Report - red-trck1.shop/cng6l8k.php?key=4qkfyw71dvpeqp76vsg7&visitor_id=807814424227229696&cost=0.000000&zoneid=1550526&campaignid=8125388&useragent=Mozilla/5.0(iPad;CPUOS17_4likeMacOSX)AppleWebKit/605.1.15(KHTML,likeGecko)CriOS/124.0.6367.71Mobile/15E148Safari/604.1&browser=chrome&subzone_id=1401409&osversion=ios17&bannerid=20839635&language=ar&isp=almadaraljadeedjointstockcompany&user

Report Overview

Submitted URL
red-trck1.shop/cng6l8k.php?key=4qkfyw71dvpeqp76vsg7&visitor_id=807814424227229696&cost=0.000000&zoneid=1550526&campaignid=8125388&useragent=Mozilla/5.0(iPad;CPUOS17_4likeMacOSX)AppleWebKit/605.1.15(KHTML,likeGecko)CriOS/124.0.6367.71Mobile/15E148Safari/604.1&browser=chrome&subzone_id=1401409&osversion=ios17&bannerid=20839635&language=ar&isp=almadaraljadeedjointstockcompany&user_activity=medium
IP
172.67.144.228
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 19:59:22
Access
public
Website Title
(1) المكافأة متاحة!
Final URL
ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da#
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
red-trck1.shop	unknown	2024-03-28	2024-03-31	2024-04-10	850 B	73 kB	172.67.144.228
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-04-25	1.1 kB	1.9 kB	139.45.195.8
bujerdaz.com	unknown	2022-10-03	2022-10-03	2024-04-18	1.0 kB	16 kB	139.45.197.250
jouteetu.net	260109	2021-07-08	2021-07-15	2024-04-25	868 B	1.3 kB	139.45.197.251
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-04-25	987 B	1.1 kB	139.45.197.250
backunder.com	unknown	2022-12-13	2022-12-14	2024-04-18	394 B	1.7 kB	188.114.97.1
ribhek.com	unknown	unknown	No data	No data	12 kB	540 kB	104.21.17.21

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	bujerdaz.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	amunfezanttor.com	Sinkholed
2024-04-26	medium	bujerdaz.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	ribhek.com/ar/spinwhel-ly/js/bioep.min.js	5.3 kB	2023-03-07	2024-05-07
Pretty URL ribhek.com/ar/spinwhel-ly/js/bioep.min.js IP 104.21.17.21 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:55 Last Seen2024-05-07 23:05:18 Times Seen785 Hash b4be5a852fefdae43b355f2c154e3d65 d5a07889208ed421085aa023485bec0a133e10fc 325981e28cde77631c69c478b3c5e84e7284218b0659284217f80e9766381641 Loading...

	ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da#	244 B	2024-01-26	2024-05-07
Pretty URL ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-26 18:05:40 Last Seen2024-05-07 23:05:18 Times Seen92 Hash 19596257c78a3231bd3b1453f93169c5 6c85d256c5bd39f1ec2577f6276ca1a2647daed9 214fe758d0d9ee5aafdbec9358d5ed21897ba3f3c1f850c92afad81936491207 Loading...

	ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da#	47 B	2023-03-07	2024-05-07
Pretty URL ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:51:24 Last Seen2024-05-07 23:05:18 Times Seen844 Hash d48b742a8126a08d750fa1b377ed188f 6300ca7e01b65a15584093e084602307cbc5b6d7 e6b723e6819663edf262d46ece768a8ecedb47e6f691ee4671e78e7d5713a7a0 Loading...

	ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da#	169 B	2024-01-26	2024-05-07
Pretty URL ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-26 18:05:41 Last Seen2024-05-07 23:05:18 Times Seen92 Hash d7f23ed64ef6ca9fe27cf6f7ba0a390c 19ae77a24c1440f33069a5c14853835d2729c7bf 03930a1833374d42df99faccb6dbb8267ea0ef515b824a25d293a738011c81c9 Loading...

	bujerdaz.com/pfe/current/micro.tag.min.js?z=7071124&sw=/sw-check-permissions-39799.js	37 kB	2024-04-25	2024-05-08
Pretty URL bujerdaz.com/pfe/current/micro.tag.min.js?z=7071124&sw=/sw-check-permissions-39799.js IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 13:01:48 Last Seen2024-05-08 00:20:49 Times Seen1704 Hash 32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de Loading...

	ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da#	497 B	2024-04-18	2024-05-07
Pretty URL ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 10:03:00 Last Seen2024-05-07 23:05:18 Times Seen36 Hash d1da1025596639030bc7d4c1073315cf 38a98819149dbdacc76b8ca62fe32d1ec978a55b 310c0c808877dcada2822b04b51ec722a42adcfa7ed9c0ce3775f32a4738d130 Loading...

	ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da#	424 B	2023-03-08	2024-05-07
Pretty URL ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 06:59:33 Last Seen2024-05-07 23:05:18 Times Seen753 Hash a102885e8b625d589175ec4ae066ca78 83d15b7f26bcb6cd8d9a333370714a07b6171e46 25eab42f224eac7a3dcde5347408bd37a2766651363c7ff923adde69a0fb58bc Loading...

	ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da#	272 B	2023-03-08	2024-05-07
Pretty URL ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 06:59:33 Last Seen2024-05-07 23:05:18 Times Seen762 Hash 0c2bbc796c2132a49e24010e984990a3 271e9238fdd0b165701351225b0420f2c67435f8 74f12c01536bababfdf62a4bca9b912bf952923dc0bbaf904c4efcdf19b91d3f Loading...

	unknown	30 B	2023-04-10	2024-05-07
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 16:01:16 Last Seen2024-05-07 23:05:18 Times Seen1248 Hash 06cebcd37b089928232e6b67fd61c4a6 3531ee80345a4ba30d2f7dfea5450fdebcebda48 4211f10262715fdc749cd6a7732702821f89922042dc3f9ccdd80a1dc2da6b4c Loading...

	ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da#	168 B	2023-03-07	2024-05-07
Pretty URL ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:27 Last Seen2024-05-07 23:05:18 Times Seen1204 Hash 358a88f8d096f927e095e6182e6c875d c35c37cc80ba3929d8d4e045a2282c5f39ac6c00 9cae33187c5d941447410b80ff22429d03297dfc2bbc149546f70bc19724525a Loading...

	ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da#	168 B	2023-03-07	2024-05-07
Pretty URL ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:27 Last Seen2024-05-07 23:05:18 Times Seen1203 Hash 25a637ab7e8911baf488da8be4e1b905 93e5992bc39ab55d39557de79cdf1c1d8cf8d7de 5916a6e296bd31a4066725850e0a361f132dcb26fa2f0a7397f6ccb38569e675 Loading...

	ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da#	48 B	2023-03-07	2024-05-07
Pretty URL ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:27 Last Seen2024-05-07 23:05:18 Times Seen1204 Hash e0e85b06d67335c7ee1446615958d231 b65b4fc00127903ae221747d09e12318a87deac3 1d619e571a4a453367553ee865cc84096a01dbc6f70216e929f5739d58230d3e Loading...

	ribhek.com/ar/spinwhel-ly/js/en_date.js	6.7 kB	2023-03-07	2024-05-07
Pretty URL ribhek.com/ar/spinwhel-ly/js/en_date.js IP 104.21.17.21 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-05-07 23:05:18 Times Seen1575 Hash 159cca5aaccda0ce719041c87f432522 51a7090ebc8d851aab5f87d8f19f392ed260d545 62769705ac94c6659cba7cc5ff84fca57e16dfe3222f613677c3c5da4c2728a5 Loading...

	ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da#	168 B	2023-03-07	2024-05-07
Pretty URL ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:27 Last Seen2024-05-07 23:05:18 Times Seen1183 Hash c43fa36762d3eb9b33523e0b75097bc9 ec3a635ea954277745c29cdc77a063ea9fcd0506 496b75e4b69eb322c2b46d488da6d8b33d17db6519e935a164b16b70d76eedd4 Loading...

	backunder.com/script.js	911 B	2023-03-13	2024-05-07
Pretty URL backunder.com/script.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:39:15 Last Seen2024-05-07 23:05:18 Times Seen2391 Hash 87431f5c53069a8fd36f6efee29a514f 08296a974e36b3c9c9eb2a853658fbb8659c8836 e05b5f6d873b1857e696af8883191ef454f3919e62df36805ad502ba6a0dbfb7 Loading...

	ribhek.com/ar/spinwhel-ly/js/jquery.min.js	87 kB	2023-03-07	2024-05-07
Pretty URL ribhek.com/ar/spinwhel-ly/js/jquery.min.js IP 104.21.17.21 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-05-07 23:05:18 Times Seen2943 Hash 24f2e59beae1680f19632d9c1b89d730 b3a77b35c4809324ab79e64d40c4ee391234e008 39646863a414e0a84920b3a8639c0f3e8c94535e8dc051b42b485a068dc2902f Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc	697 B	2023-09-16	2024-05-07
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 06:08:32 Last Seen2024-05-07 23:05:18 Times Seen663 Hash 9f449dd93aff5d19981521dc1718011e 704d0f2cef85ba5c7f36a9ba707b9116b88ff8f5 78a9e77051816292528bde89251006ecd6c3f563218f4d78217df175b2883029 Loading...

	ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da#	3.0 kB	2023-12-21	2024-05-06
Pretty URL ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-21 00:35:08 Last Seen2024-05-06 23:37:37 Times Seen11 Hash f94a348c8d5bfd6cb2d7d882542b6f8e 36b15f5ca8bb992d78c9cb228b418abe81878737 25bf1f275c995fe5fd5ff57a5afe34037809c7ab5f128b3b21c2e2907ea06cc3 Loading...

		Size	First Seen	Last Seen
	#1 Write - 43ba4190b152c1988d63da3b9c5caf27	8 B	2023-04-26	2024-04-30
Pretty Observations First Seen2023-04-26 22:08:05 Last Seen2024-04-30 15:01:03 Times Seen10 Hash 43ba4190b152c1988d63da3b9c5caf27 e56572e9e2f31b38f03616560efd554245b55613 d81bf9370c556bff7a7bb579095516bdfc600f7363ce9c1a52a203704ed59ee0 Loading...

	#2 Write - 09737248cc15c0d318a2d803dbb5a9a5	8 B	2023-04-26	2024-04-26
Pretty Observations First Seen2023-04-26 22:08:05 Last Seen2024-04-26 21:59:29 Times Seen5 Hash 09737248cc15c0d318a2d803dbb5a9a5 6ad090af4c28492447cbad6182d9672757fbeb8f 4b53bf3eceecda4c0b363edf3e580c575ef15ce294b6fb1de72a6a1b13598551 Loading...

	#3 Write - 0a3213554e720c23a16d842c11a0e7a6	8 B	2023-04-25	2024-04-26
Pretty Observations First Seen2023-04-25 18:11:48 Last Seen2024-04-26 21:59:29 Times Seen7 Hash 0a3213554e720c23a16d842c11a0e7a6 7209ddf6625c9b8e2a8c3b85da63ecee04e7ffcd 861998ce645feb56f5a472fcb41db344baa1feb12844eb5a0172b821770d5c69 Loading...

	#4 Write - f28f50dd75b21cffee68a6540e9ea5b6	8 B	2023-04-25	2024-04-26
Pretty Observations First Seen2023-04-25 18:11:48 Last Seen2024-04-26 21:59:29 Times Seen7 Hash f28f50dd75b21cffee68a6540e9ea5b6 8a7509a9ffa2d0248ad14816e9401c7b7a5d954e 88a8c25ed6a8378e8602f0da293790325b8fadd725a90b6623fa60172a1adf9c Loading...

HTTP Transactions (32)

URL IP Response Size

ribhek.com/ar/spinwhel-ly/img/1.jpg

104.21.17.21

200 OK

18 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/1.jpg
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, description=Smiling hispanic or middle eastern young man looking at the camera��], baseline, precision 8, 360x360, components 3
Size
18 kB (18232 bytes)
Hash
8d4757a7ca89741ae1ef279ac277739b
e3134530778bbf711de60829f9ee270ae3309d4b
e0b4b9068a7fe672f712bb1a39080e06604c506465394214cfde2382ba52f047

HTTP Headers

GET /ar/spinwhel-ly/img/1.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/jpeg
content-length: 18232
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "0fdf1d98ca06e6a3b06349fd9985af77-ssl"
x-nf-request-id: 01HWDZTMHW9P3481Z3AVBNW5Z1
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mvk4XhF%2FrkiQo59qBZQV2OlMCmABibi69f%2FPGtOCOmhe27u%2Fb8%2BYPaxZ6MrtSY1djeksiPokdFjgWS8ql4JSTVDwRVR3%2FqmKNUbzdtpQYQ5w3uQmt5MfYxTvqok1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a92689dc74b521-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly/img/2.jpg

104.21.17.21

200 OK

8.1 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/2.jpg
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3
Size
8.1 kB (8149 bytes)
Hash
d3a748efcc12b64924280109f7b42c99
733dca7bef4f1f344b9bd0176ed9f8e6b38111e9
0f6c00936fa720c5c4b4bd5b410badd270114ba65d06ad148b550617a296ab17

HTTP Headers

GET /ar/spinwhel-ly/img/2.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/jpeg
content-length: 8149
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "192591960bd52039aaec63c9d453a3a2-ssl"
x-nf-request-id: 01HWDZTMJDV7PFZTBR8DCEQYR1
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mxxGXQ7BsWXm%2BpblHkVHiWBnO42Cj4D8M4GikPE1NwJSRumohsqY69AEgtgH2DkpSG0p5mLq5tOYB0DgDTUg40dW%2FgFOBhCa6cgyrgFhWU10QDWZafB9FqKG2jtr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a92689dc77b521-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly/img/8.jpg

104.21.17.21

200 OK

4.8 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/8.jpg
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 240x240, components 3
Size
4.8 kB (4831 bytes)
Hash
f1b90b01b26661e37ecdb01a4753a1bf
b6c3960258ba473581daf27df9db972540ec29ed
a8079bac57434af72b399fb198d79cbd9c46a5363096afa97398e4da4228218d

HTTP Headers

GET /ar/spinwhel-ly/img/8.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/jpeg
content-length: 4831
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "b9ce8499900b91e7201edecbf1f2962e-ssl"
x-nf-request-id: 01HWDZTMJMGCB24306MYZR5HCG
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6kkaD2hZKObqtboJFoTZzxoQ2gRXa2G2MmkXWn%2F%2BY3m0Yg84MP%2BLqnwB8plnwtfBpX%2B45NTAUt64yWuNdcweem41EsrP1YE%2FVjNnhig6zdtQhvKL8MtHq4McppNf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a92689dc6fb521-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly/img/smiley.png

104.21.17.21

200 OK

5.0 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/smiley.png
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Size
5.0 kB (4992 bytes)
Hash
6a1b1fb2c9a70e8bb232985a5e7c76f2
a371f8e561576cb893e897f1e156597d3abbd0be
68c86e51e47a972e3191621e48685c0d9d1e166235cd816dc74370bc439567fc

HTTP Headers

GET /ar/spinwhel-ly/img/smiley.png HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/png
content-length: 4992
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "a770a97f2ef0e3b3edd238062c9e3313-ssl"
x-nf-request-id: 01HWDZTMJW5AQY99YHR2N1J7PS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=caMlhSImK07n51v4Hv%2BZ0KQTBb35gH746lNN6Gu3Jyid5xp8sjf2kxbkkzcsCOL3JLy0I%2FuRoNesEwIu0ArPn5ygGD50B5UUJ%2BWk41fDgvhpd7gNcMNhi6VXMC85"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a92689ec87b521-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly/img/refresh.png

104.21.17.21

200 OK

1.8 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/refresh.png
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
PNG image data, 70 x 70, 8-bit colormap, non-interlaced
Size
1.8 kB (1798 bytes)
Hash
2d0f4539e28850747bcdf03e8c9a9f10
c400935fad4c29d04714cf5b9e74fb4d4d8f1e1d
c04fa254d43e1b6db555962ac2dbc6cd67d47aff3c1d7895a229cdaca87a688e

HTTP Headers

GET /ar/spinwhel-ly/img/refresh.png HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/png
content-length: 1798
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "a8f2cf0e5f0e85d12faa27e61c1d49a3-ssl"
x-nf-request-id: 01HWDZTMJXP2Z6F5A3C5WWNNYH
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rupbg7tk7gUwu6Lr7YYwrrx6yO1ThEqeiMBc2ZNc5LMRM7Kl0oGcy%2B4ScxCy2oanUnjjCnqbZE7g5Esn3l3OnF5%2B2FynRov%2Bo%2B2UCgGwTNq9%2FiMIApceMkzp6cwJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a92689ec8eb521-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly/img/4.jpg

104.21.17.21

200 OK

21 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/4.jpg
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 400x400, components 3
Size
21 kB (21109 bytes)
Hash
5c6bd23de24730e4b4b37730dd74aef8
6ad9ac3a16e2cd8521eeb8d918f0ceb383fb1f90
2fa0af8cb1cffe84b9fadb389a4750f9fe8a5a1ff0a3bce12ec329d4c5e9bcd8

HTTP Headers

GET /ar/spinwhel-ly/img/4.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/jpeg
content-length: 21109
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "143c69aaf1e8ba0aabf3dd9ec1d9e445-ssl"
x-nf-request-id: 01HWDZTMJJBN9WT8BGQ7MYKMEE
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=APTVjcJzlazhOiVg%2ByE6KEBnVhTDDR%2FHz4X8ExffAFZVCnCKA3eF8fvEazq%2BXgQIUXiT%2FI8G08rV4chHIP4vyjHDYtrQeIBSlO%2Bip5KV1P6MTHONEktlBvim0%2Br3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a92689dc7ab521-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly/img/3.jpg

104.21.17.21

200 OK

15 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/3.jpg
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, description=Smiling young man looking at the camera with his arms crossed��], baseline, precision 8, 360x360, components 3
Size
15 kB (14686 bytes)
Hash
56612da382cd894c3d9a7066200c8987
b50307ef6d081ab84e04f3077551ef52bc677bf8
235ac72915d61b0433f01ae12e6a2a0dd5a676b0e85fdeeb67f6a5b2ea9bb63d

HTTP Headers

GET /ar/spinwhel-ly/img/3.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/jpeg
content-length: 14686
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "a84fd5388db24f436ebb6879d0e97503-ssl"
x-nf-request-id: 01HWDZTMJJ4J72WC9DQ4EHCZ5J
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pEzWk3Ed0isR8UC91AhwjDQFnCvM5M5UN431MTQoQihDZc4SI4io40cDAQ3HF6aGxEUas8DmHDi9uWORIzdOo8AZLUabRTNd1kDcdBJFUecMRin0RVX3l9a5srW4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a92689dc7db521-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly/img/5.jpg

104.21.17.21

200 OK

48 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/5.jpg
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, copyright=Shannon Selim], baseline, precision 8, 640x640, components 3
Size
48 kB (48500 bytes)
Hash
6b4d6ee00c74e83d9951c81d58ce9295
9594243fe36fb66f7f0cf659cd279be1cf1cc864
49950c2963d8d425b48440d5663c436b5cd6a4ee550f57912120d530c96032d2

HTTP Headers

GET /ar/spinwhel-ly/img/5.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/jpeg
content-length: 48500
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "b7af897904fb4d58f4a27936259bb793-ssl"
x-nf-request-id: 01HWDZTMHYYWP65M09X6M1RGD8
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vjatTT%2FyAzg2La9eO3LpctmsSUH1VOySggbxz4JrxqpvryzNUlgCpJ%2FuYJQqiWzugUkJfukDTsQHLpi%2FwXlaW5vEomicMxKorhOx7SV4vmyaQmjbv5QiHY%2BsMURx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a92689dc7fb521-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly/img/6.jpg

104.21.17.21

200 OK

21 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/6.jpg
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, description=happy refuuge at camp��], baseline, precision 8, 408x408, components 3
Size
21 kB (20826 bytes)
Hash
ccddf6a16d3fcc1c7ba4acef48fdef50
de01377d44746d8e92c46e1a64788b5df04340d4
a6fc77c7cb826f01f0aa8c3182b8b0006125f0d5fbec3ceff93b004d14e17d01

HTTP Headers

GET /ar/spinwhel-ly/img/6.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/jpeg
content-length: 20826
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "d9f71630def6a1050f1f740068adb403-ssl"
x-nf-request-id: 01HWDZTMJQZ2501SB63NAMW1W7
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CoBHCFbIHxQCXZPAgQS%2F0bS%2F0C5YB8Cq%2Fppqm%2BiGuGdcoLbvfrw642FsV7Gqal9uxlE4EKzRK7kHFWmmlYWf6fE2SKVoFAF1jAwvSCPoiyIBuXZekw3pL35EEzM1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a92689ec81b521-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly/img/7.jpg

104.21.17.21

200 OK

26 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/7.jpg
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 480x400, components 3
Size
26 kB (26430 bytes)
Hash
22cb80edd617362c5465bc2e8f8871d0
aa39c3c8c4dfb74089b63abef0e33e74e8fe5210
eaa4bd9a29ee64b0d8e79df7304706004eb6be85fc417f7ffaa0cc7eb6541635

HTTP Headers

GET /ar/spinwhel-ly/img/7.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/jpeg
content-length: 26430
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "5f713f6c2173d1bb8ea9cf3786e18e19-ssl"
x-nf-request-id: 01HWDZTMJQEKTSNQ8HRCBCE4HJ
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mJhRKlRHtBgR3XSZ3a%2B51lfrv54wuBUZwWw9Ol7972zGNPTgD5VsNBoSwl%2FJKOCf2cSfd%2BdSt0a5YX6llwNPkRFGTTjdGjtL5TeE2a86k1biJS%2BzfRohNmWiXNA7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a92689ec84b521-OSL
alt-svc: h3=":443"; ma=86400

red-trck1.shop/cng6l8k.php?key=4qkfyw71dvpeqp76vsg7&visitor_id=807814424227229696&cost=0.000000&zoneid=1550526&campaignid=8125388&useragent=Mozilla/5.0(iPad;CPUOS17_4likeMacOSX)AppleWebKit/605.1.15(KHTML,likeGecko)CriOS/124.0.6367.71Mobile/15E148Safari/604.1&browser=chrome&subzone_id=1401409&osversion=ios17&bannerid=20839635&language=ar&isp=almadaraljadeedjointstockcompany&user_activity=medium

172.67.144.228

302 Found

72 kB

URL User Request GET HTTP/2
red-trck1.shop/cng6l8k.php?key=4qkfyw71dvpeqp76vsg7&visitor_id=807814424227229696&cost=0.000000&zoneid=1550526&campaignid=8125388&useragent=Mozilla/5.0(iPad;CPUOS17_4likeMacOSX)AppleWebKit/605.1.15(KHTML,likeGecko)CriOS/124.0.6367.71Mobile/15E148Safari/604.1&browser=chrome&subzone_id=1401409&osversion=ios17&bannerid=20839635&language=ar&isp=almadaraljadeedjointstockcompany&user_activity=medium
IP
172.67.144.228:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectred-trck1.shop
Fingerprint94:CB:E0:36:DF:58:45:53:69:73:37:51:36:F5:11:6E:D4:54:DC:D2
ValidityThu, 28 Mar 2024 17:23:21 GMT - Wed, 26 Jun 2024 17:23:20 GMT

File type
PNG image data, 316 x 280, 8-bit/color RGBA, non-interlaced
Size
72 kB (71676 bytes)
Hash
c0e5d9e71db37c23aa0ae5f801f85f7b
bba3d7c7a7224533f524bc70eade9b0a679fb8de
3333aa2d6017fad6a04078a7fc50eada2abe1b3fbc5d5d0cc863540c2c709f8c

HTTP Headers

GET /cng6l8k.php?key=4qkfyw71dvpeqp76vsg7&visitor_id=807814424227229696&cost=0.000000&zoneid=1550526&campaignid=8125388&useragent=Mozilla/5.0(iPad;CPUOS17_4likeMacOSX)AppleWebKit/605.1.15(KHTML,likeGecko)CriOS/124.0.6367.71Mobile/15E148Safari/604.1&browser=chrome&subzone_id=1401409&osversion=ios17&bannerid=20839635&language=ar&isp=almadaraljadeedjointstockcompany&user_activity=medium HTTP/1.1
Host: red-trck1.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: text/html; charset=UTF-8
location: https://ribhek.com/ar/spinwhel-ly?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
set-cookie: uclick=oca97va3; expires=Sat, 27-Apr-2024 19:58:57 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da; expires=Sat, 27-Apr-2024 19:58:57 GMT; Max-Age=86400; path=/; secure; SameSite=none
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=odis6YLDq946%2FMEFqxZFtV%2FyGQFEUW464kuLT1VaMX15VTnepw5uzXVl2gcl8gHSChdMT54DCrZ5vO9eoi%2BqiIU0IVOgs1j1NRV6e1k1tA1O271dL5c3uLemlQkKf8XjKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a926864ef956c4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ribhek.com/ar/spinwhel-ly/img/spin_vi.png

104.21.17.21

200 OK

137 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/spin_vi.png
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
PNG image data, 501 x 501, 8-bit/color RGBA, non-interlaced
Size
137 kB (137267 bytes)
Hash
35efd150a0c1597a61e8bc2f11f40c4e
cfb96dc82e44894905e10256c58fceeb517e982f
48c080465a0ab3ee3d7467d606221a29eb9a07ad753b9e4bf46e2f3c097a5f7b

HTTP Headers

GET /ar/spinwhel-ly/img/spin_vi.png HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/png
content-length: 137267
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "2762aeec3496fb7ef4ec8df6caa18a92-ssl"
x-nf-request-id: 01HWDZTMJHA49A0VZHE8WP95EE
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gwLrOdFEXXaiVQuGx8EKqdxD32rMFLN5Txt%2FFx2SC92ZQFRaWk3u1JqmUDw3XV%2F7qNUtu1yDCRQlKt3rWWE%2Br%2FOXidY3WcoRl0doN7En%2BtDuGbDFsi7onZ3pX7ht"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a92689dc6cb521-OSL
alt-svc: h3=":443"; ma=86400

my.rtmark.net/p.js?f=sync&lr=1&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc

139.45.195.8

200 OK

697 B

URL GET HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JavaScript source, ASCII text
Size
697 B (697 bytes)
Hash
9f449dd93aff5d19981521dc1718011e
704d0f2cef85ba5c7f36a9ba707b9116b88ff8f5
78a9e77051816292528bde89251006ecd6c3f563218f4d78217df175b2883029

HTTP Headers

GET /p.js?f=sync&lr=1&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ribhek.com/ar/spinwhel-ly/img/spin.png

104.21.17.21

200 OK

2.4 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/spin.png
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
PNG image data, 142 x 173, 8-bit colormap, non-interlaced
Size
2.4 kB (2444 bytes)
Hash
79051a4f9ac575664b4d932d577a65fc
ebae669a090fd6de43fb1854e5ba4868e8e8ffc0
0109faa660c321bbc20f82c8ba38eddd5490bc3b77d72c4b1de965a01a4f12b4

HTTP Headers

GET /ar/spinwhel-ly/img/spin.png HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/css/style__base.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/png
content-length: 2444
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "8cf94e3e08876699f7d4768c58d88a1c-ssl"
x-nf-request-id: 01HWDZTMRK461P25BK2SZFG4HP
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Dqf1wLXRz9ptS6WEiINt68rJQ%2BRJRmoQCl%2BFEC%2FgwVUkL4WfaQCa6Q0BS%2BQ%2FYXl74tO1jYNnUtiecuRudsJRkzBKAwqDWgj5aBkRig%2F9K84iaBw%2B4vs0Gqg15kj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a9268b1e36b521-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da

104.21.17.21

301 Moved Permanently

12 kB

URL User Request GET HTTP/2
ribhek.com/ar/spinwhel-ly?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
data
Size
12 kB (11511 bytes)
Hash
c8c98b0472c27448ed41648ec45df43e
24b36ed98aa97182f5e8e392af1471de488cf4a3
c4f37cac65b5388fa4c8b3b2ba4b89e0f066d8bde009ef9d411b4d529ece5d54

HTTP Headers

GET /ar/spinwhel-ly?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: text/html; charset=UTF-8
accept-ranges: bytes
age: 10945
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
location: /ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
x-nf-request-id: 01HWDZTM7D7AB86V7W233A97GX
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cu5ZdFz6Vy1QRW2%2FQnZdKCobXisPR%2FWAVA77VYhQGafkknGTYMsmyKPIB87V2jxatsVcPu9jZGETysczTVZg3bqy9ywLdHv188s1YdyGLE5iyzEnK%2BxEvQ30XY8d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a92687cd637127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bujerdaz.com/pfe/current/micro.tag.min.js?z=7071124&sw=/sw-check-permissions-39799.js

139.45.197.250

200 OK

15 kB

URL GET HTTP/2
bujerdaz.com/pfe/current/micro.tag.min.js?z=7071124&sw=/sw-check-permissions-39799.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerLet's Encrypt
Subjectbujerdaz.com
Fingerprint0C:8C:A0:AE:3A:F2:8E:BC:C9:F8:38:17:34:12:6E:06:46:3D:35:A3
ValidityMon, 15 Apr 2024 05:19:24 GMT - Sun, 14 Jul 2024 05:19:23 GMT

File type
JavaScript source, ASCII text, with very long lines (37142), with no line terminators
Size
15 kB (14679 bytes)
Hash
32d6dbd00a639e2cd10d1704b9159bd5
0dab4c95675393f1d0e13d20f13d80ee12e41d95
9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=7071124&sw=/sw-check-permissions-39799.js HTTP/1.1
Host: bujerdaz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:53 GMT
etag: W/"662a3515-9116"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

ribhek.com/ar/spinwhel-ly/css/style__base.css

104.21.17.21

200 OK

4.4 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/css/style__base.css
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
ASCII text
Size
4.4 kB (4366 bytes)
Hash
5af9199e58d12f7d074412e74d9a3d3d
74c11cb489a368220c3144e4570ad5b34afa75c2
708ad2fb793e0817fdf6bd7b0401e172f9566033232f148439e6f42b2f3b0999

HTTP Headers

GET /ar/spinwhel-ly/css/style__base.css HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: W/"48cda9d2e1e4882f881c36734d6c0dbf-ssl-df"
vary: Accept-Encoding
x-nf-request-id: 01HWDZTMJF19WVGHTM6WXJ3ZKD
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PtcJzm%2B9ZdRHIYCWnqO3rSC7KH7osx39IJxJHbfx9abzMvcMNVOTrjs%2FSy%2FfabjUtYMiBcoDj8Gzo2Q9CaH7pV0Wxb56Dab5hfB7%2B%2BMOeKjwwZ%2BEgqE2NjYD2vCA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a92689dc68b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 327
Origin: https://ribhek.com
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 19:58:58 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ecc5e7f80bd33da558de51671ad8a56e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ribhek.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 328
Origin: https://ribhek.com
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 19:58:58 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 7b61b5915df7f9b62fdd8c724700bfef
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ribhek.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ribhek.com/
Origin: https://ribhek.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 19:58:58 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ribhek.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
c8a9cb8c36348932f603cf81e62c3280
6eda72d6bb16ef08c0adeebd7fddd74999d825a3
dbb8a2a883179aa5f8891b3409d48ea27ad0a47509879dfa8dbe9b0f912bf7c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ribhek.com/
Content-Type: application/json
Content-Length: 953
Origin: https://ribhek.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 19:58:58 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ribhek.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=sync&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc&ttl=&rurl=https%3A%2F%2Fribhek.com%2Far%2Fspinwhel-ly%2F%3Fuclick%3Doca97va3%26uclickhash%3Doca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da%23

139.45.195.8

200 OK

43 B

URL GET HTTP/2
my.rtmark.net/img.gif?f=sync&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc&ttl=&rurl=https%3A%2F%2Fribhek.com%2Far%2Fspinwhel-ly%2F%3Fuclick%3Doca97va3%26uclickhash%3Doca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da%23
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc&ttl=&rurl=https%3A%2F%2Fribhek.com%2Far%2Fspinwhel-ly%2F%3Fuclick%3Doca97va3%26uclickhash%3Doca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da%23 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 19:58:58 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=08804a476d134cedfc2a19251d646dba; expires=Sat, 26 Apr 2025 19:58:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ribhek.com/sw-check-permissions-39799.js?zoneId=7071124

104.21.17.21

200 OK

566 B

URL GET HTTP/3
ribhek.com/sw-check-permissions-39799.js?zoneId=7071124
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
ASCII text, with very long lines (605), with no line terminators
Size
566 B (566 bytes)
Hash
a438a31ad30bcf0fc26f69eae78ab2f9
adba6a5873bd34085ce9b204c9be815d822e35f9
13040a957fe13225f89ccf2d8bb2d372c69cbc5727661bef2b43376d300e466a

HTTP Headers

GET /sw-check-permissions-39799.js?zoneId=7071124 HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:58 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: W/"b66b69ce955a5c83d67e661d27432485-ssl"
x-nf-request-id: 01HWDT6T1MD9GYRVZKKECJ9FY8
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Uw8jLRuVArIbW5Jt%2FsRXRhcoY18jcHWnW5sfawtPg656MSgcxyG2Mc5S6hfOYKsbEDnUzQot51EH0aQqrpkESYes%2BCLU0ysEPaS3M1q90z%2B3HVEhLT7ZZovI4mG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a9268ce835b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly/js/jquery.min.js

104.21.17.21

200 OK

87 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/js/jquery.min.js
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
87 kB (86658 bytes)
Hash
24f2e59beae1680f19632d9c1b89d730
b3a77b35c4809324ab79e64d40c4ee391234e008
39646863a414e0a84920b3a8639c0f3e8c94535e8dc051b42b485a068dc2902f

HTTP Headers

GET /ar/spinwhel-ly/js/jquery.min.js HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: W/"ddbc6702bc953f6dedfe3543150cf865-ssl-df"
vary: Accept-Encoding
x-nf-request-id: 01HWDZTMJY96G4CH8RSXP4CMDB
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RBvYG%2B88F5L0NCt15SniJx4jctLM%2BmHnCr7ROPx%2BeMgD7YTVJ%2BQSzY74O5S%2BVVkKw60nDJQGqxwkUVeditNLC3RoS7jH7hbbLAGV%2BpQp7u8YwjT89srnTFQBbpVy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a92689ec8fb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

backunder.com/script.js

188.114.97.1

200 OK

911 B

URL GET HTTP/2
backunder.com/script.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectbackunder.com
FingerprintF0:95:C2:A7:B0:15:EB:8D:1E:CE:36:6A:FC:03:95:FA:C0:07:37:96
ValiditySat, 30 Mar 2024 17:02:34 GMT - Fri, 28 Jun 2024 17:02:33 GMT

File type
JavaScript source, ASCII text, with very long lines (920), with no line terminators
Size
911 B (911 bytes)
Hash
f60d3d95ba5d3857d3acb6730f06767d
454bf6bf84fc040a03287bf1096d2669804627c8
5c501b55106f7ffe03902742af81cad54e109fec08e9dd005b13ecaa6cbb748e

HTTP Headers

GET /script.js HTTP/1.1
Host: backunder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1228
etag: W/"4cc-5f2f3364b2fe4-gzip"
last-modified: Mon, 23 Jan 2023 19:14:45 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1322
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dkprdUz4DO%2BzsI2UfdQ8kJCk9rk2pEa%2BilSZYybapS%2FCitVzD%2F6N00W%2BI4ztYaNJRPT2QOn%2FA%2Bt0rjWT%2BwR7wT6ZNEOs8fK0dQflubWSPf7Hbde0eCj7OahULSZcmboC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a9268a1bb7569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ribhek.com/ar/spinwhel-ly/js/en_date.js

104.21.17.21

200 OK

6.7 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/js/en_date.js
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
ASCII text, with very long lines (7106), with no line terminators
Size
6.7 kB (6660 bytes)
Hash
ea133004ba2ee7bebc25767e49cb99ff
50c4bbb8423fe9d364798f28c8260cf66916b677
cda4a08060ba5f9871213274ab4f043f97f74311196eb4916fef50700178cff8

HTTP Headers

GET /ar/spinwhel-ly/js/en_date.js HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: W/"3ffc4d8daf8a0279c657879a371a6eff-ssl-df"
vary: Accept-Encoding
x-nf-request-id: 01HWDZTMJ930AN4STSVRSK7QBK
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tNx3hd2F74736OhLC0oh5bOvfzrZWMPHZLKX3jhRO68dw9CyTCvrlLH3VR08kR6jnosWLtDydyZklQ5Lvr1KTz2LEc9IaaoO%2FllNXM704HqtKnYve00pvk1MRqn2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a92689cc66b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly/img/logo.png

104.21.17.21

200 OK

5.3 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/logo.png
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
5.3 kB (5346 bytes)
Hash
f5d64acf78143acb73a116a4c30059c2
b63e4e1e6b388095aef36318bb3a2d13d63d7d15
53fe91634fedea3522c7ab24f307f994b19aaf87f2b745e99916e691c53b35d6

HTTP Headers

GET /ar/spinwhel-ly/img/logo.png HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/png
content-length: 5346
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "971de0900309431e7f297a1e26fff1c6-ssl"
x-nf-request-id: 01HWDZTMXN27SDHKWN0XEKR4GG
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CCTb%2Bj3I%2BZbLIFSoUO%2FH7lvFRVAut1OE4YKWLuokc4ri4fiX0D0H%2Bx0s0wC886Zs8FX4xYbv0MEha3NSVjzyOrI%2BbfW4ndr8hZr6upf9RboZ37NarzVF9dnmcUVF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a9268c3f7db521-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly/img/cash.png

104.21.17.21

200 OK

72 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/img/cash.png
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
PNG image data, 316 x 280, 8-bit/color RGBA, non-interlaced
Size
72 kB (71676 bytes)
Hash
c0e5d9e71db37c23aa0ae5f801f85f7b
bba3d7c7a7224533f524bc70eade9b0a679fb8de
3333aa2d6017fad6a04078a7fc50eada2abe1b3fbc5d5d0cc863540c2c709f8c

HTTP Headers

GET /ar/spinwhel-ly/img/cash.png HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: image/png
content-length: 71676
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "790376425f0803f665e8b1b1df8fde78-ssl"
x-nf-request-id: 01HWDZTMJEF62SZBPVR8KKP2ZG
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v2MnLv%2FyArV0mZgkX8Vbw4cwdSJ2dbmxhui%2FE0XbRsqp0JnnQO9pxDD84O6A56yKuvHtLJAAiVMyRL5GMMhbv3oFVbE50sE5fwzbCN7tmUcjsnhiRJwFh5UsmQJu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a92689dc6eb521-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da

104.21.17.21

200 OK

16 kB

URL User Request GET HTTP/2
ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type

Size
16 kB (15795 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: text/html; charset=UTF-8
age: 10945
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
vary: Accept-Encoding
x-nf-request-id: 01HWDZTM8H8MGPZ8TDZ3KSMFKF
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nOVNkqPNjOYm9UGi76Ksv2oSgGFWCs6eyoujR%2FYfCam6Odq%2B6kMXqJofp7sGG7DWrZq8%2B7i0qE%2FYJH5F7b%2B0tPF25us0vsSFKh5uSurbBtHR2J2kwOHhCJiXJTol"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a926880db97127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ribhek.com/ar/spinwhel-ly/css/style_a.css

104.21.17.21

200 OK

6.5 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/css/style_a.css
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
ASCII text, with very long lines (6989), with no line terminators
Size
6.5 kB (6528 bytes)
Hash
a53a207a73db213f78c49078dbdde32a
4a5813b3d9a5237141104cd9ab2ef54c8151e168
b37503aacfbae5e87ea942f2a7b5291f4a271af060f01caf7dc1a02160633f8f

HTTP Headers

GET /ar/spinwhel-ly/css/style_a.css HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: W/"1473adf58d9bbec22e785727559b8c51-ssl-df"
vary: Accept-Encoding
x-nf-request-id: 01HWDZTMHQNN0DSF5P19X26MQB
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fSoPFonEnwytGbGOHo8sR%2BhzohTHF7MkPpiNmZZpfCmGnWiCI1PQZNed5RDg%2Ft6I5VKS50U%2BXJ5%2FweI1ncdfZvCSGpO%2Fh24ehvPzF8XOEOfI5Y4m7P0Ee%2Fd23BFz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a92689dc6ab521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bujerdaz.com/zone?&pub=0&zone_id=7071124&is_mobile=false&domain=ribhek.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=54ce25b9-04d5-445a-b334-ec974cd1c144&action=prerequest

139.45.197.250

200 OK

0 B

URL POST HTTP/2
bujerdaz.com/zone?&pub=0&zone_id=7071124&is_mobile=false&domain=ribhek.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=54ce25b9-04d5-445a-b334-ec974cd1c144&action=prerequest
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerLet's Encrypt
Subjectbujerdaz.com
Fingerprint0C:8C:A0:AE:3A:F2:8E:BC:C9:F8:38:17:34:12:6E:06:46:3D:35:A3
ValidityMon, 15 Apr 2024 05:19:24 GMT - Sun, 14 Jul 2024 05:19:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=7071124&is_mobile=false&domain=ribhek.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=54ce25b9-04d5-445a-b334-ec974cd1c144&action=prerequest HTTP/1.1
Host: bujerdaz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ribhek.com
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 19:58:58 GMT
content-length: 0
x-trace-id: 5bbda1767aa689585e003582eff5f1c0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ribhek.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ribhek.com/ar/spinwhel-ly/js/bioep.min.js

104.21.17.21

200 OK

5.3 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-ly/js/bioep.min.js
IP
104.21.17.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JavaScript source, ASCII text, with very long lines (5456), with no line terminators
Size
5.3 kB (5292 bytes)
Hash
fe234c9b352a64fd48af6671a6460c25
4ab82b1093465cbeba45d0dfd67ed3d8cd30deb2
97043aee10fc7179a85aea1e1e96bbd6a4564d733589548209ccc1358252eb9f

HTTP Headers

GET /ar/spinwhel-ly/js/bioep.min.js HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-ly/?uclick=oca97va3&uclickhash=oca97va3-oca97va3-h9my-0-h9m7-b4d5-ir4k-bb50da
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 19:58:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: W/"16322b53a3ea039d744dc303d398d1dd-ssl-df"
vary: Accept-Encoding
x-nf-request-id: 01HWDZTMJBXGRBDRD7VNBG1EFQ
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iKhpLyloqqbVKZqe7wi9Ylh3T6uGXN2E%2B%2FVmVBxqXcH7tXZjwQ1I2CFZ%2FvHfQomXMpossY13oJAfO1SHrIROD6G3%2FB8LAaawulZO3jSWWZ5wJU7DoTKFEDHaG7h3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a92689dc6bb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML