Report - go.bonus-wizard.com/c0b04575-a979-459c-aff0-e06efe956dba

Report Overview

Submitted URL
go.bonus-wizard.com/c0b04575-a979-459c-aff0-e06efe956dba
IP
18.193.146.82
ASN
#16509 AMAZON-02
Submitted
2023-01-30 02:59:07
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
my.rtmark.net	9054	2015-02-04T10:54:57Z	2023-03-13T05:11:40Z	443 B	1.2 kB	139.45.195.8
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.161.4.251
www.bonus-wizard.com	unknown	2021-02-06T08:30:30Z	2023-03-09T17:53:46Z	12 kB	677 kB	104.21.74.75
lemouwee.com	176393	2021-03-12T14:42:34Z	2023-03-10T09:59:08Z	537 B	400 B	139.45.197.251
forms.aweber.com	41765	2013-12-03T17:20:03Z	2023-03-13T09:03:14Z	411 B	492 B	151.101.194.137
go.bonus-wizard.com	unknown	2021-02-11T15:52:38Z	2023-03-09T01:04:04Z	1.3 kB	5.6 kB	18.193.146.82
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.4 kB	8.9 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.8 kB	5.6 kB	142.250.74.131
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	2.7 kB	51 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-30	medium	www.bonus-wizard.com/en/lionbonus/img/fortune-mob.23835c4.webp	Malware
2023-01-30	medium	www.bonus-wizard.com/en/lionbonus/img/crown.90fc328.svg	Malware
2023-01-30	medium	www.bonus-wizard.com/en/lionbonus/img/askgamblers-stars.d6f2bf7.svg	Malware
2023-01-30	medium	www.bonus-wizard.com/en/lionbonus/js/aw-form.js	Malware
2023-01-30	medium	www.bonus-wizard.com/en/lionbonus/img/cup.b346f44.svg	Malware
2023-01-30	medium	www.bonus-wizard.com/en/lionbonus/js/modal-form.js	Malware
2023-01-30	medium	www.bonus-wizard.com/en/lionbonus/js/fields.js	Malware
2023-01-30	medium	www.bonus-wizard.com/en/lionbonus/js/bonus.js	Malware
2023-01-30	medium	www.bonus-wizard.com/en/lionbonus/img/wheel.e7e3a06.svg	Malware
2023-01-30	medium	www.bonus-wizard.com/en/lionbonus/img/crown.2a86162.svg	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5	102 B	2023-03-13	2023-03-13
Pretty URL www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5 IP 104.21.74.75 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:57:01 Last Seen2023-03-13 11:57:01 Times Seen1 Hash 009e7e777043cd95433b96f0b9c45b6d e23c3824fb27d1bd9bea5a84ddd4a9780e953410 41571e94a515264aaa987f8a4e0fc0d4e2f7c3d79945d62c038092ad670e83af Loading...

	www.bonus-wizard.com/en/lionbonus/js/modal-form.js	663 B	2023-03-13	2023-03-13
Pretty URL www.bonus-wizard.com/en/lionbonus/js/modal-form.js IP 104.21.74.75 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:51:13 Last Seen2023-03-13 11:57:01 Times Seen1 Hash 1846f611f4c1ab491bd2a71643a2874c 257b3dc237e5b876b2301c134329ded4357cb751 55d182f89dd01f4e206a000c05c7e7b02a6d39d1d5cab95e7661714496e6fe42 Loading...

	www.bonus-wizard.com/en/lionbonus/js/bonus.js	1.2 kB	2023-03-12	2023-03-13
Pretty URL www.bonus-wizard.com/en/lionbonus/js/bonus.js IP 104.21.74.75 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 23:25:50 Last Seen2023-03-13 11:57:01 Times Seen1 Hash 220966047436dc5c95be43ca3fa5dfef f91f8f40e8a52ed71a43bbf34b416b041a49f769 715f97a51eca70d8479687934bc5c1f171a66c36b570245eb0443e93166e2d79 Loading...

	www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5	1.3 kB	2023-03-12	2023-03-13
Pretty URL www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5 IP 104.21.74.75 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 23:25:50 Last Seen2023-03-13 11:57:01 Times Seen1 Hash dd6b2265e4e05cfe144e45517e4acb78 07200508338d6030eb1c87c8a16b76c0fe30f9e7 359984188860f71a7a86f1065e5b9e27c301aa67748845a9ac6ee44115fc8559 Loading...

	lemouwee.com/pfe/current/micro.tag.min.js?z=4534224&sw=/sw-check-permissions-eb8dd.js	41 kB	2023-03-13	2023-03-13
Pretty URL lemouwee.com/pfe/current/micro.tag.min.js?z=4534224&sw=/sw-check-permissions-eb8dd.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:25:20 Last Seen2023-03-13 18:55:01 Times Seen1 Hash 386a139211798e88764a8940c90f14b6 1c907137bc8a9f215fbc16f2a1889393bd444f57 80df95d65ab59bdffb81e65828d0fff10ed685bd8666f1666ccc1c88355e702b Loading...

	go.bonus-wizard.com/d/.js?lpref=&lpurl=https%3A%2F%2Fwww.bonus-wizard.com%2Fen%2Flionbonus%2F%3Faff_id%3D%26ads%3D%26country%3DNorway%26fonte%3DPropeller%26traffic_type%3DPush%26cep%3DGkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk%26lptoken%3D16e0757004a1932536a5&lpt=LionBonus&t=1675047548276	3.8 kB	2023-03-13	2023-03-13
Pretty URL go.bonus-wizard.com/d/.js?lpref=&lpurl=https%3A%2F%2Fwww.bonus-wizard.com%2Fen%2Flionbonus%2F%3Faff_id%3D%26ads%3D%26country%3DNorway%26fonte%3DPropeller%26traffic_type%3DPush%26cep%3DGkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk%26lptoken%3D16e0757004a1932536a5&lpt=LionBonus&t=1675047548276 IP 18.193.146.82 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 11:57:01 Last Seen2023-03-13 11:57:01 Times Seen1 Hash 8586b19818a31fad43233e629114eea6 83b194294f6a8cd9d72aaec1ee213a3ed0222375 f81b127ac464059ec83e234a31d3a556c77aac770899bf1c5a3fe2d27b2cd704 Loading...

	www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5	482 B	2023-03-13	2023-03-13
Pretty URL www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5 IP 104.21.74.75 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:51:13 Last Seen2023-03-13 11:57:01 Times Seen1 Hash 6e98ff9a925d2cfeb99baceb96d850a2 8a09abffc8d5c9a980e066c2a704ee3f00254b68 0f95f2d1b284f26a2c9859225efa3ae9e6f52673eaf14c94ca4d16a407c98bc2 Loading...

	www.bonus-wizard.com/en/lionbonus/js/aw-form.js	1.6 kB	2023-03-12	2023-03-13
Pretty URL www.bonus-wizard.com/en/lionbonus/js/aw-form.js IP 104.21.74.75 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 23:25:50 Last Seen2023-03-13 11:57:01 Times Seen1 Hash ecd1152b09d02df2ecc292070ae4cd81 d38e6e2e0d791fab775c6d833419efebf082742a f0c0267eec6f724c1b073975d55e6539cd628a068ffa66caa75fa0606ca99e70 Loading...

	www.bonus-wizard.com/en/lionbonus/js/fields.js	1.3 kB	2023-03-13	2023-03-13
Pretty URL www.bonus-wizard.com/en/lionbonus/js/fields.js IP 104.21.74.75 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:51:13 Last Seen2023-03-13 11:57:01 Times Seen1 Hash 6af7b0794bb395a7027735bfdf3569bb 3f376ef9edd408cd26a39fd2594518b1ddec406d 37f2c2963731458ec637303921864f5e97330ce61c71677ded1170089ef16bd4 Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=5d68a9a1b406e9ef0c6faff3b826d9f0cb5d7be526430105f6346889d9465585	697 B	2023-03-12	2023-03-13
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=5d68a9a1b406e9ef0c6faff3b826d9f0cb5d7be526430105f6346889d9465585 IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 23:25:50 Last Seen2023-03-13 11:57:01 Times Seen1 Hash 62833658f7fa3cc638d4aa81f7cfbbbd f3cebbc7459ba1a3baee12ef75672c021b58b320 df6f083b006f6a44fd5e363c0378e1fde5f47ebead6630f44bd50ee068208051 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 5b63ba62ee6b6cb44090e21db8400c80	79 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 11:57:01 Last Seen2023-03-13 11:57:01 Times Seen1 Hash 5b63ba62ee6b6cb44090e21db8400c80 08393243cd99d1e281da976b44cd9cdf4c5588e4 b300946cbfd0d1acb0d73bef01acc42330cd185e9e82b13345cbd55f00476dff Loading...

HTTP Transactions (47)

URL IP Response Size

go.bonus-wizard.com/c0b04575-a979-459c-aff0-e06efe956dba

18.193.146.82

302

0 B

URL HTTP/1.1
go.bonus-wizard.com/c0b04575-a979-459c-aff0-e06efe956dba
IP
18.193.146.82:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c0b04575-a979-459c-aff0-e06efe956dba HTTP/1.1
Host: go.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Server: nginx
Date: Mon, 30 Jan 2023 02:58:56 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Pragma: no-cache
Set-Cookie: c0b04575-a979-459c-aff0-e06efe956dba-v4=sf8hFJXb45YYPIE3-YltZxs-0EsuMkYaxeTMkd8Va58; Max-Age=86400; Expires=Tue, 31-Jan-2023 02:58:56 GMT; Domain=go.bonus-wizard.com; Path=/; HttpOnly
cep-v4=YDgd-HTQdLfEZt_9xXuVkRwOqbTHIw203WT6a_uuaRqnC-DHHDbq7eQalCw_q7aWSwOBY2zQmNjrf_iuqqm8uHDnxbm-PevSMejrcKxZ-ULco8h4GyzzwRqBiDDtFD1wr-acX5WJ-jcMiWwkZ-Yn-abrRTpdouqs1lsDwhzABXPssKVFARRZX0OyNOWYaUoYoISYq2V1_wlJSs9duOSrGfEg6Dsb_PZKWeXQiRefh2_38_wY0HbqeQof_V_E8VeFAU_MnRO96PV9fWget3cXUBkHy6goJlIaLs6wjJE5EiPtZYG__X-2GN3rgfUBBpIT1qubq9AlXOhEpqeb_XGJW5v8fSP8nUS5dOILsmCxL1I; Max-Age=86400; Expires=Tue, 31-Jan-2023 02:58:56 GMT; Domain=go.bonus-wizard.com; Path=/; HttpOnly

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10989
Expires: Mon, 30 Jan 2023 06:02:05 GMT
Date: Mon, 30 Jan 2023 02:58:56 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16488
Expires: Mon, 30 Jan 2023 07:33:44 GMT
Date: Mon, 30 Jan 2023 02:58:56 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 02:43:11 GMT
content-type: application/json
age: 945
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8464
Expires: Mon, 30 Jan 2023 05:20:00 GMT
Date: Mon, 30 Jan 2023 02:58:56 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: zw6HkeX3CtGfoZfFacAoCZK/tD/3+w8gvuNNgVmhJvBLKTCzKkl5Em+oyB+abj6cmgvqx+mIaUYpuix3MrvzHA==
x-amz-request-id: 9G4S11W9G1V0QJWR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 02:21:37 GMT
age: 2239
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 02:58:56 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/VCeRmL6wFgA

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/VCeRmL6wFgA
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8d79851d64e2b18a56a6263f94488b5a
038034d9c421264f3d9a2fad0a2b74460e894115
9a625b50ed9d0ffb6ca2458cbabd156f36a97ef2ae904f6ebe67d10e8f1165f1

HTTP Headers

POST /s/gts1p5/VCeRmL6wFgA HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:57 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 30 Jan 2023 02:49:04 GMT
age: 593
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/VCeRmL6wFgA

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/VCeRmL6wFgA
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8d79851d64e2b18a56a6263f94488b5a
038034d9c421264f3d9a2fad0a2b74460e894115
9a625b50ed9d0ffb6ca2458cbabd156f36a97ef2ae904f6ebe67d10e8f1165f1

HTTP Headers

POST /s/gts1p5/VCeRmL6wFgA HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:57 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14249
Expires: Mon, 30 Jan 2023 06:56:26 GMT
Date: Mon, 30 Jan 2023 02:58:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2c4380697a101b67d9f8edb80bbe917c
d031ccb76ff8aeef9f80594b3ac3a7117e1ad05d
92fcb57afd01dbdc56cdd37ff2ebfb8807a286936093b1a863d334a3826aceb3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92FCB57AFD01DBDC56CDD37FF2EBFB8807A286936093B1A863D334A3826ACEB3"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20147
Expires: Mon, 30 Jan 2023 08:34:44 GMT
Date: Mon, 30 Jan 2023 02:58:57 GMT
Connection: keep-alive

my.rtmark.net/p.js?f=sync&lr=1&partner=5d68a9a1b406e9ef0c6faff3b826d9f0cb5d7be526430105f6346889d9465585

139.45.195.8

200 OK

697 B

URL HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=5d68a9a1b406e9ef0c6faff3b826d9f0cb5d7be526430105f6346889d9465585
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
ASCII text
Size
697 B (697 bytes)
Hash
62833658f7fa3cc638d4aa81f7cfbbbd
f3cebbc7459ba1a3baee12ef75672c021b58b320
df6f083b006f6a44fd5e363c0378e1fde5f47ebead6630f44bd50ee068208051

HTTP Headers

GET /p.js?f=sync&lr=1&partner=5d68a9a1b406e9ef0c6faff3b826d9f0cb5d7be526430105f6346889d9465585 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

www.bonus-wizard.com/en/lionbonus/img/logo.png

104.21.74.75

200 OK

14 kB

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/img/logo.png
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 209 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14428 bytes)
Hash
33c199b773adc4d871ad1e5b7de59a7d
8824747492428d2e093e0c90c6b0eb545ddfab26
ecfaa8e27b7cef92acdfe103f7579cf659ead88c4db07f7c68ec8233957243a1

HTTP Headers

GET /en/lionbonus/img/logo.png HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/png
content-length: 14428
x-amz-id-2: ReevjmTGAWiU5sareryfvTNuk+7+BclzYlEoJxOw8KcTNu4AhdeoCyUxYe+j6et+6gP/8ueh5JE=
x-amz-request-id: VP86ENF2GKSG5N1Q
last-modified: Fri, 20 Jan 2023 17:16:46 GMT
etag: "33c199b773adc4d871ad1e5b7de59a7d"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eqol%2FU%2FfHymaE99IF0fcArlx50qsmIU%2BSkhP%2BGVjyqbOYWxBW8DkkPhcoetpbHkYdOCm8B4Kk%2BmRRSqaa71e%2F65dxL%2FWCkm0Ct%2BEh39zhHJlGs8QBhn6JrgJIni9XWwwzEhoOKIK3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e58d031c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.161.4.251

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.161.4.251:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Dgj1911a1RLgkmwHtShWxw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: aS+q9k4xHp0e+kQwot4Yw+gX39I=

www.bonus-wizard.com/en/lionbonus/img/fortune-mob.23835c4.webp

104.21.74.75

200 OK

151 kB

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/img/fortune-mob.23835c4.webp
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1248x936, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
151 kB (150694 bytes)
Hash
620bfdd7ffce527d2d78597871d35f07
9638d1d9d33e0bfdd87cd1560ff67dd1086b7bdf
078090695afd64c57e28ba01310e99a8b40e81b9e3f8386e53dfbb3d43a6a429

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /en/lionbonus/img/fortune-mob.23835c4.webp HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/webp
content-length: 150694
x-amz-id-2: Dcmo/FZRZGjKnkBG63S/p2xLi7P7E1AczWzjliLmM1mjEqxMbInsrvNeDJZRxIoyyvLWnDDoaOw=
x-amz-request-id: VP8F53SD1AD9PN2K
last-modified: Fri, 20 Jan 2023 17:16:35 GMT
etag: "620bfdd7ffce527d2d78597871d35f07"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K5L9q%2BDpAzgpDcis02webQszrQvofvx7nPNbnBp1Qadu3s9e7VNGgXYU2wq62HDz7OnhAxEndzQHlJ4lNJXUdywOz%2BI33Shks50dx1WD9NT8HorgVVkoaEgcE23Z6SoGoZfP2DXUAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e58d051c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.bonus-wizard.com/en/lionbonus/img/crown.90fc328.svg

104.21.74.75

200 OK

32 kB

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/img/crown.90fc328.svg
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1194)
Size
32 kB (31560 bytes)
Hash
f89d6cf2d99fbae9e2fab5f041bec90b
849a277a00d25e12c89b4b73281e9910b2ef4320
162c646cee43ab2c801b6a4549d4dd1ab31e9df80f4adfde1fcdcc80f6dba851

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /en/lionbonus/img/crown.90fc328.svg HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/svg+xml
x-amz-id-2: /ov3bscfXKoYEG5XCmW0ELM/bR2GrOw4jMxrTpHszo282k2Bbpwl3lDwoKad08SsgooHwKzbxNM=
x-amz-request-id: VP8AX51FKGK0X8D7
last-modified: Fri, 20 Jan 2023 17:16:32 GMT
etag: W/"34148ed378c659af5e87008bc060b78a"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mG3wFnZhWWMvIZkkJz%2BnZjcso3xD42Nvjn8zSFYd%2BxgV9b9FzCkrAJXLCApuQZT7r1NX%2B8v%2FzCgEXrYN3vVuUByDG09ufd4UnPomf3N8gsi1xu0jFdvzm9zk0oEmQabYWpnoJp9aiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e58d041c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.bonus-wizard.com/en/lionbonus/img/fortune.cf5b4d6.png

104.21.74.75

200 OK

422 kB

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/img/fortune.cf5b4d6.png
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 800 x 600, 8-bit/color RGBA, non-interlaced\012- data
Size
422 kB (421571 bytes)
Hash
c22cc70f269a1340e87b182d53524386
88e54363bef49cba765118279d73575530143c65
88d71c844bd6ed841ed498e2df774a29f03a721bd2fdfaaa7d84f7e7c00dde62

HTTP Headers

GET /en/lionbonus/img/fortune.cf5b4d6.png HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/png
content-length: 421571
x-amz-id-2: OE8t6taD4lEbcFYUXUWciHFxPJ+MmW37FnXhLSk6e60EObAye2KrkH6IcdFJ3ixDip+S1Bhjg5E=
x-amz-request-id: VP82HTZKGN3E68GT
last-modified: Fri, 20 Jan 2023 17:16:40 GMT
etag: "c22cc70f269a1340e87b182d53524386"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MXRGF41EAKIesVtqgflxkGZu5YBKe6NikJ44HPKWkLRXw7bb70J7u7yGyUCpZ9oiyhDDjIblWT9T6J%2BMER7%2BDsq2Y2YIdNtEEWiBzHXh42KjwpfyvAKii%2BnRsiNEB2DCiN%2FNscMV%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d0b1c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3eacbe77ddfe164ae0acb15ddf569eac
0b9a993791355cd1ea96d7420c862cab6f69a902
6c7bd5d9a1bc058ead700f1e29b4fd7322183ed01ff9f5a29b78de6be0c611dc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6C7BD5D9A1BC058EAD700F1E29B4FD7322183ED01FF9F5A29B78DE6BE0C611DC"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19675
Expires: Mon, 30 Jan 2023 08:26:53 GMT
Date: Mon, 30 Jan 2023 02:58:58 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

go.bonus-wizard.com/d/.js?lpref=&lpurl=https%3A%2F%2Fwww.bonus-wizard.com%2Fen%2Flionbonus%2F%3Faff_id%3D%26ads%3D%26country%3DNorway%26fonte%3DPropeller%26traffic_type%3DPush%26cep%3DGkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk%26lptoken%3D16e0757004a1932536a5&lpt=LionBonus&t=1675047548276

18.193.146.82

200 OK

3.8 kB

URL HTTP/2
go.bonus-wizard.com/d/.js?lpref=&lpurl=https%3A%2F%2Fwww.bonus-wizard.com%2Fen%2Flionbonus%2F%3Faff_id%3D%26ads%3D%26country%3DNorway%26fonte%3DPropeller%26traffic_type%3DPush%26cep%3DGkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk%26lptoken%3D16e0757004a1932536a5&lpt=LionBonus&t=1675047548276
IP
18.193.146.82:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1799)
Size
3.8 kB (3827 bytes)
Hash
8586b19818a31fad43233e629114eea6
83b194294f6a8cd9d72aaec1ee213a3ed0222375
f81b127ac464059ec83e234a31d3a556c77aac770899bf1c5a3fe2d27b2cd704

HTTP Headers

GET /d/.js?lpref=&lpurl=https%3A%2F%2Fwww.bonus-wizard.com%2Fen%2Flionbonus%2F%3Faff_id%3D%26ads%3D%26country%3DNorway%26fonte%3DPropeller%26traffic_type%3DPush%26cep%3DGkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk%26lptoken%3D16e0757004a1932536a5&lpt=LionBonus&t=1675047548276 HTTP/1.1
Host: go.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 02:58:58 GMT
content-type: application/javascript;charset=UTF-8
content-length: 3827
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2

lemouwee.com/zone?&pub=0&zone_id=4534224&is_mobile=false&domain=www.bonus-wizard.com&var=&ymid=&var_3=&dsig=&action=prerequest

139.45.197.251

200 OK

0 B

URL HTTP/2
lemouwee.com/zone?&pub=0&zone_id=4534224&is_mobile=false&domain=www.bonus-wizard.com&var=&ymid=&var_3=&dsig=&action=prerequest
IP
139.45.197.251:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=4534224&is_mobile=false&domain=www.bonus-wizard.com&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: lemouwee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.bonus-wizard.com
Connection: keep-alive
Referer: https://www.bonus-wizard.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 02:58:58 GMT
content-length: 0
x-trace-id: 98943b74d7355690db95d9bb6090d47d
access-control-allow-origin: https://www.bonus-wizard.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.bonus-wizard.com/en/lionbonus/css/style.css

104.21.74.75

200 OK

42 kB

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/css/style.css
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
Size
42 kB (41703 bytes)
Hash
5e225f1d344824dd7c37e9796819041e
88743d1977ced2ec8ec1f8e4c136c1a7eb7cb913
a06e4e4e206e5ee5f4594bdcab1a0bcca481d37d5e265162d68cd1b3bfc10a8e

HTTP Headers

GET /en/lionbonus/css/style.css HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:58 GMT
content-type: text/css
x-amz-id-2: 45fQlNY3GNbTKt4YPaY63+OcxEFnddTuYwAvTNSJb/zMmg8irx7g/JfUI9aVgz0mis7B0TB+Gzw=
x-amz-request-id: VP8E0P71NA4DWEK6
last-modified: Fri, 20 Jan 2023 17:16:49 GMT
etag: W/"b917710df5fee6e4fad7455e783a88e7"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Hd2Ionfehai3D5BkZXrLUHFlb37rhweC1KldAbg%2FF%2BRxExI5HWsOmcbIJqNZkhx52KmG9W2YbC0mcuxlmjVRrE2nGQJ4EMbgcwGfS6pP40cI3pKs1A1F4720P4ukzJzYDfYY26iTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e58d011c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

forms.aweber.com/form/displays.htm?id=TJwsDKxs7Bys

151.101.194.137

200 OK

43 B

URL HTTP/2
forms.aweber.com/form/displays.htm?id=TJwsDKxs7Bys
IP
151.101.194.137:0
ASN
#54113 FASTLY

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

HTTP Headers

GET /form/displays.htm?id=TJwsDKxs7Bys HTTP/1.1
Host: forms.aweber.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="http://www.aweber.com/w3c/p3p.xml", CP="NOI DSP COR NID IND"
cache-control: No-Cache
content-type: image/gif
pragma: No-Cache
accept-ranges: bytes
date: Mon, 30 Jan 2023 02:58:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1640-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1675047538.485198,VS0,VE321
vary: Accept-Encoding
referrer-policy: no-referrer-when-downgrade
content-length: 43
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10635
Expires: Mon, 30 Jan 2023 05:56:14 GMT
Date: Mon, 30 Jan 2023 02:58:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10635
Expires: Mon, 30 Jan 2023 05:56:14 GMT
Date: Mon, 30 Jan 2023 02:58:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10635
Expires: Mon, 30 Jan 2023 05:56:14 GMT
Date: Mon, 30 Jan 2023 02:58:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10635
Expires: Mon, 30 Jan 2023 05:56:14 GMT
Date: Mon, 30 Jan 2023 02:58:59 GMT
Connection: keep-alive

www.bonus-wizard.com/en/lionbonus/img/askgamblers-stars.d6f2bf7.svg

104.21.74.75

200 OK

4.7 kB

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/img/askgamblers-stars.d6f2bf7.svg
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (461)
Size
4.7 kB (4719 bytes)
Hash
221959c96785899c5f25eb02ec40828f
115a5034079c76ff3ca3ee093cbf5373ab83ed57
7774dcf4e61b5ea598f1a9c9ac42d289007703036b647dcae9cfb6242946c406

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /en/lionbonus/img/askgamblers-stars.d6f2bf7.svg HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/svg+xml
x-amz-id-2: rkkejl03o+q5akm1A5/FFv47Er5hPC6sreubTPCcVw/8RLLD0kXgNlW2zXCTGmwQPud0sXB+/4M=
x-amz-request-id: VP84C2RFX9W6D8MJ
last-modified: Fri, 20 Jan 2023 17:16:30 GMT
etag: W/"1fd925306072a46a2a5478a8af617fef"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wHnKo2%2FHJCSUlaLjGYHmBLUYrb%2BIYUQTnAJiblXUDPJzydJj7XIkr%2Bu3AdKtRob3m5LOBTXoBnLVJ1vmii6m47rew%2BhOYLwuoLWmBu%2FgymdbSAYwbbc1v76uODqpZxNJWmhPHJ9euw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d0d1c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9457 bytes)
Hash
51aa950d5eed7b90cab6632107092edc
e4388ced02e5576867e77547496dec1ac2338ef7
588830e5f725e8e56270565e40f817f2658b0ee7c0425d138e5f65a17ff40483

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9457
x-amzn-requestid: 7c48e5ca-2128-43da-ba83-fd91568af1ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkBOGHVoAMFQtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6d4-1b850ffd543f51f92dec3894;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: soTFEnYjNcti77h3FpnztwzR7ypv68NbyoI6DxS0NhU412ykFsWAgA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:00:38 GMT
age: 17901
etag: "e4388ced02e5576867e77547496dec1ac2338ef7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9167 bytes)
Hash
3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: f644ca78-a07a-43d1-96e4-95bcdecff7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGLfFtOIAMFp7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e2-202ca7160544acd24259bd5d;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xRwqrWS66l4qJfg2HnGphN1dbrIUod9XKW3zTk_-Km9AQRPyV2UqWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 20:46:17 GMT
age: 22362
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8464 bytes)
Hash
fe31ee140c2fd62e616c8a1edc9e78bb
7aa5fbdc8156514770ae620e81f1afef1c77890f
799af4bf9fa07ed27ebdc9d1a3344ee8a2b6529f076c263495b93290c47a1cc4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8464
x-amzn-requestid: bf2cf356-ebb1-469b-ba35-a79bb009cad6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj3qGeboAMFzNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e697-7c96841f52b6a96d1b0eaf34;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UNub7Gd4S0ogn5EJhtJVu8q1qML5_4eL2lIPQXiAuXy_q-XiR4s-5w==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:55:21 GMT
etag: "7aa5fbdc8156514770ae620e81f1afef1c77890f"
content-type: image/jpeg
age: 18218
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7679 bytes)
Hash
3e04b9eaf7449828136ad59e4c9d69f1
b820be4ed885dcf288eb6460c57e1fa7b1c7c476
df75cf7183d401a19655aab025d08ad2c498573c88b32e9b258d951d2993b936

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7679
x-amzn-requestid: 0c7983d5-6040-44e9-b394-21c3784702a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkEtEfHoAMFaNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6ea-54c55dbd09ca642048af8916;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Wx-qjsrMLYpLmE-8QmpR46BeRySbUGL2Rrr6LqhEQ8jaEEj_6Aj0qg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:52:09 GMT
age: 18410
etag: "b820be4ed885dcf288eb6460c57e1fa7b1c7c476"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f96350b-0dd8-46ee-a270-85f96329b7c9.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11095 bytes)
Hash
bb1a5e0a2bb1cacf87189373c118adf4
079974268f755aa38fb2cb32b8bcb748353c793f
1b0519e6bfca30a31b83d427302f7e22140f5b2da6f13cac37ea9c07abc42676

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f96350b-0dd8-46ee-a270-85f96329b7c9.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11095
x-amzn-requestid: dc7c00e2-cd2d-4265-8763-3dd7dbe223ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkFyEhJIAMFjpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6f1-541a17c362e95dfa5e90f58f;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: t1IqXPqG23nYmxAPOJFaZhKDD49KD8fREs8L59AGjx-1AzoQOeSO0A==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:53:08 GMT
age: 18351
etag: "079974268f755aa38fb2cb32b8bcb748353c793f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5

104.21.74.75

200 OK

0 B

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5 HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: text/html
x-amz-id-2: 3OSaROUKrkqYOU67okqyuld4WhZ+3XYbzYuPzA/UziGm94SshQbVyTnSCDML6HvbvKj5wxqFIdI=
x-amz-request-id: VP8AR323VYQA5Z2F
last-modified: Tue, 24 Jan 2023 19:56:27 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qk%2FUMoAms9iC6rfoOknHBjPxAL55%2BxKCjHvLGk9aYuHLE5ghBqyibWq3%2Ff3BiIs8IKaiO5KusCTuuOnjNWUtCWzwlitLaJmCuxHxDVdLqSiipzIwxjKMWE2IMDuRcRyb1mK7epxnCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7916f2e34c611c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.bonus-wizard.com/en/lionbonus/js/aw-form.js

104.21.74.75

200 OK

0 B

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/js/aw-form.js
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /en/lionbonus/js/aw-form.js HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: application/javascript
x-amz-id-2: EIMVJ/t/dIoHZZ7tcEkNN/ar/LayHZ4tm7Y4Mb2KG7ktQiqW1dRERu228mEzQGBXYjuEfmPl7vQ=
x-amz-request-id: VP80363BMA4NQPBR
last-modified: Fri, 20 Jan 2023 17:16:27 GMT
etag: W/"ecd1152b09d02df2ecc292070ae4cd81"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qF0CUdwwWytTXA3ClEkggK1Xely7DD5Fl66sWxi56TliCpLTnTxA1A9Zx%2Fl6rd61xUmViVvicNtBvFtidRoySpWgNlfRuSFiUWtvhOwHKjKk4lr4WOtmJmtIjoqttm5582ary3ql7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d0f1c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.bonus-wizard.com/en/lionbonus/img/cup.b346f44.svg

104.21.74.75

200 OK

0 B

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/img/cup.b346f44.svg
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /en/lionbonus/img/cup.b346f44.svg HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/svg+xml
x-amz-id-2: ZBAxPsXDHA9/PDQOlo8zX1zWpcRaNjx6kai/HsWT6+3ltQFU1yi4nGoEXv5sN1ochHC23sd961A=
x-amz-request-id: VP8FB6240YSHQT55
last-modified: Fri, 20 Jan 2023 17:16:33 GMT
etag: W/"54b7d67206f5a6672af0e1081f274541"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ucWQ7mqTmadzczFoNa7%2BXlaF8BAemZz86EPOq2XTSDav1OEF%2FhTFZaHtmqHYnkMrGycz5JhmuIJM9MlpTXHzgYaUQPjPgYvd47b10SavgOnSaYM6NvAUPR%2FYfTzt0uVfCzY%2FolC%2Fzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d0a1c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.bonus-wizard.com/en/lionbonus/js/modal-form.js

104.21.74.75

200 OK

0 B

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/js/modal-form.js
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /en/lionbonus/js/modal-form.js HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: application/javascript
x-amz-id-2: 5cedb5akJIM1pQaWowJ55F3qrciQzfAkW2TUHC6bkLseNvnTDnO8V2pnzpO4YY867ouhwqBnH/U=
x-amz-request-id: VP83FS29TKBDSQAC
last-modified: Fri, 20 Jan 2023 17:16:29 GMT
etag: W/"1846f611f4c1ab491bd2a71643a2874c"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LeFiE1sZ1fLbRIXOVtCjF1%2FFUscOiUTVTTdY17aixRilGtVg%2FaveQ4GMEcek3rmc7PDKGcIgWhYd%2FpSK1ppFzuxmgj1ESP6MO7V%2BmPJN3v3VfaGjN07u1%2BpU%2B6FXPdLzhea817wT8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d111c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.bonus-wizard.com/en/lionbonus/js/fields.js

104.21.74.75

200 OK

0 B

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/js/fields.js
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /en/lionbonus/js/fields.js HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: application/javascript
x-amz-id-2: tH+jImXLGUvSXwuGH1m2LVwQxNXpKm+6uBSFu1LbNYU3RBWUIBAMDsufq5qVewr1iS0rqUntQ0A=
x-amz-request-id: VP8DNTXWWT5BVAMJ
last-modified: Sat, 21 Jan 2023 08:22:21 GMT
etag: W/"6af7b0794bb395a7027735bfdf3569bb"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vTS8YOv%2Fzal33Gwd0KZ0%2Bbw0b7WaIzmMn3iM%2FDcBK%2FYnVJUlNMsq21vaQ491mL3043e4UvvK4f1F6aQ4zCivsDUIqTFWyFZh%2FeiWyed6FX5n9RZ5KKa40HC9VlIXya2rCc28LbrCMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d101c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.bonus-wizard.com/en/lionbonus/js/bonus.js

104.21.74.75

200 OK

0 B

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/js/bonus.js
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /en/lionbonus/js/bonus.js HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: application/javascript
x-amz-id-2: VD+p9CqoUyO8HZH/lwEsaQsNc/xj3Kj712kuqGbSpyRtjV6POVlfmywCFOHuTwuT2VDCq916oqo=
x-amz-request-id: VP8CNA3KXV7N2C10
last-modified: Fri, 20 Jan 2023 17:16:28 GMT
etag: W/"220966047436dc5c95be43ca3fa5dfef"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YsIMpQUFiBzspkDU5bnutu55P%2F3yJVYaJ3%2Bg5xPI18WkPS8ODtu%2FlfvbMUWWkvYEeTIrxoPXQuFFMV809ZlF9meJCRkRpu5db2W9EzTHO%2FdgoDhxOjQuP4nHosijHWllTWQdsQRtQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d121c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.bonus-wizard.com/en/lionbonus/img/wheel.e7e3a06.svg

104.21.74.75

200 OK

0 B

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/img/wheel.e7e3a06.svg
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /en/lionbonus/img/wheel.e7e3a06.svg HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/svg+xml
x-amz-id-2: wzjY0j7b4pAOjMJaSOulROP5DvxZ7+rlUxbmDSLoplh4JF8xP/P5Bwdq66xrpvfikExWEDSuc68=
x-amz-request-id: VP8ADA3XC12XA77E
last-modified: Fri, 20 Jan 2023 17:16:48 GMT
etag: W/"5d0fba225e9cb1bdb9bdede535babae2"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kHlPahSWaztz2CMnEoJDGi%2Bv9ymWwm7FhoLMJFdSd7BLAtgwogqn3wI4QL64K%2BpliaiiuZSbkwEj7fPlpicAftxacbNcyqQoNY7guPBt5DWYlCP0vlZrA7b95esAGnP%2BaQSUmBMHWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e58d081c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.bonus-wizard.com/en/lionbonus/img/crown.2a86162.svg

104.21.74.75

200 OK

0 B

URL HTTP/2
www.bonus-wizard.com/en/lionbonus/img/crown.2a86162.svg
IP
104.21.74.75:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /en/lionbonus/img/crown.2a86162.svg HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/svg+xml
x-amz-id-2: 7IxaO99mIGyOJt96fG92CIyg6xwlJfGYogCAWfJR6kXHL6JCxdx6Nsl4/tuCW3GbzGL9lorlre0=
x-amz-request-id: VP86VQSB4TS8BXCJ
last-modified: Fri, 20 Jan 2023 17:16:32 GMT
etag: W/"cf3ae00893e4b607a201849ff1377960"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jYj3Cn%2FYyuH67f8NzlfIytkVl0Hb1piUmtC53DTU6JbsdsdtL0BavZLLNXLNRRJRin1ULqeBYypz%2F3Zpfihp%2FFYKp0xcYlw0X2tTfnGsF4GhXr%2FF4yolscB%2BsKJZfhs%2FCrBO%2BBRNcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e58d061c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML