Report - dlnl.newrequireddefence.site/c/a4510ff39c33bdb3?clickid={click_uuid}&bid={bid_cpc}&s1={s1}&s3={s3}&s4={subscriber_age_days}&s5={subid_uuid}&s6={zone_uid}&s7={platform_name}&s8={campaign_id}&s9={click

Report Overview

URL

dlnl.newrequireddefence.site/c/a4510ff39c33bdb3?clickid={click_uuid}&bid={bid_cpc}&s1={s1}&s3={s3}&s4={subscriber_age_days}&s5={subid_uuid}&s6={zone_uid}&s7={platform_name}&s8={campaign_id}&s9={click_uuid}&sub1={sub1}
IP

52.51.27.131

ASN

#16509 AMAZON-02
Submitted

2023-02-28T10:00:47Z

Access
Tags

fake_software fraud
urlquery detections

Fraud - Fake AntiVirus / Security software

Detections

urlquery

13
Network Intrusion Detection

0
Threat Detection Systems

3

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
dlnl.newrequireddefence.site (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	548	3511	52.51.27.131
cdn-adef.akamaized.net (35)	125719	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	15086	435932	95.101.10.67
www.gstatic.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	493	5110	216.58.211.3
r3.o.lencr.org (8)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2704	7090	23.36.76.226
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5894	34.160.144.191
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	391	34.117.237.239
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	34.218.164.174
translate.googleapis.com (1)	1005	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	499	76025	142.250.74.138
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2374	35.241.9.150
cdn.stfilecamp.com (3)	400667	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1170	41349	205.185.216.42
cdnjs.claudflare.io (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	416	92269	206.189.196.86
route.frest.pro (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	485	772	172.67.211.109
ocsp.digicert.com (1)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341	473	93.184.220.29
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	49669	34.120.237.76
translate.google.com (1)	1156	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	420	691	142.250.74.110
stormtrk.com (1)	289095	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	750	703	104.26.5.120
ocsp.pki.goog (8)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2772	5624	216.58.211.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-28	medium	cdn.stfilecamp.com/stormtrk.js	Phishing
2023-02-28	medium	cdn.stfilecamp.com/fp.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-28	medium	claudflare.io	Sinkholed

ThreatFox

No alerts detected

HTTP Transactions (73)

URL IP Response Size

dlnl.newrequireddefence.site/c/a4510ff39c33bdb3?clickid={click_uuid}&bid={bid_cpc}&s1={s1}&s3={s3}&s4={subscriber_age_days}&s5={subid_uuid}&s6={zone_uid}&s7={platform_name}&s8={campaign_id}&s9={click_uuid}&sub1={sub1}

52.51.27.131

200 OK

3029

URL HTTP/1.1

dlnl.newrequireddefence.site/c/a4510ff39c33bdb3?clickid={click_uuid}&bid={bid_cpc}&s1={s1}&s3={s3}&s4={subscriber_age_days}&s5={subid_uuid}&s6={zone_uid}&s7={platform_name}&s8={campaign_id}&s9={click_uuid}&sub1={sub1}
IP

52.51.27.131:0
ASN

#16509 AMAZON-02

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (20195)

Size

3029
Hash

1a44178cf5f3dedb18c616adb9b82043

a6c2b6adafb978e4c7d8b3451f03ab449d1b65cc

2d8de8fdef363dc05531309e31c389ceb75b61fba4a8e0066bdaccf34f6ca298

HTTP Headers

                                        GET /c/a4510ff39c33bdb3?clickid={click_uuid}&bid={bid_cpc}&s1={s1}&s3={s3}&s4={subscriber_age_days}&s5={subid_uuid}&s6={zone_uid}&s7={platform_name}&s8={campaign_id}&s9={click_uuid}&sub1={sub1} HTTP/1.1
Host: dlnl.newrequireddefence.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Feb 2023 10:00:36 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: unique_id=63fdd0c4000548a9; Path=/; Expires=Sat, 29 Apr 2023 10:00:36 GMT
unique_id2=63fdd0c4000550eb; Path=/; Expires=Mon, 29 May 2023 10:00:36 GMT
impression=; Path=/; Expires=Tue, 28 Feb 2023 10:00:36 GMT
63fdd0c4000550eb_sl=[269163]; Path=/; Expires=Tue, 14 Mar 2023 10:00:36 GMT
Content-Encoding: gzip

