Report - gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack

Report Overview

URL

gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
IP

91.223.82.61

ASN

#199968 Iws Networks LLC
Submitted

2022-12-14T13:20:29Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

49

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
translate.googleapis.com (1)	1005	2012-05-31T09:21:21Z	2023-03-09T07:17:30Z	415	4565	142.250.74.74
r3.o.lencr.org (12)	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	4056	10639	23.33.119.27
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	782	2372	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	413	5844	34.160.144.191
ajax.googleapis.com (1)	12905	2013-08-16T11:51:31Z	2023-03-09T07:18:27Z	397	52811	142.250.74.170
fonts.gstatic.com (1)	unknown	2014-09-09T02:40:21Z	2023-03-09T06:38:59Z	503	45805	216.58.207.227
s4.histats.com (1)	12782	2012-05-21T19:14:14Z	2023-03-09T05:19:14Z	640	183	149.56.240.132
s10.histats.com (1)	15211	2012-05-21T19:14:14Z	2023-03-09T05:19:14Z	361	4721	46.105.201.240
downloadlocked.com (1)	127304	2021-10-06T20:17:41Z	2023-03-07T00:29:12Z	365	1274	23.22.126.183
maxcdn.bootstrapcdn.com (1)	724	2014-06-18T02:37:31Z	2023-03-09T07:05:24Z	416	894	104.18.11.207
fonts.googleapis.com (1)	8877	2013-06-10T22:14:26Z	2023-03-09T06:38:15Z	402	746	142.250.74.106
gaminghelper.co (35)	unknown	2021-10-07T06:32:40Z	2022-12-17T11:01:17Z	18032	275567	91.223.82.61
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	333	391	34.117.237.239
i0.wp.com (1)	3021	2013-09-17T08:14:42Z	2023-03-09T05:15:08Z	392	1176	192.0.77.2
is1-ssl.mzstatic.com (1)	1597	2015-02-12T11:39:50Z	2023-03-09T05:15:38Z	506	13425	184.24.44.26
track.enigmacdn.com (2)	unknown	2021-07-17T03:36:30Z	2022-12-17T10:20:46Z	1155	20892	91.223.82.61
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-09T05:09:25Z	3246	49728	34.120.237.76
translate.google.com (1)	1156	2012-05-30T03:30:32Z	2023-03-09T05:12:20Z	408	807	142.250.74.46
ocsp.digicert.com (4)	86	2012-05-21T09:02:23Z	2023-03-09T05:22:46Z	1364	2804	93.184.220.29
ocsp.pki.goog (9)	175	2018-07-01T08:43:07Z	2023-03-09T05:09:50Z	3087	6300	142.250.74.131
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	606	127	35.86.38.2

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-14	medium	gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack	Phishing
2022-12-14	medium	gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack	Phishing
2022-12-14	medium	gaminghelper.co/js/jquery.countTo.js	Phishing
2022-12-14	medium	gaminghelper.co/js/fancySelect.js	Phishing
2022-12-14	medium	gaminghelper.co/js/validator.min.js	Phishing
2022-12-14	medium	gaminghelper.co/js/form-scripts.js	Phishing
2022-12-14	medium	gaminghelper.co/js/sticky.js	Phishing
2022-12-14	medium	gaminghelper.co/js/sweetalert2.min.js	Phishing
2022-12-14	medium	gaminghelper.co/js/jquery.magnific-popup.min.js	Phishing
2022-12-14	medium	gaminghelper.co/js/com.js	Phishing
2022-12-14	medium	gaminghelper.co/js/main.js	Phishing
2022-12-14	medium	gaminghelper.co/fonts/bebasneue_bold-webfont.html	Phishing
2022-12-14	medium	gaminghelper.co/fonts/et-line.woff	Phishing
2022-12-14	medium	gaminghelper.co/fonts/bebasneue_regular-webfont.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed
2022-12-14	medium	gaminghelper.co	Sinkholed

HTTP Transactions (84)

URL IP Response Size

gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack

91.223.82.61

301 Moved Permanently

295

URL HTTP/1.1

gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

295
Hash

bdd2f6d5aa730f9f18701400bd9360f2

17d43fd77bff8982da6c324eb47b3f13bd44de8c

db29dabe87455738424a430e5500f329265a4a2a23ffdc53f3ea210e2bf79dce

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /app/431946152/how-to-manage-server-roblox-script-hack-game-hack HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 14 Dec 2022 13:20:17 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 295
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

358212db02ecc7c1fa088906bd2dba14

091a0688da9de609d97349215ba9e452dfc346a4

7486e512e4de8172ac07f07f47da3a96dd3ac7cb054b335f3e4929261440e672

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7486E512E4DE8172AC07F07F47DA3A96DD3AC7CB054B335F3E4929261440E672"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4978
Expires: Wed, 14 Dec 2022 14:43:15 GMT
Date: Wed, 14 Dec 2022 13:20:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

b642ec5702fb818c5d1c67168cc68fdb

015146489a8e7fcb4ba0ba74cfe757a072705f93

4846d047a23903856bd113d02639ce7e08a1e40030151d302295b2d12df98ffc

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4846D047A23903856BD113D02639CE7E08A1E40030151D302295B2D12DF98FFC"
Last-Modified: Mon, 12 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5598
Expires: Wed, 14 Dec 2022 14:53:36 GMT
Date: Wed, 14 Dec 2022 13:20:18 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

b44c4b5daa307a355e7bab1c83c1ca82

dbd14cd873f1dd4502f277b3f51cb7bc8da0c080

fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 14 Dec 2022 13:08:52 GMT
content-type: application/json
age: 686
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

d29881eeb0456eff8cf415ad2ce64ba0

e3cfdd5f56ff88066257ec8f4726f53e3a733bd3

2cd90072f113163f976ddb8bc7017884efd3f764e7e8961b04e3ba5ec0a17d85

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CD90072F113163F976DDB8BC7017884EFD3F764E7E8961B04E3BA5EC0A17D85"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7314
Expires: Wed, 14 Dec 2022 15:22:12 GMT
Date: Wed, 14 Dec 2022 13:20:18 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

53341dea33f4f3d9b4966f80589f429a

20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d

651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: PMaRV5g1/RJLxsVsMkU0kAYdjBV3HEmS/JRt7eB6vdZXTuBBM2AOQ2OldzefLmFiX6FYdCQh5ZA=
x-amz-request-id: D9BRASVD069BV2AT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 14 Dec 2022 12:52:22 GMT
age: 1676
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Wed, 14 Dec 2022 13:20:18 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

693fb7e154d47e4ca00583d356044bcf

5382a15dac0beba4775213c856171a39f8a5f646

06eed5cae42fe2547330cb15920aabb03e3b5016c0c2e8f94284cd605ccbc752

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "06EED5CAE42FE2547330CB15920AABB03E3B5016C0C2E8F94284CD605CCBC752"
Last-Modified: Mon, 12 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21597
Expires: Wed, 14 Dec 2022 19:20:15 GMT
Date: Wed, 14 Dec 2022 13:20:18 GMT
Connection: keep-alive

gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack

91.223.82.61

200 OK

20003

URL HTTP/1.1

gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (14923)

Size

20003
Hash

94d17b53e2271b5c8ee9d31c9c3a57d2

58af2bb33446f359b61abecf0e9260f58a1cfe6f

2332bf48b3f4bed1d741a0ad0a77dee6ce0ab4d1fc1b929ebe8a3c69df1e230d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /app/431946152/how-to-manage-server-roblox-script-hack-game-hack HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
X-Powered-By: PHP/8.0.8RC1
Content-Encoding: gzip

gaminghelper.co/css/bootstrap.min.css

91.223.82.61

200 OK

19597

URL HTTP/1.1

gaminghelper.co/css/bootstrap.min.css
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (65371)

Size

19597
Hash

3f142cfc2d7123b31a1e696e0591f27a

834192dbadf2713cd2ff89f50d7ec2f1d4782e54

3421e2383a7c02f24509d2f1294d3099b658d0773f97706b87b832b0b770c0b6

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /css/bootstrap.min.css HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:17 GMT
Content-Type: text/css
Last-Modified: Fri, 03 Sep 2021 06:30:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c104-1d9bb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/css/animate.css

91.223.82.61

200 OK

4026

URL HTTP/1.1

gaminghelper.co/css/animate.css
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text

Size

4026
Hash

48bc9b81bca18c06ba937cbb880b4cb3

697313edfad185bcca5c7bde18da4a98f93e3adb

b30b4d8565f9af6c8d2cb3839aa09dbccd60ca1a766465d542debade38f45741

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /css/animate.css HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:17 GMT
Content-Type: text/css
Last-Modified: Fri, 03 Sep 2021 06:30:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c104-10cbc"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/js/jquery.countTo.js

91.223.82.61

200 OK

1125

URL HTTP/1.1

gaminghelper.co/js/jquery.countTo.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text

Size

1125
Hash

547f5246e091d19af521dee35588e468

4772f3c1e62865ccbbab04abd39e69510c8f5843

67880d8532d95db3e74b7da985ca2fe7c9d9660e3dd125202cebcda96a2007e2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/jquery.countTo.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b3-eb1"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/css/sweetalert2.min.css

91.223.82.61

200 OK

2737

URL HTTP/1.1

gaminghelper.co/css/sweetalert2.min.css
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (13987), with no line terminators

Size

2737
Hash

1cfac88a4a8e1bc20b811757fb028b40

10427c064f703342d031411a3310e2a5ef2083bc

53976df2ad3ce0c0f2632bb620bbb02d930a5eb943298170e97189f029a0d70d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /css/sweetalert2.min.css HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: text/css
Last-Modified: Fri, 03 Sep 2021 06:30:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c106-36a3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/css/magnific-popup.css

91.223.82.61

200 OK

1994

URL HTTP/1.1

gaminghelper.co/css/magnific-popup.css
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text

Size

1994
Hash

c0275239cb960b014d780d8105b44d72

8db83ac790988232549a3740ecf04fc199da1ce8

211b79363793093a7a2f1d342768844e938e88156b62293093185a6500ead1cf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /css/magnific-popup.css HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: text/css
Last-Modified: Fri, 03 Sep 2021 06:30:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c105-1f0a"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/js/fancySelect.js

91.223.82.61

200 OK

1661

URL HTTP/1.1

gaminghelper.co/js/fancySelect.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text

Size

1661
Hash

a60791b5b353371813114e815d946494

69d1f371b0ed899641e640b2649c0914302812bd

5d19375a0386f8ea11115e3145c61105cfa1daca00d15ad54b49c84967f518d0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/fancySelect.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b2-1a7a"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/css/fancySelect.css

91.223.82.61

200 OK

1023

URL HTTP/1.1

gaminghelper.co/css/fancySelect.css
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text

Size

1023
Hash

458a1a06f282aa4c457a8b613d6a38e6

b524e1cb32722230e18bc85f414b9a10e43a7e2d

3f41176d4616a36f4325865bb3c0ea652f3616dec60b31bd923df91f600506b2

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /css/fancySelect.css HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: text/css
Last-Modified: Fri, 03 Sep 2021 06:30:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c105-109d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/css/style.css

91.223.82.61

200 OK

8520

URL HTTP/1.1

gaminghelper.co/css/style.css
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (1512)

Size

8520
Hash

4d36bdeba8bb00f4ee280771fddfa689

8dfbed7251f5bb010d5fe8f64e0d60abc3e9fd54

08bb84420272831b8755bc5bd2858bf8a486006a9367b670d826ee516262a2c8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /css/style.css HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: text/css
Last-Modified: Fri, 03 Sep 2021 06:30:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c106-bd7b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

280

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

280
Hash

96179d4e397ed473ae1a704a2834d5af

51be2b07d4bea929565cfa4d0ec34d48185c9702

2ad44134c571bf3742055149ef45418f5e1ee78f034d0f040bde28b3ab8be555

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 419
Cache-Control: max-age=150483
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 13:20:18 GMT
Etag: "639974c2-118"
Expires: Fri, 16 Dec 2022 07:08:21 GMT
Last-Modified: Wed, 14 Dec 2022 07:01:22 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

bfb5d3c071cebab21e6ab8647e84b6ba

ebc1553e88dbe512449a31b3cb4c10c659484d7d

cf794ab56bfa29d8e47637d68f5c82e4c60b855a8f6b772f344a72c712da3c4d

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 13:20:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

210b7a2584ae55362c4b582e325f37f7

5f1982f961f1c5db96bbb66af075bab3cb535963

cb3767debad90cb8a34ce287de194cdb2a4f7146e7b51560fd2e0eb11fbfbc2f

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1034
Cache-Control: max-age=158632
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 13:20:18 GMT
Etag: "63999230-1d7"
Expires: Fri, 16 Dec 2022 09:24:10 GMT
Last-Modified: Wed, 14 Dec 2022 09:06:56 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

bfb5d3c071cebab21e6ab8647e84b6ba

ebc1553e88dbe512449a31b3cb4c10c659484d7d

cf794ab56bfa29d8e47637d68f5c82e4c60b855a8f6b772f344a72c712da3c4d

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 13:20:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

bfb5d3c071cebab21e6ab8647e84b6ba

ebc1553e88dbe512449a31b3cb4c10c659484d7d

cf794ab56bfa29d8e47637d68f5c82e4c60b855a8f6b772f344a72c712da3c4d

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 13:20:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

gaminghelper.co/js/validator.min.js

91.223.82.61

200 OK

2094

URL HTTP/1.1

gaminghelper.co/js/validator.min.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (5862)

Size

2094
Hash

1ab13fa2eeca5d16de99a1cad839416c

0d0a95bd88d04b02d89e1162dd3ebb20b5543dd8

56b8d7fb44f86809b49d416022455ac170fb0b79d1ab4b6e5192a046e660f667

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/validator.min.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b9-17a7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/js/form-scripts.js

91.223.82.61

200 OK

609

URL HTTP/1.1

gaminghelper.co/js/form-scripts.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text

Size

609
Hash

4fb85eb3b2f0dd8b8f5953c58236da3e

1c9f6c7a15a3248147e056672ffbf4fdbaed6718

3dd0f5e5567c73519dc3eeb98ba6fef9d2b2982af24544ba3d7bbc684d6bae6c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/form-scripts.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b2-5bd"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/js/sticky.js

91.223.82.61

200 OK

URL HTTP/1.1

gaminghelper.co/js/sticky.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/sticky.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: application/javascript
Content-Length: 0
Last-Modified: Fri, 03 Sep 2021 06:33:28 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "6131c1b8-0"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

gaminghelper.co/js/sweetalert2.min.js

91.223.82.61

200 OK

6538

URL HTTP/1.1

gaminghelper.co/js/sweetalert2.min.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (20305), with no line terminators

Size

6538
Hash

b238ef007e57c4c8f9447cba68fdb3a2

2d4ca455aca3fcd8ee7ac2e2883cfa89c87bd532

aeafa1e7bb6a973eac2b4f5462844b1c2d64d53eb2e09e75f265e646320f7080

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/sweetalert2.min.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b9-4f51"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/js/jquery.magnific-popup.min.js

91.223.82.61

200 OK

7685

URL HTTP/1.1

gaminghelper.co/js/jquery.magnific-popup.min.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (21014)

Size

7685
Hash

12a9a563724e70a895de0fbd5f7b4ee5

a14c616f532deb9ca2d5fa0de6124d47ea60ab57

f2e1cd5f2953925591288bd1cc3f167bbd392497476119083458e33e9ab87079

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/jquery.magnific-popup.min.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b6-5297"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/js/com.js

91.223.82.61

200 OK

3265

URL HTTP/1.1

gaminghelper.co/js/com.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

C source, Unicode text, UTF-8 text, with very long lines (2456)

Size

3265
Hash

ecf323c878106fa274f5e9f3b3a82437

86b15826e8a83c81da7ef264dd8e3ff59ef5c1bf

28babf5e232e3dc0985bab21a28eea25b17bc078bafc92a6ba049eefb1e45720

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/com.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b2-461a"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js

142.250.74.170

200 OK

51711

URL HTTP/2

ajax.googleapis.com/ajax/libs/jqueryui/1.8.13/jquery-ui.min.js
IP

142.250.74.170:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (563)

Size

51711
Hash

d3908721b39ebbeffaf1c917bbda06e8

0f9b6c6bdad9cfc057f3e85f52cc417370959fb9

4ae100977cea8b9965e5d231f3ae655783b4f163c56ee703953aff937525ed37

HTTP Headers

                                        GET /ajax/libs/jqueryui/1.8.13/jquery-ui.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 51711
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 12 Dec 2022 04:06:37 GMT
expires: Tue, 12 Dec 2023 04:06:37 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 206021
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

gaminghelper.co/js/main.js

91.223.82.61

200 OK

15195

URL HTTP/1.1

gaminghelper.co/js/main.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (16162)

Size

15195
Hash

562dc83f2f14b713905fe69a0994e11d

43cd616f9ea8c8c1eb0edccd54a29e2490fcf90a

745ecf708bc71ba73f7071b8a35c3f639ec7f3e05ceb826458a1b6a8fb4fe782

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/main.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b7-a08b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

f340e8485c80338c159be2ac5f8050c5

704f9da662775b15315248a59353c9af39a1ef0e

2197d905b6847b6ae4eb8b90be3edb8ed0e6c809208590d3a59559e8fce99f8e

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 13:20:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 14 Dec 2022 13:07:58 GMT
age: 740
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

280
Hash

96179d4e397ed473ae1a704a2834d5af

51be2b07d4bea929565cfa4d0ec34d48185c9702

2ad44134c571bf3742055149ef45418f5e1ee78f034d0f040bde28b3ab8be555

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 419
Cache-Control: max-age=150483
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 13:20:18 GMT
Etag: "639974c2-118"
Expires: Fri, 16 Dec 2022 07:08:21 GMT
Last-Modified: Wed, 14 Dec 2022 07:01:22 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

bfb5d3c071cebab21e6ab8647e84b6ba

ebc1553e88dbe512449a31b3cb4c10c659484d7d

cf794ab56bfa29d8e47637d68f5c82e4c60b855a8f6b772f344a72c712da3c4d

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 13:20:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

bfb5d3c071cebab21e6ab8647e84b6ba

ebc1553e88dbe512449a31b3cb4c10c659484d7d

cf794ab56bfa29d8e47637d68f5c82e4c60b855a8f6b772f344a72c712da3c4d

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 13:20:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

f340e8485c80338c159be2ac5f8050c5

704f9da662775b15315248a59353c9af39a1ef0e

2197d905b6847b6ae4eb8b90be3edb8ed0e6c809208590d3a59559e8fce99f8e

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Dec 2022 13:20:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

381cbe1215153e69da5c516cc13965be

09cac4c7d93d0d473de08ed4db88ea7371f0bda3

ef681b448c0265eedb4b065bdc5babfc186da5393a03bddb66d443e42d167035

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF681B448C0265EEDB4B065BDC5BABFC186DA5393A03BDDB66D443E42D167035"
Last-Modified: Mon, 12 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 14 Dec 2022 19:20:18 GMT
Date: Wed, 14 Dec 2022 13:20:18 GMT
Connection: keep-alive

push.services.mozilla.com/

35.86.38.2

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

35.86.38.2:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gDtDfcF2A658gI+x0zdoEQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Z6M0OK5FjjRgFnb8qZ/ve9sf5KM=

gaminghelper.co/img/robux.png

91.223.82.61

200 OK

14564

URL HTTP/1.1

gaminghelper.co/img/robux.png
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

PNG image data, 220 x 220, 8-bit/color RGBA, non-interlaced\012- data

Size

14564
Hash

9c5420a8f8c55be36294fce245595dba

4b9a024b51a475b1b7514a7650ff684ec9323572

44e5a0923e6a0c2157435f215db9d3c2edf95408dfb3d87fa553830f582e24fd

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /img/robux.png HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/431946152/how-to-manage-server-roblox-script-hack-game-hack
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Wed, 14 Dec 2022 13:20:18 GMT
Content-Type: image/png
Content-Length: 14564
Last-Modified: Fri, 03 Sep 2021 06:31:43 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "6131c14f-38e4"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

8f9c691707bc81e0e5a63035dd910a10

f7af1036ba70134a5af919a0cc30b873c1ef608a

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (20)

#1 JS:Script (size: 41099)

#2 JS:Script (size: 424)

#3 JS:Script (size: 6055)

#4 JS:Script (size: 21143)

#5 JS:Script (size: 3761)

#6 JS:Script (size: 1469)

#7 JS:Script (size: 134)

#8 JS:Script (size: 22015)

#9 JS:Script (size: 11440)

#10 JS:Script (size: 6778)

#11 JS:Script (size: 17946)

#12 JS:Script (size: 84380)

#13 JS:Script (size: 211667)

#14 JS:Script (size: 62256)

#15 JS:Script (size: 51)

#16 JS:Script (size: 20305)

#17 JS:Script (size: 76760)

#18 JS:Script (size: 2799)

#19 JS:Script (size: 536)

#20 JS:Script (size: 0)

HTTP Transactions (84)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers