www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
162.0.212.3308 Permanent Redirect 164 B URL HTTP/1.1 www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
IP 162.0.212.3:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f23c4815ecaef1588f16ac735c0e15d6
026bf8cdd5076014b6fc822878e0086eb44da556
43a81fb3d47b34e7d42d6b8444f592ed9251b8e57db8f67d32419aa40b1480d0
GET /?utm_source=nigap40&utm_medium=month09&utm_campaign=start HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 308 Permanent Redirect
Date: Tue, 29 Nov 2022 22:54:04 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4962
Expires: Wed, 30 Nov 2022 00:16:46 GMT
Date: Tue, 29 Nov 2022 22:54:04 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4623
Cache-Control: max-age=132849
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:54:05 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 11:48:14 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7142
Expires: Wed, 30 Nov 2022 00:53:07 GMT
Date: Tue, 29 Nov 2022 22:54:05 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 22:17:55 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2170
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: vsTt0x02XWc9gkY1WqwCazELy7tdmEqFJizJwT/J8RmTGgSZFkqvTaDM2HsOrVmeQ5BjNsf1xlc=
x-amz-request-id: X9SBPEJX66TQHYJ5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 22:44:59 GMT
age: 546
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 202bf3dcf089c5f367300f5c63d1b7f5
f08430eac029e68ec0bae132a998e06c08baf3f3
afdcaaa523d29dac4225ab06df096786223546e2f0808e06fce3ad96665c22f0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 22:54:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 12:21:21 GMT
Expires: Sat, 03 Dec 2022 12:21:20 GMT
Etag: "f08430eac029e68ec0bae132a998e06c08baf3f3"
Cache-Control: max-age=307034,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771eec51fbd0b4f7-OSL
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 29 Nov 2022 22:54:05 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 22:08:56 GMT
cache-control: public,max-age=3600
age: 2709
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2935
Cache-Control: public, max-age=1209600
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:54:05 GMT
Etag: "638651c0-37"
Last-Modified: Tue, 29 Nov 2022 18:38:56 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.186.117.16101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.117.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: e6zKxrhG+1zv+ItV9hG+8Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7R80zscFm6N39HojWFISIFzlkFM=
www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
162.0.212.3200 OK 14 kB URL HTTP/2 www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
IP 162.0.212.3:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (10595), with CRLF, LF line terminators
Hash 0cac88ff06345409858cb5a6b854ce7a
a4a51697eb72a531a5ff1029310d8dd645809df5
97142a69508a4b9adff7d2b90e66ee34be195af95720aecf4fa7e71d0b0cddce
GET /?utm_source=nigap40&utm_medium=month09&utm_campaign=start HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: text/html; charset=UTF-8
content-length: 14257
x-powered-by: PHP/7.2.34
link: <https://www.betips.win/wp-json/>; rel="https://api.w.org/", <https://www.betips.win/wp-json/wp/v2/pages/253>; rel="alternate"; type="application/json", <https://www.betips.win/>; rel=shortlink
etag: "111253-1669760223;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: MISS
X-Firefox-Spdy: h2
www.betips.win/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=2.5.0.1
162.0.212.3200 OK 11 kB URL HTTP/2 www.betips.win/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=2.5.0.1
IP 162.0.212.3:0
File type ASCII text, with very long lines (65371)
Hash 1710b9c078cb7c59f5fe4d719720e1a9
70fa591ae9a1fd68ea9f196c8fb15001b62df479
ff40746d1a9a15f91d1fd6f7c31da764d155939bb0e6ff5372ea6b837de68d3d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=2.5.0.1 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: text/css
content-length: 10587
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:08 GMT
last-modified: Wed, 23 Nov 2022 08:55:06 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
162.0.212.3200 OK 12 kB URL HTTP/2 www.betips.win/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 162.0.212.3:0
File type ASCII text, with very long lines (47826)
Hash c4d7cc056b49b00e05cc29cc59aa3d5a
48c426bec60099d2a8628df430ed682c72aab42a
8009c12f2674a8d38401f4b5faad1fef2cfcd18a8c927ed2561ae9d7de9b57b5
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: text/css
content-length: 11616
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:09 GMT
last-modified: Tue, 15 Nov 2022 20:55:07 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0
162.0.212.3200 OK 2.7 kB URL HTTP/2 www.betips.win/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0
IP 162.0.212.3:0
File type ASCII text, with very long lines (27709)
Hash 5eb84d09b675a304532945be60f8e07a
647751e708ef62dc0c6afab8263e2d8b60a44d5a
571d3852d648e4d7b21f9a646d30260618fca8dcd6c7c152f6d75c22358e8f9e
GET /wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: text/css
content-length: 2741
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:30:07 GMT
last-modified: Fri, 25 Jun 2021 20:55:05 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-includes/css/classic-themes.min.css?ver=1
162.0.212.3200 OK 217 B URL HTTP/2 www.betips.win/wp-includes/css/classic-themes.min.css?ver=1
IP 162.0.212.3:0
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: text/css
content-length: 217
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:09 GMT
last-modified: Wed, 02 Nov 2022 20:55:25 GMT
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-content/plugins/wpfront-notification-bar/css/wpfront-notification-bar.min.css?ver=3.2.0.011614
162.0.212.3200 OK 639 B URL HTTP/2 www.betips.win/wp-content/plugins/wpfront-notification-bar/css/wpfront-notification-bar.min.css?ver=3.2.0.011614
IP 162.0.212.3:0
File type ASCII text, with very long lines (3068), with no line terminators
Hash faa03bf8a5d31d9c3fa24f69aabf3698
c64cba05a8ecc88db2390b1842811e05658d11ac
a8fdd390c02ab6ecc4bcf405398a17d0ac1851ffdff8baf0e3dc4acca35d82d1
GET /wp-content/plugins/wpfront-notification-bar/css/wpfront-notification-bar.min.css?ver=3.2.0.011614 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: text/css
content-length: 639
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:30:06 GMT
last-modified: Sun, 16 Jan 2022 09:04:49 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-content/themes/twentytwentyone/style.css?ver=6.1.1
162.0.212.3200 OK 22 kB URL HTTP/2 www.betips.win/wp-content/themes/twentytwentyone/style.css?ver=6.1.1
IP 162.0.212.3:0
File type Unicode text, UTF-8 text, with very long lines (403)
Hash e15bb956eb07734f77cf7cca1a90d212
f44269e96669eec1fc5fc4ac18df7553517b70e5
65aa7a7b3a8270df7649c104311ec56b194a20529c017131a22d85e23dc349f7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/twentytwentyone/style.css?ver=6.1.1 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: text/css
content-length: 21900
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:10 GMT
last-modified: Wed, 02 Nov 2022 09:59:18 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-content/themes/twentytwentyone/style.css?ver=1.0.0
162.0.212.3200 OK 22 kB URL HTTP/2 www.betips.win/wp-content/themes/twentytwentyone/style.css?ver=1.0.0
IP 162.0.212.3:0
File type Unicode text, UTF-8 text, with very long lines (403)
Hash e15bb956eb07734f77cf7cca1a90d212
f44269e96669eec1fc5fc4ac18df7553517b70e5
65aa7a7b3a8270df7649c104311ec56b194a20529c017131a22d85e23dc349f7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/twentytwentyone/style.css?ver=1.0.0 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: text/css
content-length: 21900
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 22:33:53 GMT
last-modified: Wed, 02 Nov 2022 09:59:18 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-content/plugins/tablepress/css/default.min.css?ver=1.14
162.0.212.3200 OK 2.0 kB URL HTTP/2 www.betips.win/wp-content/plugins/tablepress/css/default.min.css?ver=1.14
IP 162.0.212.3:0
File type ASCII text, with very long lines (5092), with no line terminators
Hash f13e1637411c99de7b2ffd9f9a0d4556
f7b837efa8147941b89a06978a3a918c1feb90a2
19891fc9eeecce9fef6583a72ccb9f3bc2d213a67b9bc4ae481b69d2e4206ec3
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/tablepress/css/default.min.css?ver=1.14 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: text/css
content-length: 2016
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:12 GMT
last-modified: Tue, 20 Jul 2021 20:58:23 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.10.0
162.0.212.3200 OK 3.0 kB URL HTTP/2 www.betips.win/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.10.0
IP 162.0.212.3:0
File type ASCII text, with very long lines (1571)
Hash 7cbb3118b2831c68e99806f3d070b909
c029131435de76e327321c35f6b0ad199171260e
543475d7371b7bb9e0426586994d7fe66f15ac95cf9254e7ec114657dc70e55a
GET /wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.10.0 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: application/javascript
content-length: 3014
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:16 GMT
last-modified: Mon, 07 Nov 2022 20:55:40 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f50fd635895870df33a17fe377a6a038
dd65dfbbc810b095432cfd59f971af04a9e31ab7
ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:54:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.betips.win/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
162.0.212.3200 OK 30 kB URL HTTP/2 www.betips.win/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 162.0.212.3:0
File type ASCII text, with very long lines (65447)
Hash 3a1740685bd5c0bbd5f2b812e1eb7fb4
488e07695da787fed18361c50292aef35abb5e81
4a07aed2d8cf88afdec0b56b365b951c76d387db3459166b5a0d25e2e6cc95ef
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: application/javascript
content-length: 30324
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:16 GMT
last-modified: Wed, 02 Nov 2022 20:55:26 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
162.0.212.3200 OK 4.0 kB URL HTTP/2 www.betips.win/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 162.0.212.3:0
File type ASCII text, with very long lines (11126)
Hash 7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: application/javascript
content-length: 3995
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:18 GMT
last-modified: Wed, 18 Nov 2020 19:36:06 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-content/plugins/wpfront-notification-bar/js/wpfront-notification-bar.min.js?ver=3.2.0.011614
162.0.212.3200 OK 1.5 kB URL HTTP/2 www.betips.win/wp-content/plugins/wpfront-notification-bar/js/wpfront-notification-bar.min.js?ver=3.2.0.011614
IP 162.0.212.3:0
File type ASCII text, with very long lines (546)
Hash a1ca7598b833dc03f692ab404ef37af2
e5561a44fd6f3719c50d113e561f2e7f20b2b256
fafeb0b28bc1182610ea064a3c9622db759405d325445f51528e1f2f43d6d1a5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wpfront-notification-bar/js/wpfront-notification-bar.min.js?ver=3.2.0.011614 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: application/javascript
content-length: 1466
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:18 GMT
last-modified: Sun, 16 Jan 2022 09:04:49 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
162.0.212.3200 OK 4.6 kB URL HTTP/2 www.betips.win/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 162.0.212.3:0
File type ASCII text, with very long lines (15660)
Hash 0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: application/javascript
content-length: 4619
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:21 GMT
last-modified: Tue, 12 Apr 2022 15:26:24 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0
162.0.212.3200 OK 159 B URL HTTP/2 www.betips.win/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0
IP 162.0.212.3:0
Hash 212f9d380b0584a4437b56d1a7ce4cb5
862c0fdc84ff80b3d445e55c0d345acc4a5e3857
53ce8cfd11aacf965d916f6dd5996d56470606ca27754bf4af1b646a6c3f4f8f
GET /wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: application/javascript
content-length: 159
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:19 GMT
last-modified: Fri, 25 Jun 2021 20:55:05 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-110059757-1
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-110059757-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash df96116a6fc9cfc4d57f914062787cb5
1581f6a79f0bbdb424b854d01a7e89c1aa500635
8870139af0d70d75d086c226f6689450660eb02116efa159992ff7f742564791
GET /gtag/js?id=UA-110059757-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 29 Nov 2022 22:54:06 GMT
expires: Tue, 29 Nov 2022 22:54:06 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44650
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.betips.win/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=2.5.0.1
162.0.212.3200 OK 6.4 kB URL HTTP/2 www.betips.win/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=2.5.0.1
IP 162.0.212.3:0
File type ASCII text, with very long lines (12198), with CRLF line terminators
Hash 17ba3b5bde2d5c50f406bf7b695883e5
80c58755fb1be23a1608d7c8c59b94167661ce69
d9d6d3ee5f6c1d1d94de42455932e2cdd3a338e16faa17254f31f1312e9f638c
GET /wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=2.5.0.1 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: application/javascript
content-length: 6437
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:19 GMT
last-modified: Wed, 23 Nov 2022 08:55:06 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-content/themes/twentytwentyone/assets/js/primary-navigation.js?ver=1.0.0
162.0.212.3200 OK 1.7 kB URL HTTP/2 www.betips.win/wp-content/themes/twentytwentyone/assets/js/primary-navigation.js?ver=1.0.0
IP 162.0.212.3:0
Hash 7c9d3d98911633cadcf296ba6b177ee3
1ac142f2f004745084c90afeb51585c51fd51d2b
e2ac51eff7c24198ce018e45b2e1ad648c344e3fe4d55c26a08b5429b320a7e8
GET /wp-content/themes/twentytwentyone/assets/js/primary-navigation.js?ver=1.0.0 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: application/javascript
content-length: 1734
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:20 GMT
last-modified: Wed, 02 Nov 2022 09:59:18 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.0.0
162.0.212.3200 OK 483 B URL HTTP/2 www.betips.win/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.0.0
IP 162.0.212.3:0
Hash faf9832786a16e385ee3039997413a50
b0d6d6ef09501bd453ad82b6439c922662c7f443
948eba814bcd0a656a3f17428fee0fb8af234daddfab942b3943a805349e3049
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.0.0 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: application/javascript
content-length: 483
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:20 GMT
last-modified: Wed, 02 Nov 2022 09:59:18 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.12.4
162.0.212.3200 OK 3.5 kB URL HTTP/2 www.betips.win/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.12.4
IP 162.0.212.3:0
File type ASCII text, with very long lines (7874)
Hash cd61520ca6e47a72be415a7371cd27e2
d6f8ef266d0f5eb9f8ff24119926cca2975ec165
a6d877f38d2e69a68cae07c058c660a6196c11cf3fa3ab68c3b00f02d9a19878
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.12.4 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: application/javascript
content-length: 3544
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:20 GMT
last-modified: Thu, 17 Nov 2022 20:55:16 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.betips.win/wp-content/themes/twentytwentyone/assets/css/print.css?ver=1.0.0
162.0.212.3200 OK 962 B URL HTTP/2 www.betips.win/wp-content/themes/twentytwentyone/assets/css/print.css?ver=1.0.0
IP 162.0.212.3:0
Hash f995de76ac47fdf4f7d3f0fc15a60aa3
70114f62052bb22de910c9ba5877f1682d7f0f11
3a4a67744f54e54d45004b8e0e571d29f2e7168236f2d7ce44c9ff0208d60a88
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/twentytwentyone/assets/css/print.css?ver=1.0.0 HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: text/css
content-length: 962
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:22 GMT
last-modified: Wed, 02 Nov 2022 09:59:18 GMT
content-encoding: br
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f50fd635895870df33a17fe377a6a038
dd65dfbbc810b095432cfd59f971af04a9e31ab7
ebd9b6c3f67865c297d08802839c940994424000df3bf8a3f1316b8e13666e94
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:54:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2645
Expires: Tue, 29 Nov 2022 23:38:12 GMT
Date: Tue, 29 Nov 2022 22:54:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2645
Expires: Tue, 29 Nov 2022 23:38:12 GMT
Date: Tue, 29 Nov 2022 22:54:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2645
Expires: Tue, 29 Nov 2022 23:38:12 GMT
Date: Tue, 29 Nov 2022 22:54:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2645
Expires: Tue, 29 Nov 2022 23:38:12 GMT
Date: Tue, 29 Nov 2022 22:54:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29e8368b-e5a8-4256-a456-b724e13819e4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29e8368b-e5a8-4256-a456-b724e13819e4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f621857774e4b4adda95f58081644859
639165dc66d171b8266f22cd495181427112bc80
341fd33d3d9486079c182d60e21c355244b6597e6e09ba51ecee2e331b38ca2e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29e8368b-e5a8-4256-a456-b724e13819e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10068
x-amzn-requestid: 7f386e94-3c17-44a1-a36b-3d0eeff4623d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEQQoAMFihA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-5069acfd038ffb2c124b7bd8;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Bh6VQ3BLEXcZKHFyJxHVGQWVQm-w2s0786t8SQOcHQUaNvSFc1rg-A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:51 GMT
etag: "639165dc66d171b8266f22cd495181427112bc80"
content-type: image/jpeg
age: 3676
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde294fb7-e851-4e57-83be-aa3374862dcb.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde294fb7-e851-4e57-83be-aa3374862dcb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9e135c29a8769eb12ef8c26f99097400
87447d20e9c0a6a6aeefe6ca107f93cd3598cd0d
ce41ff79c382efc54aa2fd3ab64293d2d2b706a7f21585f4bd8bbcd9a3566126
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde294fb7-e851-4e57-83be-aa3374862dcb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7971
x-amzn-requestid: e47d10e4-2b60-4998-b5fa-5b145e60aac2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhgWHgGoAMFcLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867c68-5b9710a07b0a59730e73dce4;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:40:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OURSF_raDXrHV3-3ScaEdorNpW9ZKSIQjv6WUCQYHhruGz372BU_QA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:58:15 GMT
age: 3352
etag: "87447d20e9c0a6a6aeefe6ca107f93cd3598cd0d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87a30da8-85ab-41b8-bac9-b9c57f447d6a.webp
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87a30da8-85ab-41b8-bac9-b9c57f447d6a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 33ee67e62c49fc8d51f18df313002aac
3d8c927b6945d880f92d4e7a686cad5a9985e8ad
ba6e66e07cd93219926927fd2b468a92b8d02cc9bf1da0b3b9a3c48da160bbdc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87a30da8-85ab-41b8-bac9-b9c57f447d6a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9670
x-amzn-requestid: d9a529ac-9dc6-4e12-80c5-3250dc97e7bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcFiAoAMF0nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-116ddf09265d51523c3638b3;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5BnByLndiK0korBr44MDgK6sgRBPooy2LE_2NjVIQhiTfmAdLupnZw==
via: 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:49:34 GMT
age: 3873
etag: "3d8c927b6945d880f92d4e7a686cad5a9985e8ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7f230eb-6b67-4a80-b973-d8ea78fe73ae.png
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7f230eb-6b67-4a80-b973-d8ea78fe73ae.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e08af5b1d18986e112913c6e69cc8ce6
151b60134a66305bd72dbb3810f67a57720b2af1
555a62d98f4002ad187a6b480d534a1dbe3c64d1f4d17cffad2ab985c10ca462
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7f230eb-6b67-4a80-b973-d8ea78fe73ae.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12853
x-amzn-requestid: 25e4402d-98d0-4c38-a927-397c37724bea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhdpHAuIAMFweQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867c57-506672a36959d9ea09ef5155;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:40:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gHL2sFE-o1u5kEIUiabbP6u5CXr3ihI4mKiAVkfReyuJuTF5k5ktSg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:17:16 GMT
age: 2211
etag: "151b60134a66305bd72dbb3810f67a57720b2af1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e00769bd1391b8f4f5b8ab128a825355
e4ddf955e8ac1986045ed55880c43c69e588a021
81ca4d20c28fed8fd3135515daadc1fdbfb4198535d7c46021b418b8b98e59a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7298
x-amzn-requestid: 381e55bb-876b-46ad-84b6-1ddf9f876f56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcE3poAMFaAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-7c12394600900afc7281e858;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8heT2eN5oLbO14R9qLq78Vma_TkteufTyKM5i3K2XoJYXfWNwLMEwQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:56:25 GMT
age: 3462
etag: "e4ddf955e8ac1986045ed55880c43c69e588a021"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8af12b89-c1a0-4a2a-aa29-cd6dea02f435.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8af12b89-c1a0-4a2a-aa29-cd6dea02f435.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd563ab005d968185c8d000e38b88c2
268e6202466941e612ff503835de9091ef4d5b38
272c867dcc37d97f8682e8f3aa11a567a401b4d4d78e890b0eb94a3c77ea5000
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8af12b89-c1a0-4a2a-aa29-cd6dea02f435.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8288
x-amzn-requestid: 8b48ce45-1c30-4ea3-8cef-bf3b2e7f106f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEgFcUIAMFkSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1c-20e896a62338c6dc45c1ca2a;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:08 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _lR7GBAOjVmu9IrBxMWa1Y6K_1wp56AqQaxI7xZlpwsF7XWz8RpbzQ==
via: 1.1 1570d93226c1bbca2ebaad510cff3e0c.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:43:56 GMT
age: 4211
etag: "268e6202466941e612ff503835de9091ef4d5b38"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.betips.win/wp-content/uploads/2019/10/cropped-cats-192x192.png
162.0.212.3200 OK 38 kB URL HTTP/2 www.betips.win/wp-content/uploads/2019/10/cropped-cats-192x192.png
IP 162.0.212.3:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 2de3d7ce7034112c3b550629771ecfe2
d71719df7d5ed825b5b0c9ea14660907aa49cc9b
606d7cc019ac458b76a552152a3c8f4f05c5e7422df28179da3fa78eeb35867e
GET /wp-content/uploads/2019/10/cropped-cats-192x192.png HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:07 GMT
content-type: image/png
content-length: 37513
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:26 GMT
last-modified: Thu, 24 Oct 2019 04:44:36 GMT
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 29 Nov 2022 22:41:08 GMT
expires: Wed, 30 Nov 2022 00:41:08 GMT
cache-control: public, max-age=7200
age: 779
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash c47566c984b255a89ed15f6dc7fdee95
43e4fe49339a5fda98cc2189d8f7d1674b13acab
e77a849fe4cac271f48468112c70bef3a3f9f62b5c371e7b09500a1424abe17b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 22:54:07 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 27 Nov 2022 12:04:33 GMT
Expires: Sun, 04 Dec 2022 12:04:32 GMT
Etag: "43e4fe49339a5fda98cc2189d8f7d1674b13acab"
Cache-Control: max-age=392424,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771eec5f9eedb4f7-OSL
c1.popads.net/pop.js
185.76.9.22200 OK 9.9 kB IP 185.76.9.22:0
ASN #60068 Datacamp Limited
File type HTML document, ASCII text, with very long lines (1568), with CRLF line terminators
Hash 71ab5d3fd771ded6b5a071e51547c6e0
64591a18d1699d51daf11bc7947199af6f7645e1
ed869284f62fa7d03a89685849c192511642d62ef8e717ee0d6f02e2b2853134
GET /pop.js HTTP/1.1
Host: c1.popads.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.betips.win
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:07 GMT
content-type: application/javascript; charset=UTF-8
alt-svc: quic="185.76.9.20:443"; ma=2592000; v="44,43,39"
last-modified: Sun, 03 Jul 2022 20:49:14 GMT
etag: W/"62c200ca-7b48"
access-control-allow-origin: *
x-accel-expires: @1670360536
server: CDN77-Turbo
x-77-nzt: AblMCRRfkwb/t7EGAA
x-77-nzt-ray: af585630068dd0dd8f8d86636ddf540a
x-cache: HIT
x-age: 438711
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
6.adsco.re/
104.17.166.186200 OK 0 B IP 104.17.166.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.betips.win
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:07 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://www.betips.win
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 771eec60f9cbb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.betips.win
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 22:54:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.betips.win
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d02702fbf638d52897593c90ae3b0fce
a9de1e8bd78b41f6002d6bb9e9a556477539ebf9
d4c72521fe1b119a37d1cebfee005ae39101a01ecbd10d14ad6383958dd3c1b8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D4C72521FE1B119A37D1CEBFEE005AE39101A01ECBD10D14AD6383958DD3C1B8"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13863
Expires: Wed, 30 Nov 2022 02:45:10 GMT
Date: Tue, 29 Nov 2022 22:54:07 GMT
Connection: keep-alive
region1.google-analytics.com/g/collect?v=2&tid=G-7R4BTC3HXH>m=2oeb90&_p=1476760578&cid=733510095.1669762446&ul=en-us&sr=1280x1024&_s=1&sid=1669762446&sct=1&seg=0&dl=https%3A%2F%2Fwww.betips.win%2F%3Futm_source%3Dnigap40%26utm_medium%3Dmonth09%26utm_campaign%3Dstart&dt=DAILY%20FREE%20BETTING%20TIPS%20%E2%80%94%20GET%20SURE%20WIN%20FROM%20BETIPS.WIN&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-7R4BTC3HXH>m=2oeb90&_p=1476760578&cid=733510095.1669762446&ul=en-us&sr=1280x1024&_s=1&sid=1669762446&sct=1&seg=0&dl=https%3A%2F%2Fwww.betips.win%2F%3Futm_source%3Dnigap40%26utm_medium%3Dmonth09%26utm_campaign%3Dstart&dt=DAILY%20FREE%20BETTING%20TIPS%20%E2%80%94%20GET%20SURE%20WIN%20FROM%20BETIPS.WIN&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7R4BTC3HXH>m=2oeb90&_p=1476760578&cid=733510095.1669762446&ul=en-us&sr=1280x1024&_s=1&sid=1669762446&sct=1&seg=0&dl=https%3A%2F%2Fwww.betips.win%2F%3Futm_source%3Dnigap40%26utm_medium%3Dmonth09%26utm_campaign%3Dstart&dt=DAILY%20FREE%20BETTING%20TIPS%20%E2%80%94%20GET%20SURE%20WIN%20FROM%20BETIPS.WIN&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.betips.win
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.betips.win
date: Tue, 29 Nov 2022 22:54:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.betips.win/wp-content/uploads/2019/10/cropped-cats-32x32.png
162.0.212.3200 OK 2.7 kB URL HTTP/2 www.betips.win/wp-content/uploads/2019/10/cropped-cats-32x32.png
IP 162.0.212.3:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 8e8b08eacfd4f99cff96e587c25576be
9d7591bd6e070669593c306027a054bd7bbec978
d46d25bd31b49c5f782f63d036d348e3ec0eda26216a8def28d25d5b3cb354a1
GET /wp-content/uploads/2019/10/cropped-cats-32x32.png HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:07 GMT
content-type: image/png
content-length: 2716
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 22:54:07 GMT
last-modified: Thu, 24 Oct 2019 04:44:37 GMT
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5d950b70d3b1532276ed817249b72618
dca7faf727b8afdd481c8f8bcc3e9129fdadadc3
afe3fbe5f269179e18a66ca806664b7f96b903150b364129e2f2b30087198e34
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:54:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-110059757-1&cid=733510095.1669762446&jid=979081368&gjid=93966568&_gid=531111828.1669762446&_u=YADAAUAAAAAAACAAI~&z=94221184
74.125.131.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-110059757-1&cid=733510095.1669762446&jid=979081368&gjid=93966568&_gid=531111828.1669762446&_u=YADAAUAAAAAAACAAI~&z=94221184
IP 74.125.131.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-110059757-1&cid=733510095.1669762446&jid=979081368&gjid=93966568&_gid=531111828.1669762446&_u=YADAAUAAAAAAACAAI~&z=94221184 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.betips.win
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.betips.win
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 29 Nov 2022 22:54:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash b503bbc199c858fef47b115224779745
43de09bad113104e018e98b35682e9d67af8689e
696c3a7dee60f179fab62f4cbaeb8ea28869158bcb4bd163ae9134af68d0035d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 22:54:07 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 27 Nov 2022 05:03:54 GMT
Expires: Sun, 04 Dec 2022 05:03:53 GMT
Etag: "43de09bad113104e018e98b35682e9d67af8689e"
Cache-Control: max-age=367185,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771eec634b08b4f7-OSL
www.betips.win/wp-content/uploads/2022/11/WhatsApp-Image-2022-11-29-at-01.01.27-300x300.jpeg
162.0.212.3200 OK 21 kB URL HTTP/2 www.betips.win/wp-content/uploads/2022/11/WhatsApp-Image-2022-11-29-at-01.01.27-300x300.jpeg
IP 162.0.212.3:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x300, components 3\012- data
Hash 7c573e4a45b91695b590fbbf796c7d58
294c6d47e1602e9cd2d1199f9b105ee9931578aa
41e11c64cfb3eca67131ed9ce407c84265f75a0134f955ec0c50fdd8eb1708ef
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2022/11/WhatsApp-Image-2022-11-29-at-01.01.27-300x300.jpeg HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:07 GMT
content-type: image/jpeg
content-length: 20987
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 22:54:07 GMT
last-modified: Mon, 28 Nov 2022 22:07:33 GMT
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f1cfa609ebdf236e2f3e3ff25dd05caf
c8117b0187d4d9021ed1a42907bd93d24ed4ebf0
7a2761aa36168d4f2c9034486777f5588aaf0fa1f7d1e55006db7320259303b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:54:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
w7rbnctwumah.n4.adsco.re/
38.132.109.186200 OK 0 B URL HTTP/1.1 w7rbnctwumah.n4.adsco.re/
IP 38.132.109.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: w7rbnctwumah.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.betips.win
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 22:54:07 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
adsco.re/p
162.252.214.5200 OK 171 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash 71868d4e2bffae6be0b1cc69ef2e7205
8fb6e7b361392eaa31b228ad2455d4c1e1e33c72
0e4541fe49536eaf91ecb9836069a82dfd32d5661e110f0307988285615f9858
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1971
Origin: https://www.betips.win
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 22:54:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: https://www.betips.win
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 834e4f5c8bf72b88408f61fc40f5edc7
ada1bc866cba0ab19d9650c9a846f50d8118cbba
9d7e02cd4efeabab4225d9a9f52dda11bbe5ad691dee225306d99fc1912c4aad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D7E02CD4EFEABAB4225D9A9F52DDA11BBE5AD691DEE225306D99FC1912C4AAD"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10604
Expires: Wed, 30 Nov 2022 01:50:52 GMT
Date: Tue, 29 Nov 2022 22:54:08 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0fe20d41a043db700a84924cd9793f3
c0da481fef6cd00558f6e68b074acb34bef8292f
03caeb65ab9e22f6d6fe0d344d327950d20ee9ed144e2da0e5e062943a03fc56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:54:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3402a11f28d369c1ad537c8e44ba5568
17c9fc852ca71dc4d46f786537adda4ee0e9a3ef
dd142866516f3293fab9f67f092d37b70c39fc58512734c8e88dab5c5faf7264
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:54:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-110059757-1&cid=733510095.1669762446&jid=979081368&_u=YADAAUAAAAAAACAAI~&z=360375784
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-110059757-1&cid=733510095.1669762446&jid=979081368&_u=YADAAUAAAAAAACAAI~&z=360375784
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-110059757-1&cid=733510095.1669762446&jid=979081368&_u=YADAAUAAAAAAACAAI~&z=360375784 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:54:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-110059757-1&cid=733510095.1669762446&jid=979081368&_u=YADAAUAAAAAAACAAI~&z=360375784
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-110059757-1&cid=733510095.1669762446&jid=979081368&_u=YADAAUAAAAAAACAAI~&z=360375784
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-110059757-1&cid=733510095.1669762446&jid=979081368&_u=YADAAUAAAAAAACAAI~&z=360375784 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 29 Nov 2022 22:54:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 798c6088f000b3a2464e23a92271c24d
2a53b3d3bd4a9104c79595f664276db5b32b9bad
dcccfc9bb4da634286d08301fcf23be3ae26bb429b35349fb72dde530fdb3ae4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:54:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash abd55ecd24d357a9f02612558f723a90
6a1e6963864f0b53ddc6205d35225e6cf0bcbeec
195fa531e0462be58d5c62ebbe6060e147c94bdb1d38ff46c341c74e0ab2671a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 29 Nov 2022 22:54:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.kagwirawo.co.ug/assets/images/kagwirawo-728x90.gif
154.0.130.22200 OK 30 kB URL HTTP/1.1 cdn.kagwirawo.co.ug/assets/images/kagwirawo-728x90.gif
IP 154.0.130.22:0
ASN #37063 Roke Investments International
File type GIF image data, version 89a, 728 x 90\012- data
Hash c4b9358d6ef02fefee8e966edd3beeeb
905e63c2e38de2fd0d1865955be01d10f9861f2f
a4c0ccff4745fcf14c3a56afed55c4d4ca4b4f018b4506dc49f4e948b843bc4b
GET /assets/images/kagwirawo-728x90.gif HTTP/1.1
Host: cdn.kagwirawo.co.ug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 22:56:16 GMT
Server: Apache/2.4.23 (Linux/SUSE)
Last-Modified: Tue, 22 Nov 2022 13:29:35 GMT
ETag: "743e-5ee0f29b803d3"
Accept-Ranges: bytes
Content-Length: 29758
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif
w7rbnctwumah.s4.adsco.re/
185.200.116.90200 OK 0 B URL HTTP/1.1 w7rbnctwumah.s4.adsco.re/
IP 185.200.116.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: w7rbnctwumah.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.betips.win
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 22:54:08 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash b1b5a42f21fc303bc81e08bb83ff927c
838ba9c3b2200f37fea0a5d22c0df71bb73f16b5
6f591a65cc70ffef7e6610de10c36db186f275903027cb1b88a4a886a835de65
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 29 Nov 2022 22:54:08 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 27 Nov 2022 04:03:54 GMT
Expires: Sun, 04 Dec 2022 04:03:53 GMT
Etag: "838ba9c3b2200f37fea0a5d22c0df71bb73f16b5"
Cache-Control: max-age=363584,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 771eec670faab4f7-OSL
serve.popads.net/c?_=BAYAY4aNkAFjho2QgAGBAsAAIIDPGFv80qavdSupKy88H8yVx0jERBhNvLBoRV2dtZW1wQBIMEYCIQDj4P0dGhZzf_BVZSuxaPFbymd3m8dD2P__YBegxXSGzwIhAOVmrBHUg-uxHQm-vhHnNIyrMk2X4jRswBeh2zxLsap6&v=4&siteId=2807472&minBid=1&popundersPerIP=0,0&blockedCountries=&documentRef=&s=1280,1024,1,1280,1024,0
216.21.13.11200 OK 44 B URL HTTP/1.1 serve.popads.net/c?_=BAYAY4aNkAFjho2QgAGBAsAAIIDPGFv80qavdSupKy88H8yVx0jERBhNvLBoRV2dtZW1wQBIMEYCIQDj4P0dGhZzf_BVZSuxaPFbymd3m8dD2P__YBegxXSGzwIhAOVmrBHUg-uxHQm-vhHnNIyrMk2X4jRswBeh2zxLsap6&v=4&siteId=2807472&minBid=1&popundersPerIP=0,0&blockedCountries=&documentRef=&s=1280,1024,1,1280,1024,0
IP 216.21.13.11:0
File type ASCII text, with no line terminators
Hash d5f0a25e4d3522d56d48ce7bc3e518fb
86794caff58f7fee6e684c2ba7195f970a8d6f4c
9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
GET /c?_=BAYAY4aNkAFjho2QgAGBAsAAIIDPGFv80qavdSupKy88H8yVx0jERBhNvLBoRV2dtZW1wQBIMEYCIQDj4P0dGhZzf_BVZSuxaPFbymd3m8dD2P__YBegxXSGzwIhAOVmrBHUg-uxHQm-vhHnNIyrMk2X4jRswBeh2zxLsap6&v=4&siteId=2807472&minBid=1&popundersPerIP=0,0&blockedCountries=&documentRef=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: serve.popads.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Tue, 29 Nov 2022 22:54:08 GMT
www.betips.win/wp-content/uploads/2022/11/betwinner.jpg
162.0.212.3200 OK 0 B URL HTTP/2 www.betips.win/wp-content/uploads/2022/11/betwinner.jpg
IP 162.0.212.3:0
GET /wp-content/uploads/2022/11/betwinner.jpg HTTP/1.1
Host: www.betips.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/?utm_source=nigap40&utm_medium=month09&utm_campaign=start
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:06 GMT
content-type: image/jpeg
content-length: 47265
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 21:43:21 GMT
last-modified: Tue, 15 Nov 2022 17:38:15 GMT
x-turbo-charged-by: LiteSpeed
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
c.adsco.re/
104.17.167.186200 OK 0 B IP 104.17.167.186:0
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.betips.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 29 Nov 2022 22:54:07 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Fri, 30 Dec 2022 22:54:07 GMT
etag: W/"n/ARilLrRVDeZNVpaPOsXg=="
cf-cache-status: HIT
age: 887697
vary: Accept-Encoding
server: cloudflare
cf-ray: 771eec5feee6b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2