:23 GMT
age: 29164
etag: "032d747cf20951f6ca6fd51489fefd7c09c4948d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2