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

b44b6d7bebf34d0393567b22a63a93fa

a1a85b268bc8073d8e4622ceb78b78a1b39af96a

4b69973af6e9c5a78d94e8661b08d9349176a515e7bfb3386b10ace4c6f1ae21

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B69973AF6E9C5A78D94E8661B08D9349176A515E7BFB3386B10ACE4C6F1AE21"
Last-Modified: Tue, 28 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14185
Expires: Tue, 28 Feb 2023 13:57:01 GMT
Date: Tue, 28 Feb 2023 10:00:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

fa03c1ea82feaa081cf4094641ce1152

5c62e5281662a4010eb4cb45f3bd4bacae1c9153

7b72ac559134398cedcb17bbca3ea3e5467a05a7da769ee2f83f4f762af62918

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7B72AC559134398CEDCB17BBCA3EA3E5467A05A7DA769EE2F83F4F762AF62918"
Last-Modified: Mon, 27 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16130
Expires: Tue, 28 Feb 2023 14:29:26 GMT
Date: Tue, 28 Feb 2023 10:00:36 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

4ad6984a756720fbfff47b37a75513a2

355e35258114452af8b9638985ed9d8ef3bf0aca

43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 28 Feb 2023 09:12:45 GMT
content-type: application/json
age: 2871
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

1fc53096a9ed90534f34db55765fe755

00462323483a73d48261b8e8a0981bec58ef832a

bcfb9a09fd0882661e1eddc5bde947142897dfe816d535ed2cbfb1aa34823bd7

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BCFB9A09FD0882661E1EDDC5BDE947142897DFE816D535ED2CBFB1AA34823BD7"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7669
Expires: Tue, 28 Feb 2023 12:08:25 GMT
Date: Tue, 28 Feb 2023 10:00:36 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

b5ba6334e73496995e3e3a9ecd0eb323

ad80d3b7718c28364e8c2004fb38a13a1747e462

aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: GOZKO+D7m/sxfwwC6DzOtTWhX7dSQLjSjmBb0p2AI3dpBfoJAK+ScgLEGbfCURpD8gUsN4CaYdxhCtrI3bvyjw==
x-amz-request-id: CEP55HSZDTBEPS1K
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 28 Feb 2023 09:14:30 GMT
age: 2766
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Tue, 28 Feb 2023 10:00:36 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

cdn-adef.akamaized.net/landings/269163/1672139499/js/js.cockie.min.js?1672139499

95.101.10.67

200 OK

826

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/js/js.cockie.min.js?1672139499
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

ASCII text, with very long lines (1619), with no line terminators

Size

826
Hash

80f159394b22e099038b584495222009

49a38d579533fb963f8f0f94687b40f65713b8dd

2d1575e9baafcb2f70a5d4ff82e829c3722535c3b9921c0d1baf5b54a384b109

HTTP Headers

                                        GET /landings/269163/1672139499/js/js.cockie.min.js?1672139499 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: cCDo4f6FLKymtSZNbC/QVIccZi4HQ0ZWiN7YXNsNMXCLco/TkvnnP2bjBWF4f995sH+MEzhBLYU=
x-amz-request-id: KA9TJ4F1E9EHQ5W6
Last-Modified: Tue, 27 Dec 2022 11:11:42 GMT
ETag: "aeb03440821eecd362780d1d1f8f4751"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 28 Feb 2023 10:00:36 GMT
Content-Length: 826
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/css/style.css?1672139499

95.101.10.67

200 OK

2856

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/css/style.css?1672139499
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

ASCII text

Size

2856
Hash

9e6e17753fd08ccffdaab4bc97d7af50

f4a6f23df54e760b305134eb5587ccd0b0c6ad49

01f65c67d47ef19588c9c3e19fc6e2e123ff3f0e2f1cfdf9ad61a655efe23cf8

HTTP Headers

                                        GET /landings/269163/1672139499/css/style.css?1672139499 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: p3RYYPyj5mCQTvtqzECfJe4yeU6LfPxkfxYcSd+aYzL9J2LLUM+GhCIiybZH4HAIh6hkRbEkp/U=
x-amz-request-id: 1G8T852E10VJTM4T
Last-Modified: Tue, 27 Dec 2022 11:11:42 GMT
ETag: "790ea33cbfafd3311bd7083f70a179c6"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 28 Feb 2023 10:00:36 GMT
Content-Length: 2856
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/css/translate.css?1672139499

95.101.10.67

200 OK

655

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/css/translate.css?1672139499
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

ASCII text

Size

655
Hash

64836db20736f1e7995b43489b4bf0ac

a0db33db05acb39dd01d9f19f5eed634682b0ead

d4d21bac4b13cac53c0b921c3aa69d1e010a32ad3ccb7498821aa6e763e71c87

Detections

Analyzer	Verdict	Alert
urlquery	fraud	Fraud - Fake AntiVirus / Security software

HTTP Headers

                                        GET /landings/269163/1672139499/css/translate.css?1672139499 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: m1koesbOjM1FnwtssaFj8KRRXHu4ZQb2oDwztpp80NRYTI6ZHi5QzvvM0Jjq6VHC73tayEY+6kPbTBiXBUZJLg==
x-amz-request-id: PVVTXWYMF2Y8EK4J
Last-Modified: Tue, 27 Dec 2022 11:11:42 GMT
ETag: "64836db20736f1e7995b43489b4bf0ac"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Content-Length: 655
Date: Tue, 28 Feb 2023 10:00:36 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/js/translete.js?1672139499

95.101.10.67

200 OK

559

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/js/translete.js?1672139499
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

ASCII text

Size

559
Hash

7a2813dd2f72e952a133e5d6f13a808a

7472ee61fbd566913fd48f40f76e63edb9ea1faf

ea14a153c8c32aecd506eeb112e67542e62ea7e312dc77de3149df90c8a9336d

HTTP Headers

                                        GET /landings/269163/1672139499/js/translete.js?1672139499 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: RBr51T0ODz7gLEvfYhB0PkgolHvfW7YY71ygjuKu6iqrM//wOzG9CxCzs6hiJ9Qtg+wbYrmo7Wk=
x-amz-request-id: KA9V5CQZEQAVJ9EE
Last-Modified: Tue, 27 Dec 2022 11:11:42 GMT
ETag: "ec54980cfed635492cef5628111560d2"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 28 Feb 2023 10:00:36 GMT
Content-Length: 559
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/js/interactive.js?1672139499

95.101.10.67

200 OK

5095

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/js/interactive.js?1672139499
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

ASCII text, with very long lines (24988), with no line terminators

Size

5095
Hash

4f6795f72fdbcb15309fd2aaba55302d

d613bd45610ff3a3e0a581d360847f01de563368

787035c2e2a9154a7ab7805185cf09b73f252b86221c975244259db327db8193

HTTP Headers

                                        GET /landings/269163/1672139499/js/interactive.js?1672139499 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: fx8XehK/mY2+pnF/+qBagZ8X9erkTePt+SvjWVf3hUnOQ/fYwwX39X8d5w3C3AnKxdRT91i4XGA=
x-amz-request-id: 6NB5GVSMDVQPG7P9
Last-Modified: Tue, 27 Dec 2022 11:11:42 GMT
ETag: "7f1b8cc7b3f5bae928d07c8605d0c0d8"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 28 Feb 2023 10:00:36 GMT
Content-Length: 5095
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/js/site-protect.2.0.js?1672139499

95.101.10.67

200 OK

1073

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/js/site-protect.2.0.js?1672139499
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

ASCII text

Size

1073
Hash

85e3bd021961fdac95655a71435375f5

9d03222c7a2acb3c790270e3f07bebc485759db2

bd6d5b382238afd5ee6299972b66f4e22521fe96487dfc620be38e1743d71887

HTTP Headers

                                        GET /landings/269163/1672139499/js/site-protect.2.0.js?1672139499 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: xKbZacJsZcFI7rbKuvlXVIOIkFUlTUhHjSZWk3VPltkulgM5zjJp73TFWrlNmR63vui+4A4FWEY=
x-amz-request-id: BTXWXB4ERW6HYF1D
Last-Modified: Tue, 27 Dec 2022 11:11:42 GMT
ETag: "311a4a9bfb7699c36f9310aa8484b360"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 28 Feb 2023 10:00:36 GMT
Content-Length: 1073
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Last-Modified, Backoff, Alert, Cache-Control, ETag, Expires, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 28 Feb 2023 09:12:25 GMT
age: 2892
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

c996a11ff79864ad743b4a786a9c8348

1adadd242ce778489fa10f7da68c8e5c0f42cf1f

7f25f15055a1a63db36f23cca5716a4e4953f99eec7988232e653d349701fec6

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7F25F15055A1A63DB36F23CCA5716A4E4953F99EEC7988232E653D349701FEC6"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8041
Expires: Tue, 28 Feb 2023 12:14:38 GMT
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive

cdn-adef.akamaized.net/landings/269163/1672139499/js/main.js?1672139499

95.101.10.67

200 OK

769

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/js/main.js?1672139499
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

ASCII text

Size

769
Hash

a22a1a0161c2da8eab4d825d701e0d30

17a279b59fa2371f8661d5558662df7abdcf5442

4d7d84af0a913c75c83eda10419b18fd30ec7f481bf627fa89d8ff450df53580

HTTP Headers

                                        GET /landings/269163/1672139499/js/main.js?1672139499 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: PQZCeUSEbhEyzh003afg62eS7B/jShDAU3RV5yce8PIVr2kLxSHc61i4OWCGqf4CxmCrt3nuo94=
x-amz-request-id: KA9TERX046M833CX
Last-Modified: Tue, 27 Dec 2022 11:11:42 GMT
ETag: "a22a1a0161c2da8eab4d825d701e0d30"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 769
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/js/second_back_multi.js?1672139499

95.101.10.67

200 OK

728

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/js/second_back_multi.js?1672139499
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

ASCII text

Size

728
Hash

cf00d833782706194b8c8d7a10222c7e

eb5fcbf9e53b3e2882d671cea6a73210effff810

b1d0dec6c93c760e5890b5f36ce72d46f4d9be7650d8eda017ef0bb640080b05

HTTP Headers

                                        GET /landings/269163/1672139499/js/second_back_multi.js?1672139499 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: lls0DRgQBq2n/mmtjeVxiDLMtmiBGmUoTvgSTAIu8Gfe0bcOHkmU8e2ixbeqMSB6omJUibRFJh4=
x-amz-request-id: KA9VE17XGGWX28E7
Last-Modified: Tue, 27 Dec 2022 11:11:42 GMT
ETag: "f428fe6667efbbe5781d64826256609b"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 28 Feb 2023 10:00:37 GMT
Content-Length: 728
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a518b418b3b845c6c4f61b595d07d29e

fa6b54344b3e4dfb5c6f16090825264152907bd6

b797e9b583b27d9c7288b67ecd1c8fc0da8a0ff8ac6d335f3d6e0bed653f2aed

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B797E9B583B27D9C7288B67ECD1C8FC0DA8A0FF8AC6D335F3D6E0BED653F2AED"
Last-Modified: Mon, 27 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5026
Expires: Tue, 28 Feb 2023 11:24:23 GMT
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive

cdn.stfilecamp.com/multi_push.js?1672139499

205.185.216.42

200 OK

1072

URL HTTP/2

cdn.stfilecamp.com/multi_push.js?1672139499
IP

205.185.216.42:0
ASN

#20446 STACKPATH-CDN

Magic

ASCII text

Size

1072
Hash

a50322f9d3f3fafe3fb02be02285e433

c0a894b3bfa545832c3ad1c2f145005d02e50ac4

cb763e10664b93ac12aaead7af7b0838195e45eb89f678ebb3f5776b147f5d99

Detections

Analyzer	Verdict	Alert
urlquery	fraud	Fraud - Fake AntiVirus / Security software

HTTP Headers

                                        GET /multi_push.js?1672139499 HTTP/1.1
Host: cdn.stfilecamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Tue, 28 Feb 2023 10:00:37 GMT
cache-control: max-age=3600
content-length: 1072
content-type: text/javascript
last-modified: Thu, 07 Jul 2022 14:21:23 GMT
accept-ranges: bytes
x-rgw-object-type: Normal
etag: "a50322f9d3f3fafe3fb02be02285e433"
x-amz-request-id: tx00000000000000aba5433-0063fdd0c5-3086a145-sfo3a
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-hw: 1677578436.dop020.sk1.t,1677578436.cds208.sk1.hn,1677578437.cds231.sk1.pr
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.218.164.174

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

34.218.164.174:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /bskyE7Zg/5NyFRHAAZTrw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ne24BDFPgt9m3iCDNq0lRa2RP14=

cdnjs.claudflare.io/ajax/libs/jquery/3.6.0/b/jquery.min.js?1672139499

206.189.196.86

200 OK

92013

URL HTTP/1.1

cdnjs.claudflare.io/ajax/libs/jquery/3.6.0/b/jquery.min.js?1672139499
IP

206.189.196.86:0
ASN

#14061 DIGITALOCEAN-ASN

Magic

ASCII text, with very long lines (65447)

Size

92013
Hash

0dd85f14c26ab969e3821b1242e990dc

93fab83252b745e1c443d3e2f9aade1ac24f20ba

b6e8a194a1a400ed9f2ce3155e243ccd3a0740066a3d39bc06a7a56193290995

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /ajax/libs/jquery/3.6.0/b/jquery.min.js?1672139499 HTTP/1.1
Host: cdnjs.claudflare.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Server: nginx/1.22.0 (Ubuntu)
Date: Tue, 28 Feb 2023 10:00:37 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 92013
Connection: keep-alive
Cache-Control: public, max-age=43200
Expires: Tue, 28 Feb 2023 22:00:37 GMT

cdn-adef.akamaized.net/landings/269163/1672139499/images/logo.jpg

95.101.10.67

200 OK

7653

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/logo.jpg
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 200x200, components 3\012- data

Size

7653
Hash

04cafbd162493b66a25988eb1cb58d07

fc780a93ddbacd25467c56bfb6bd46e8bc94503e

7aeb8ef4156327a8bb0c98b0f6ecc8409ab462a64c61df589c7e2477bd761628

HTTP Headers

                                        GET /landings/269163/1672139499/images/logo.jpg HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: OJne/AHSW5isVEfwyuu+Baz9AcCp85pWoth83ii39YKGd+XHCa+3y736XfDDQCUh9LIMh08IGLQ=
x-amz-request-id: KA9ZY3Z0A4TBF45E
Last-Modified: Tue, 27 Dec 2022 11:11:42 GMT
ETag: "04cafbd162493b66a25988eb1cb58d07"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 7653
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/cross.gif

95.101.10.67

200 OK

211

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/cross.gif
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

GIF image data, version 89a, 29 x 29\012- data

Size

211
Hash

45b0c8a1e52d91e8cf84eaf75ebca9a9

0e358b8571f9062dedfacd0c31d54179270153cd

4e635bdab7a300d0ccb5aac26b4610a07ee1b33643578c1a4308e677d7eb595d

Detections

Analyzer	Verdict	Alert
urlquery	fraud	Fraud - Fake AntiVirus / Security software

HTTP Headers

                                        GET /landings/269163/1672139499/images/cross.gif HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: aywY6F4HxWehNhNEbrCtvbShIMeL0qSqSrQFyRD9sHW1O2i9rVTk8l6BKyfHktJ9fzV2UEIjctA=
x-amz-request-id: KA9HGV7QBDBCMWCR
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "45b0c8a1e52d91e8cf84eaf75ebca9a9"
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 211
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/win_min.png

95.101.10.67

200 OK

128

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/win_min.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data

Size

128
Hash

0bb86caf792dd7d24731c18cd37bb68e

dda1e433a0eaf785b2aa2c6214d5e48cb82a3a25

2ac27821ba64d645f36e2ad197492d30c11b10a032cc474554679555f4604622

Detections

Analyzer	Verdict	Alert
urlquery	fraud	Fraud - Fake AntiVirus / Security software

HTTP Headers

                                        GET /landings/269163/1672139499/images/win_min.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: FudlGOv1GiZ4z/ZQibdNN4UZPnm8Q/McRNYeTG60veA3lktfYXcnuvb1fg0DfMQN6T1V+FGxbDQ=
x-amz-request-id: PJEXCSDVGY5AD47G
Last-Modified: Tue, 27 Dec 2022 11:11:42 GMT
ETag: "0bb86caf792dd7d24731c18cd37bb68e"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 128
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/check.png

95.101.10.67

200 OK

1946

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/check.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 35 x 34, 8-bit/color RGB, non-interlaced\012- data

Size

1946
Hash

1eab4e4fb7a147352b0027c0e4df1fe6

99e621180265541383f5c081cd6f7c77b7d21e0d

a66a5ce08b112086075a336e9f18d5cea683143b552a50641971ef00d3895207

HTTP Headers

                                        GET /landings/269163/1672139499/images/check.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: G6HZlw3oJXWMw9z2MXAFWsNJu7D+4BdGTM38bhVnKuFPSZKnPtbsF1dgX2YcqhWKKYf8t4CUWRU=
x-amz-request-id: KA9KDKAH7JFGXWM5
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "1eab4e4fb7a147352b0027c0e4df1fe6"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1946
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/ico_tray1.gif

95.101.10.67

200 OK

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/ico_tray1.gif
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

GIF image data, version 89a, 16 x 16\012- data

Size

69
Hash

3ae573d079dcd1d2da4086f2c0c72c45

e7c9dabec81379373476ed23168dcecb9b8c56aa

9cce08ab28e94790cf78c87e37f8690acbc6c535e4b43ae7b38506b94538e107

Detections

Analyzer	Verdict	Alert
urlquery	fraud	Fraud - Fake AntiVirus / Security software

HTTP Headers

                                        GET /landings/269163/1672139499/images/ico_tray1.gif HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: 8rHGMuTm081q3OZNSxySXfNnfF7lFK087LDFa/jcWW2HTauc5GALlo9BoeIPKayFqHTQBzGP2Ro=
x-amz-request-id: BTXKQNVJ9WQ21P8N
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "3ae573d079dcd1d2da4086f2c0c72c45"
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 69
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/ico_tray3.gif

95.101.10.67

200 OK

234

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/ico_tray3.gif
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

GIF image data, version 89a, 16 x 16\012- data

Size

234
Hash

9ce99ec458daf212f9812a90f3fadd13

9e3041bc91b79a17b52e0fbb6c2d0e2f905d98a1

b0d335401c9fd5fac9991ec92edaf7865ff3a491ebe390120936c69796c3b753

Detections

Analyzer	Verdict	Alert
urlquery	fraud	Fraud - Fake AntiVirus / Security software

HTTP Headers

                                        GET /landings/269163/1672139499/images/ico_tray3.gif HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: rxSK2BNA1W/YjEKUIts4FItidi+GdPhop2yQZ96OH4PXBgQATw2rzb1EgR4v+GOT9DKrF1UCFKQ=
x-amz-request-id: KA9MJYWHDQRMV19H
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "9ce99ec458daf212f9812a90f3fadd13"
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 234
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/menu2.png

95.101.10.67

200 OK

1665

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/menu2.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data

Size

1665
Hash

bc32798c28d2145f979848809ba5f858

7bc0276cd56bf6463113a9c5d33ea9aacbdb5f51

7319ffc0fdb40740b07f1a286348fa0f29676127996481b6310f3dd7f322d4ee

HTTP Headers

                                        GET /landings/269163/1672139499/images/menu2.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: D4Yz5B7mD5DEwVwtKTFTfsaKc6jFF0nzbmeCmboFHu1nqoNCF6HGRn6FIcfGDq55pintKThbTeQ=
x-amz-request-id: ACF31DPAKK1W3YPX
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "bc32798c28d2145f979848809ba5f858"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1665
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/icons.png

95.101.10.67

200 OK

1932

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/icons.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 124 x 22, 8-bit/color RGB, non-interlaced\012- data

Size

1932
Hash

32fded5a952e60a48a879e414c590f24

834e44460475c20ce9f4c801a4ccf53130749af3

d712d6bf38edf55c605c2a568ce2de1caae95d26b00c02c4f9a1eed6f370d76e

HTTP Headers

                                        GET /landings/269163/1672139499/images/icons.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: W1tosXrCbLo2ChU9HBtkwud4mH8NbMsXbOkF9QZ2VBGecRbljQ+xB4sAubwZWkCNoWYDl+JvGPs=
x-amz-request-id: KA9WBBQZKP0CG32V
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "32fded5a952e60a48a879e414c590f24"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1932
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/menu1.png

95.101.10.67

200 OK

1920

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/menu1.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data

Size

1920
Hash

b2b98941a9fe6bbcb6745989b3289b1e

5fb8fce5934af6d3426a37eb58b9846fa80ead39

d9efcb7b0f632cb3d2650c0c676b3c758f00c52f5d1cc5e7963dd456aaa03833

HTTP Headers

                                        GET /landings/269163/1672139499/images/menu1.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: ISI+S+dPLUEmLivgZGaAGaFq4U7709vn/b2IYUMcCVMb6M6Rrc8+7d8nBiMgPbbQljb80Rqq/C8=
x-amz-request-id: K7HJ5Y7NSEZHGKYW
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "b2b98941a9fe6bbcb6745989b3289b1e"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1920
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/win_cls.png

95.101.10.67

200 OK

293

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/win_cls.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data

Size

293
Hash

9eb68d2ce05c151bda542a7a6356e22c

baeeefe4a7ac657c10a5f081841015de1bcf90dd

2d2b7040bc32b397c3c60d800de9aa7d86404f1874862eba61bdaa21f1523eb7

Detections

Analyzer	Verdict	Alert
urlquery	fraud	Fraud - Fake AntiVirus / Security software

HTTP Headers

                                        GET /landings/269163/1672139499/images/win_cls.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: dWS/3TyDgCvNOYIyysfKdsg3QExzvGZLhggAQl3On4cFu5rmWCaCPSzoLMZLnGidmBvjw9BLwwc=
x-amz-request-id: PJEWFMXG3K40E7YT
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "9eb68d2ce05c151bda542a7a6356e22c"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 293
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/info.png

95.101.10.67

200 OK

1545

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/info.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 23 x 20, 8-bit/color RGB, non-interlaced\012- data

Size

1545
Hash

7f7b44979afb15dfdc18e7d754c6d0f5

7426889578a3a6f20f620611f7ea8d4dadaf3b87

cb2eff4a1cf5f187eda87e71d6039f24af63844617a7f890070b9afd5c965a33

HTTP Headers

                                        GET /landings/269163/1672139499/images/info.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: 3jtURFiCRvsc82AUG5TkAfd0UepvSkEhcjkzjakmEnXBlt6KIm++0du4w/LC0aQohI5/itzTCEQ=
x-amz-request-id: K7HM40PXX8MB56H5
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "7f7b44979afb15dfdc18e7d754c6d0f5"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1545
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/globe-alpha.png

95.101.10.67

200 OK

302963

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/globe-alpha.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 1440 x 700, 8-bit gray+alpha, non-interlaced\012- data

Size

302963
Hash

bc336a3a0c484d7c65299b9c4af45596

36cb2608b4fef19277220dab7e0cb0a623eee289

af9a953b12a4994939f45054e31302a7b1f59577f69c21376821cf9b922b414b

HTTP Headers

                                        GET /landings/269163/1672139499/images/globe-alpha.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-adef.akamaized.net/landings/269163/1672139499/css/style.css?1672139499
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
x-amz-id-2: NwNg62f5Rpx9p7NY9DU7RJpqC7cNjH0EEOu8MIKzuh2j4HC8XZZYdPr3W6xZ+nwAYXL10wSOPl0=
x-amz-request-id: KA9PD5DESR83PF1J
Last-Modified: Tue, 27 Dec 2022 11:11:42 GMT
ETag: "bc336a3a0c484d7c65299b9c4af45596"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 302963
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/icon1.png

95.101.10.67

200 OK

5928

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/icon1.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 139 x 130, 8-bit/color RGB, non-interlaced\012- data

Size

5928
Hash

fa6582524d715994e9d9036eca9b034b

06cce1b23faba93959df12a9eccaa3d6f51341ce

cf05a371ab1261c3e1f2785e26c95cc5869b37de15c9d48206e78a58894a0cdc

HTTP Headers

                                        GET /landings/269163/1672139499/images/icon1.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: YbsI7DilU5zBu5knsJ8i+1BXPP48nOOBmc4qjXAGDQPUWvLZN5kjHGRR6U6olCbSd39K196W044=
x-amz-request-id: KA9JEQAQ5K5X3Y90
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "fa6582524d715994e9d9036eca9b034b"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 5928
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/menu4.png

95.101.10.67

200 OK

1812

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/menu4.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data

Size

1812
Hash

7af58322b67083908a8519d74471f47d

256a9119feb235759cf98f211bc6398f58c4ee43

bfab83c5a6c9c62450668ba960527fc9b17ed316a52436f0f63fd1eedcd45a3d

HTTP Headers

                                        GET /landings/269163/1672139499/images/menu4.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: zenhbi5Qdb541LZjp74gTp3ZbQ9xfZO30rpW2UomHTPkEUD3AZ2cv/5Ur996ElSbLAOm6EHVsyc=
x-amz-request-id: K7HQY3KSRAPY0W9T
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "7af58322b67083908a8519d74471f47d"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1812
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/menu3.png

95.101.10.67

200 OK

1483

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/menu3.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 36 x 36, 8-bit/color RGB, non-interlaced\012- data

Size

1483
Hash

860d945f4bba4b150b4c6300bdd87527

4c3f11a2902bf437bb578871f7e27625f0ae6504

bdca8ddc4aaf7200e8c215c5eedeae489626d9df23313578ac0cfe45854ea0c8

HTTP Headers

                                        GET /landings/269163/1672139499/images/menu3.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: OteTT61eaop2SS5CCOalHcZxfh+bMC2rAu74vjpPbG56VWuYpgc3+pYhcbnbf0vpAAOzW4pEPKk=
x-amz-request-id: K7HK1DKV2N0DKGDM
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "860d945f4bba4b150b4c6300bdd87527"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1483
Date: Tue, 28 Feb 2023 10:00:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/icon2.png

95.101.10.67

200 OK

4856

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/icon2.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 152 x 121, 8-bit/color RGB, non-interlaced\012- data

Size

4856
Hash

a0f86853c68b824dd5c15b0fae66fdfe

0c8ba75f1370ba3c10a309be4c1c96a5067c6098

f58fdb3b3ba6dc0943458179df29efb7201b84ff2edbf03d9ad5cb26c4e52917

HTTP Headers

                                        GET /landings/269163/1672139499/images/icon2.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: 9Z00U4wwm31EDuARvnRPhgp7LUdGmkNuZ+jtUseRIcuKCGx7auDhwuGfXPOKfStKJc3jC9aSgOQ=
x-amz-request-id: K7HX6PM4875QWRQM
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "a0f86853c68b824dd5c15b0fae66fdfe"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4856
Date: Tue, 28 Feb 2023 10:00:38 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/ico_tray2.gif

95.101.10.67

200 OK

377

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/ico_tray2.gif
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

GIF image data, version 89a, 16 x 16\012- data

Size

377
Hash

c10bdec858cb0cf9e6cc5865d5925746

697c095ed5509e5a5af0c5ebf2380662aeffc531

b65b47a79e32335d9ca35ff59c6975d2b5808f84da0db88d11ce777b33e72ad9

Detections

Analyzer	Verdict	Alert
urlquery	fraud	Fraud - Fake AntiVirus / Security software

HTTP Headers

                                        GET /landings/269163/1672139499/images/ico_tray2.gif HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: 5iI+bSa6MYbk39zvGwwQSCjrPaD2GXUYCAoUE7wuITowVD2EHVcmqfO+qE3538EJ+lNX6Ti6iXs=
x-amz-request-id: KA9RNVERQAW3C4VD
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "c10bdec858cb0cf9e6cc5865d5925746"
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 377
Date: Tue, 28 Feb 2023 10:00:38 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

ocsp.pki.goog/s/gts1p5/K65h7ENLtOQ

216.58.211.3

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/s/gts1p5/K65h7ENLtOQ
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

3a7b8ad2bbfb8e021e3587820f9ca204

c33bede43c2e89e5060bb023ce7e89fa6e187530

ca67c9b29ddc9b0f859852ca4dbaa0f301d2fb72b4318835db0e119cc8b0002e

HTTP Headers

                                        POST /s/gts1p5/K65h7ENLtOQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 28 Feb 2023 10:00:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.stfilecamp.com/stormtrk.js

205.185.216.42

200 OK

6807

URL HTTP/2

cdn.stfilecamp.com/stormtrk.js
IP

205.185.216.42:0
ASN

#20446 STACKPATH-CDN

Magic

ASCII text

Size

6807
Hash

39e5f8ad757fe438c784e8d883e47ab0

6b2905489485100c83605f43186c5843031e1f3b

e421906cc3be04e5f6795074c0a91e5a194f218b3f8c57adfed0f4d315dd445a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /stormtrk.js HTTP/1.1
Host: cdn.stfilecamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
date: Tue, 28 Feb 2023 10:00:38 GMT
cache-control: max-age=367
content-length: 6807
content-type: text/javascript
last-modified: Sat, 24 Dec 2022 08:48:24 GMT
accept-ranges: bytes
x-rgw-object-type: Normal
etag: "39e5f8ad757fe438c784e8d883e47ab0"
x-amz-request-id: tx00000000000000ab41080-0063fdc425-3086a145-sfo3a
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-hw: 1677578438.dop020.sk1.t,1677578438.cds208.sk1.hn,1677578438.cds014.sk1.c
X-Firefox-Spdy: h2

cdn-adef.akamaized.net/landings/269163/1672139499/images/avira-white.png

95.101.10.67

200 OK

59078

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/avira-white.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced\012- data

Size

59078
Hash

15cac20be8d4fdd074e21a4a52604d2f

fd4c43583bec2c7bfae3cb9feb2699abbc50c578

d4ad291dfcf93d75db62260b5ba53ddda1f2a9c855a3019cf7ae52c3cd936739

HTTP Headers

                                        GET /landings/269163/1672139499/images/avira-white.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: ADVEAI/4KwxUp9mHlPPC3GBsFd+GA01Fq2PcKP8iMZ7BHyinVlP6I6pQ7YW/6x3hBJPH5CFJyGg=
x-amz-request-id: KA9NBPFQ04YFH522
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "15cac20be8d4fdd074e21a4a52604d2f"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 59078
Date: Tue, 28 Feb 2023 10:00:38 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/avira-logo.png

95.101.10.67

200 OK

4226

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/avira-logo.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 225 x 225, 8-bit/color RGBA, non-interlaced\012- data

Size

4226
Hash

2dd0fb3f8327cbd8ae041f7fdb1eb8bf

35cbcecbf827dbf814f249ff6f3124d671afd1a3

98035853429a64f9c5e3a1eb3dacd1592b1eda2f5ec5e54b02fe427e117f0f26

HTTP Headers

                                        GET /landings/269163/1672139499/images/avira-logo.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: 1+h+RT9BtRhCz7nMkml/raZsgUuaPyN6tI+euz+2Oq5SG9ZqCwgcmiD62jMZz8NkT+BEbAKkQNI=
x-amz-request-id: 272YFFD44BWGDWNV
Last-Modified: Tue, 27 Dec 2022 11:11:40 GMT
ETag: "2dd0fb3f8327cbd8ae041f7fdb1eb8bf"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4226
Date: Tue, 28 Feb 2023 10:00:38 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/269163/1672139499/images/icon3.png

95.101.10.67

200 OK

5904

URL HTTP/1.1

cdn-adef.akamaized.net/landings/269163/1672139499/images/icon3.png
IP

95.101.10.67:0
ASN

#20940 Akamai International B.V.

Magic

PNG image data, 137 x 131, 8-bit/color RGB, non-interlaced\012- data

Size

5904
Hash

8a07f71c9d0642e8b94bd2b9687c768f

fb2f6f1a6a421101a4b10c315f340d0565709abf

e77edd6c132664f48fb66468de2e1b5068d61e9f04e03d6a51668b14d00af0ed

HTTP Headers

                                        GET /landings/269163/1672139499/images/icon3.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlnl.newrequireddefence.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
x-amz-id-2: 2oeU8IYOvk8wP1hM0lDHt1BTf3zzvO67HfUoI09XuTXSwfUs/AxFbTmI76KB9zRToW2ZRAacnEg=
x-amz-request-id: 3E8C2MPK8644K5E4
Last-Modified: Tue, 27 Dec 2022 11:11:41 GMT
ETag: "8a07f71c9d0642e8b94bd2b9687c768f"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 5904
Date: Tue, 28 Feb 2023 10:00:38 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/beep.mp3

95.101.10.67

302 Moved Temporarily

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

#1 JS:Script (size: 1362)

#2 JS:Script (size: 3133)

#3 JS:Script (size: 2188)

#4 JS:Script (size: 1072)

#5 JS:Script (size: 24988)

#6 JS:Script (size: 769)

#7 JS:Script (size: 6807)

#8 JS:Script (size: 1619)

#9 JS:Script (size: 80070)

#10 JS:Script (size: 16550)

#11 JS:Script (size: 92013)

#12 JS:Script (size: 212170)

#13 JS:Script (size: 1174)

HTTP Transactions (73)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers