| go.bonus-wizard.com/c0b04575-a979-459c-aff0-e06efe956dba | 18.193.146.82 | 302 | 0 B |
URL HTTP/1.1go.bonus-wizard.com/c0b04575-a979-459c-aff0-e06efe956dba IP18.193.146.82:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c0b04575-a979-459c-aff0-e06efe956dba HTTP/1.1
Host: go.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Server: nginx
Date: Mon, 30 Jan 2023 02:58:56 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Pragma: no-cache
Set-Cookie: c0b04575-a979-459c-aff0-e06efe956dba-v4=sf8hFJXb45YYPIE3-YltZxs-0EsuMkYaxeTMkd8Va58; Max-Age=86400; Expires=Tue, 31-Jan-2023 02:58:56 GMT; Domain=go.bonus-wizard.com; Path=/; HttpOnly
cep-v4=YDgd-HTQdLfEZt_9xXuVkRwOqbTHIw203WT6a_uuaRqnC-DHHDbq7eQalCw_q7aWSwOBY2zQmNjrf_iuqqm8uHDnxbm-PevSMejrcKxZ-ULco8h4GyzzwRqBiDDtFD1wr-acX5WJ-jcMiWwkZ-Yn-abrRTpdouqs1lsDwhzABXPssKVFARRZX0OyNOWYaUoYoISYq2V1_wlJSs9duOSrGfEg6Dsb_PZKWeXQiRefh2_38_wY0HbqeQof_V_E8VeFAU_MnRO96PV9fWget3cXUBkHy6goJlIaLs6wjJE5EiPtZYG__X-2GN3rgfUBBpIT1qubq9AlXOhEpqeb_XGJW5v8fSP8nUS5dOILsmCxL1I; Max-Age=86400; Expires=Tue, 31-Jan-2023 02:58:56 GMT; Domain=go.bonus-wizard.com; Path=/; HttpOnly
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hasha2104f935c638b4767ca5ae0d738ef23 85c6af15af749be0ceeae6de17c36925b750f166 5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10989
Expires: Mon, 30 Jan 2023 06:02:05 GMT
Date: Mon, 30 Jan 2023 02:58:56 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash81dd5c5cc5b3278876cb44dcb520a60f c0511a59e9eccdcdda98717b87c89c5d59974808 41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16488
Expires: Mon, 30 Jan 2023 07:33:44 GMT
Date: Mon, 30 Jan 2023 02:58:56 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashdcd75ca6daca51c5e39d431468511793 07f76d3bf23d65c9110d810fa71a994e39e085d3 73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 02:43:11 GMT
content-type: application/json
age: 945
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash302c7548412192add063ad6c8b99cf3b e5d178931a27db036ce8daae302594d3ff7050b8 fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8464
Expires: Mon, 30 Jan 2023 05:20:00 GMT
Date: Mon, 30 Jan 2023 02:58:56 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash7b922915ebf1fa3639b333f994c74f24 144a3f80b98fd0652d4614f24cf6cbbee40f8938 adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zw6HkeX3CtGfoZfFacAoCZK/tD/3+w8gvuNNgVmhJvBLKTCzKkl5Em+oyB+abj6cmgvqx+mIaUYpuix3MrvzHA==
x-amz-request-id: 9G4S11W9G1V0QJWR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 02:21:37 GMT
age: 2239
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 02:58:56 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/s/gts1p5/VCeRmL6wFgA | 142.250.74.131 | 200 OK | 471 B |
URL HTTP/1.1ocsp.pki.goog/s/gts1p5/VCeRmL6wFgA IP142.250.74.131:0
Hash8d79851d64e2b18a56a6263f94488b5a 038034d9c421264f3d9a2fad0a2b74460e894115 9a625b50ed9d0ffb6ca2458cbabd156f36a97ef2ae904f6ebe67d10e8f1165f1
POST /s/gts1p5/VCeRmL6wFgA HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:57 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 30 Jan 2023 02:49:04 GMT
age: 593
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/s/gts1p5/VCeRmL6wFgA | 142.250.74.131 | 200 OK | 471 B |
URL HTTP/1.1ocsp.pki.goog/s/gts1p5/VCeRmL6wFgA IP142.250.74.131:0
Hash8d79851d64e2b18a56a6263f94488b5a 038034d9c421264f3d9a2fad0a2b74460e894115 9a625b50ed9d0ffb6ca2458cbabd156f36a97ef2ae904f6ebe67d10e8f1165f1
POST /s/gts1p5/VCeRmL6wFgA HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:57 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash22b9916fc1fafc9bdc9bb37f9eac8a9a 86f640e134a741a0f906a8e3a0f5c6659dd0e394 a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14249
Expires: Mon, 30 Jan 2023 06:56:26 GMT
Date: Mon, 30 Jan 2023 02:58:57 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash2c4380697a101b67d9f8edb80bbe917c d031ccb76ff8aeef9f80594b3ac3a7117e1ad05d 92fcb57afd01dbdc56cdd37ff2ebfb8807a286936093b1a863d334a3826aceb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92FCB57AFD01DBDC56CDD37FF2EBFB8807A286936093B1A863D334A3826ACEB3"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20147
Expires: Mon, 30 Jan 2023 08:34:44 GMT
Date: Mon, 30 Jan 2023 02:58:57 GMT
Connection: keep-alive
|
|
| my.rtmark.net/p.js?f=sync&lr=1&partner=5d68a9a1b406e9ef0c6faff3b826d9f0cb5d7be526430105f6346889d9465585 | 139.45.195.8 | 200 OK | 697 B |
URL HTTP/2my.rtmark.net/p.js?f=sync&lr=1&partner=5d68a9a1b406e9ef0c6faff3b826d9f0cb5d7be526430105f6346889d9465585 IP139.45.195.8:0
Hash62833658f7fa3cc638d4aa81f7cfbbbd f3cebbc7459ba1a3baee12ef75672c021b58b320 df6f083b006f6a44fd5e363c0378e1fde5f47ebead6630f44bd50ee068208051
GET /p.js?f=sync&lr=1&partner=5d68a9a1b406e9ef0c6faff3b826d9f0cb5d7be526430105f6346889d9465585 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| www.bonus-wizard.com/en/lionbonus/img/logo.png | 104.21.74.75 | 200 OK | 14 kB |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/img/logo.png IP104.21.74.75:0
File typePNG image data, 209 x 60, 8-bit/color RGBA, non-interlaced\012- data Hash33c199b773adc4d871ad1e5b7de59a7d 8824747492428d2e093e0c90c6b0eb545ddfab26 ecfaa8e27b7cef92acdfe103f7579cf659ead88c4db07f7c68ec8233957243a1
GET /en/lionbonus/img/logo.png HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/png
content-length: 14428
x-amz-id-2: ReevjmTGAWiU5sareryfvTNuk+7+BclzYlEoJxOw8KcTNu4AhdeoCyUxYe+j6et+6gP/8ueh5JE=
x-amz-request-id: VP86ENF2GKSG5N1Q
last-modified: Fri, 20 Jan 2023 17:16:46 GMT
etag: "33c199b773adc4d871ad1e5b7de59a7d"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eqol%2FU%2FfHymaE99IF0fcArlx50qsmIU%2BSkhP%2BGVjyqbOYWxBW8DkkPhcoetpbHkYdOCm8B4Kk%2BmRRSqaa71e%2F65dxL%2FWCkm0Ct%2BEh39zhHJlGs8QBhn6JrgJIni9XWwwzEhoOKIK3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e58d031c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 35.161.4.251 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP35.161.4.251:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Dgj1911a1RLgkmwHtShWxw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: aS+q9k4xHp0e+kQwot4Yw+gX39I=
|
|
| www.bonus-wizard.com/en/lionbonus/img/fortune-mob.23835c4.webp | 104.21.74.75 | 200 OK | 151 kB |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/img/fortune-mob.23835c4.webp IP104.21.74.75:0
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1248x936, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size151 kB (150694 bytes) Hash620bfdd7ffce527d2d78597871d35f07 9638d1d9d33e0bfdd87cd1560ff67dd1086b7bdf 078090695afd64c57e28ba01310e99a8b40e81b9e3f8386e53dfbb3d43a6a429
Analyzer | Verdict | Alert | fortinet | Malware | |
GET /en/lionbonus/img/fortune-mob.23835c4.webp HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/webp
content-length: 150694
x-amz-id-2: Dcmo/FZRZGjKnkBG63S/p2xLi7P7E1AczWzjliLmM1mjEqxMbInsrvNeDJZRxIoyyvLWnDDoaOw=
x-amz-request-id: VP8F53SD1AD9PN2K
last-modified: Fri, 20 Jan 2023 17:16:35 GMT
etag: "620bfdd7ffce527d2d78597871d35f07"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K5L9q%2BDpAzgpDcis02webQszrQvofvx7nPNbnBp1Qadu3s9e7VNGgXYU2wq62HDz7OnhAxEndzQHlJ4lNJXUdywOz%2BI33Shks50dx1WD9NT8HorgVVkoaEgcE23Z6SoGoZfP2DXUAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e58d051c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hashdb3290a85d0ba4da27406ae9636aa618 4c69da45eddd66a1e26fce5562fc45eda7005309 19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hashdb3290a85d0ba4da27406ae9636aa618 4c69da45eddd66a1e26fce5562fc45eda7005309 19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.bonus-wizard.com/en/lionbonus/img/crown.90fc328.svg | 104.21.74.75 | 200 OK | 32 kB |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/img/crown.90fc328.svg IP104.21.74.75:0
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1194) Hashf89d6cf2d99fbae9e2fab5f041bec90b 849a277a00d25e12c89b4b73281e9910b2ef4320 162c646cee43ab2c801b6a4549d4dd1ab31e9df80f4adfde1fcdcc80f6dba851
Analyzer | Verdict | Alert | fortinet | Malware | |
GET /en/lionbonus/img/crown.90fc328.svg HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/svg+xml
x-amz-id-2: /ov3bscfXKoYEG5XCmW0ELM/bR2GrOw4jMxrTpHszo282k2Bbpwl3lDwoKad08SsgooHwKzbxNM=
x-amz-request-id: VP8AX51FKGK0X8D7
last-modified: Fri, 20 Jan 2023 17:16:32 GMT
etag: W/"34148ed378c659af5e87008bc060b78a"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mG3wFnZhWWMvIZkkJz%2BnZjcso3xD42Nvjn8zSFYd%2BxgV9b9FzCkrAJXLCApuQZT7r1NX%2B8v%2FzCgEXrYN3vVuUByDG09ufd4UnPomf3N8gsi1xu0jFdvzm9zk0oEmQabYWpnoJp9aiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e58d041c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.bonus-wizard.com/en/lionbonus/img/fortune.cf5b4d6.png | 104.21.74.75 | 200 OK | 422 kB |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/img/fortune.cf5b4d6.png IP104.21.74.75:0
File typePNG image data, 800 x 600, 8-bit/color RGBA, non-interlaced\012- data Size422 kB (421571 bytes) Hashc22cc70f269a1340e87b182d53524386 88e54363bef49cba765118279d73575530143c65 88d71c844bd6ed841ed498e2df774a29f03a721bd2fdfaaa7d84f7e7c00dde62
GET /en/lionbonus/img/fortune.cf5b4d6.png HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/png
content-length: 421571
x-amz-id-2: OE8t6taD4lEbcFYUXUWciHFxPJ+MmW37FnXhLSk6e60EObAye2KrkH6IcdFJ3ixDip+S1Bhjg5E=
x-amz-request-id: VP82HTZKGN3E68GT
last-modified: Fri, 20 Jan 2023 17:16:40 GMT
etag: "c22cc70f269a1340e87b182d53524386"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MXRGF41EAKIesVtqgflxkGZu5YBKe6NikJ44HPKWkLRXw7bb70J7u7yGyUCpZ9oiyhDDjIblWT9T6J%2BMER7%2BDsq2Y2YIdNtEEWiBzHXh42KjwpfyvAKii%2BnRsiNEB2DCiN%2FNscMV%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d0b1c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hashdb3290a85d0ba4da27406ae9636aa618 4c69da45eddd66a1e26fce5562fc45eda7005309 19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash3eacbe77ddfe164ae0acb15ddf569eac 0b9a993791355cd1ea96d7420c862cab6f69a902 6c7bd5d9a1bc058ead700f1e29b4fd7322183ed01ff9f5a29b78de6be0c611dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6C7BD5D9A1BC058EAD700F1E29B4FD7322183ED01FF9F5A29B78DE6BE0C611DC"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19675
Expires: Mon, 30 Jan 2023 08:26:53 GMT
Date: Mon, 30 Jan 2023 02:58:58 GMT
Connection: keep-alive
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hashdb3290a85d0ba4da27406ae9636aa618 4c69da45eddd66a1e26fce5562fc45eda7005309 19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hashdb3290a85d0ba4da27406ae9636aa618 4c69da45eddd66a1e26fce5562fc45eda7005309 19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hashdb3290a85d0ba4da27406ae9636aa618 4c69da45eddd66a1e26fce5562fc45eda7005309 19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 02:58:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| go.bonus-wizard.com/d/.js?lpref=&lpurl=https%3A%2F%2Fwww.bonus-wizard.com%2Fen%2Flionbonus%2F%3Faff_id%3D%26ads%3D%26country%3DNorway%26fonte%3DPropeller%26traffic_type%3DPush%26cep%3DGkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk%26lptoken%3D16e0757004a1932536a5&lpt=LionBonus&t=1675047548276 | 18.193.146.82 | 200 OK | 3.8 kB |
URL HTTP/2go.bonus-wizard.com/d/.js?lpref=&lpurl=https%3A%2F%2Fwww.bonus-wizard.com%2Fen%2Flionbonus%2F%3Faff_id%3D%26ads%3D%26country%3DNorway%26fonte%3DPropeller%26traffic_type%3DPush%26cep%3DGkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk%26lptoken%3D16e0757004a1932536a5&lpt=LionBonus&t=1675047548276 IP18.193.146.82:0
File typeASCII text, with very long lines (1799) Hash8586b19818a31fad43233e629114eea6 83b194294f6a8cd9d72aaec1ee213a3ed0222375 f81b127ac464059ec83e234a31d3a556c77aac770899bf1c5a3fe2d27b2cd704
GET /d/.js?lpref=&lpurl=https%3A%2F%2Fwww.bonus-wizard.com%2Fen%2Flionbonus%2F%3Faff_id%3D%26ads%3D%26country%3DNorway%26fonte%3DPropeller%26traffic_type%3DPush%26cep%3DGkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk%26lptoken%3D16e0757004a1932536a5&lpt=LionBonus&t=1675047548276 HTTP/1.1
Host: go.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 02:58:58 GMT
content-type: application/javascript;charset=UTF-8
content-length: 3827
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
|
|
| lemouwee.com/zone?&pub=0&zone_id=4534224&is_mobile=false&domain=www.bonus-wizard.com&var=&ymid=&var_3=&dsig=&action=prerequest | 139.45.197.251 | 200 OK | 0 B |
URL HTTP/2lemouwee.com/zone?&pub=0&zone_id=4534224&is_mobile=false&domain=www.bonus-wizard.com&var=&ymid=&var_3=&dsig=&action=prerequest IP139.45.197.251:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=4534224&is_mobile=false&domain=www.bonus-wizard.com&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: lemouwee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.bonus-wizard.com
Connection: keep-alive
Referer: https://www.bonus-wizard.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 02:58:58 GMT
content-length: 0
x-trace-id: 98943b74d7355690db95d9bb6090d47d
access-control-allow-origin: https://www.bonus-wizard.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| www.bonus-wizard.com/en/lionbonus/css/style.css | 104.21.74.75 | 200 OK | 42 kB |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/css/style.css IP104.21.74.75:0
File typeUnicode text, UTF-8 text, with very long lines (65530), with no line terminators Hash5e225f1d344824dd7c37e9796819041e 88743d1977ced2ec8ec1f8e4c136c1a7eb7cb913 a06e4e4e206e5ee5f4594bdcab1a0bcca481d37d5e265162d68cd1b3bfc10a8e
GET /en/lionbonus/css/style.css HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:58 GMT
content-type: text/css
x-amz-id-2: 45fQlNY3GNbTKt4YPaY63+OcxEFnddTuYwAvTNSJb/zMmg8irx7g/JfUI9aVgz0mis7B0TB+Gzw=
x-amz-request-id: VP8E0P71NA4DWEK6
last-modified: Fri, 20 Jan 2023 17:16:49 GMT
etag: W/"b917710df5fee6e4fad7455e783a88e7"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Hd2Ionfehai3D5BkZXrLUHFlb37rhweC1KldAbg%2FF%2BRxExI5HWsOmcbIJqNZkhx52KmG9W2YbC0mcuxlmjVRrE2nGQJ4EMbgcwGfS6pP40cI3pKs1A1F4720P4ukzJzYDfYY26iTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e58d011c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| forms.aweber.com/form/displays.htm?id=TJwsDKxs7Bys | 151.101.194.137 | 200 OK | 43 B |
URL HTTP/2forms.aweber.com/form/displays.htm?id=TJwsDKxs7Bys IP151.101.194.137:0
File typeGIF image data, version 89a, 1 x 1\012- data Hash6d22e4f2d2057c6e8d6fab098e76e80f b80b11203d97fe01c5597ca3be70406ea48f5709 afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /form/displays.htm?id=TJwsDKxs7Bys HTTP/1.1
Host: forms.aweber.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="http://www.aweber.com/w3c/p3p.xml", CP="NOI DSP COR NID IND"
cache-control: No-Cache
content-type: image/gif
pragma: No-Cache
accept-ranges: bytes
date: Mon, 30 Jan 2023 02:58:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1640-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1675047538.485198,VS0,VE321
vary: Accept-Encoding
referrer-policy: no-referrer-when-downgrade
content-length: 43
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashf2a0c2c0f25bdd19baf87cbb3a87dcdb bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10635
Expires: Mon, 30 Jan 2023 05:56:14 GMT
Date: Mon, 30 Jan 2023 02:58:59 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashf2a0c2c0f25bdd19baf87cbb3a87dcdb bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10635
Expires: Mon, 30 Jan 2023 05:56:14 GMT
Date: Mon, 30 Jan 2023 02:58:59 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashf2a0c2c0f25bdd19baf87cbb3a87dcdb bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10635
Expires: Mon, 30 Jan 2023 05:56:14 GMT
Date: Mon, 30 Jan 2023 02:58:59 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashf2a0c2c0f25bdd19baf87cbb3a87dcdb bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10635
Expires: Mon, 30 Jan 2023 05:56:14 GMT
Date: Mon, 30 Jan 2023 02:58:59 GMT
Connection: keep-alive
|
|
| www.bonus-wizard.com/en/lionbonus/img/askgamblers-stars.d6f2bf7.svg | 104.21.74.75 | 200 OK | 4.7 kB |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/img/askgamblers-stars.d6f2bf7.svg IP104.21.74.75:0
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (461) Hash221959c96785899c5f25eb02ec40828f 115a5034079c76ff3ca3ee093cbf5373ab83ed57 7774dcf4e61b5ea598f1a9c9ac42d289007703036b647dcae9cfb6242946c406
Analyzer | Verdict | Alert | fortinet | Malware | |
GET /en/lionbonus/img/askgamblers-stars.d6f2bf7.svg HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/svg+xml
x-amz-id-2: rkkejl03o+q5akm1A5/FFv47Er5hPC6sreubTPCcVw/8RLLD0kXgNlW2zXCTGmwQPud0sXB+/4M=
x-amz-request-id: VP84C2RFX9W6D8MJ
last-modified: Fri, 20 Jan 2023 17:16:30 GMT
etag: W/"1fd925306072a46a2a5478a8af617fef"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wHnKo2%2FHJCSUlaLjGYHmBLUYrb%2BIYUQTnAJiblXUDPJzydJj7XIkr%2Bu3AdKtRob3m5LOBTXoBnLVJ1vmii6m47rew%2BhOYLwuoLWmBu%2FgymdbSAYwbbc1v76uODqpZxNJWmhPHJ9euw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d0d1c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg | 34.120.237.76 | 200 OK | 9.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash51aa950d5eed7b90cab6632107092edc e4388ced02e5576867e77547496dec1ac2338ef7 588830e5f725e8e56270565e40f817f2658b0ee7c0425d138e5f65a17ff40483
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df754eb-70f9-4576-ac48-68a6ae719511.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9457
x-amzn-requestid: 7c48e5ca-2128-43da-ba83-fd91568af1ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkBOGHVoAMFQtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6d4-1b850ffd543f51f92dec3894;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: soTFEnYjNcti77h3FpnztwzR7ypv68NbyoI6DxS0NhU412ykFsWAgA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:00:38 GMT
age: 17901
etag: "e4388ced02e5576867e77547496dec1ac2338ef7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg | 34.120.237.76 | 200 OK | 9.2 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash3be81f83687ddb6c93d3ff3c09a9dba2 50a48e737310d3f31840db4301b25927fbcc12c5 e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: f644ca78-a07a-43d1-96e4-95bcdecff7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGLfFtOIAMFp7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e2-202ca7160544acd24259bd5d;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xRwqrWS66l4qJfg2HnGphN1dbrIUod9XKW3zTk_-Km9AQRPyV2UqWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 20:46:17 GMT
age: 22362
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg | 34.120.237.76 | 200 OK | 8.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashfe31ee140c2fd62e616c8a1edc9e78bb 7aa5fbdc8156514770ae620e81f1afef1c77890f 799af4bf9fa07ed27ebdc9d1a3344ee8a2b6529f076c263495b93290c47a1cc4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8464
x-amzn-requestid: bf2cf356-ebb1-469b-ba35-a79bb009cad6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj3qGeboAMFzNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e697-7c96841f52b6a96d1b0eaf34;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UNub7Gd4S0ogn5EJhtJVu8q1qML5_4eL2lIPQXiAuXy_q-XiR4s-5w==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:55:21 GMT
etag: "7aa5fbdc8156514770ae620e81f1afef1c77890f"
content-type: image/jpeg
age: 18218
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg | 34.120.237.76 | 200 OK | 7.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash3e04b9eaf7449828136ad59e4c9d69f1 b820be4ed885dcf288eb6460c57e1fa7b1c7c476 df75cf7183d401a19655aab025d08ad2c498573c88b32e9b258d951d2993b936
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7679
x-amzn-requestid: 0c7983d5-6040-44e9-b394-21c3784702a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkEtEfHoAMFaNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6ea-54c55dbd09ca642048af8916;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Wx-qjsrMLYpLmE-8QmpR46BeRySbUGL2Rrr6LqhEQ8jaEEj_6Aj0qg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:52:09 GMT
age: 18410
etag: "b820be4ed885dcf288eb6460c57e1fa7b1c7c476"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f96350b-0dd8-46ee-a270-85f96329b7c9.png | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f96350b-0dd8-46ee-a270-85f96329b7c9.png IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashbb1a5e0a2bb1cacf87189373c118adf4 079974268f755aa38fb2cb32b8bcb748353c793f 1b0519e6bfca30a31b83d427302f7e22140f5b2da6f13cac37ea9c07abc42676
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f96350b-0dd8-46ee-a270-85f96329b7c9.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11095
x-amzn-requestid: dc7c00e2-cd2d-4265-8763-3dd7dbe223ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkFyEhJIAMFjpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6f1-541a17c362e95dfa5e90f58f;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: t1IqXPqG23nYmxAPOJFaZhKDD49KD8fREs8L59AGjx-1AzoQOeSO0A==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:53:08 GMT
age: 18351
etag: "079974268f755aa38fb2cb32b8bcb748353c793f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5 | 104.21.74.75 | 200 OK | 0 B |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5 IP104.21.74.75:0
GET /en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5 HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: text/html
x-amz-id-2: 3OSaROUKrkqYOU67okqyuld4WhZ+3XYbzYuPzA/UziGm94SshQbVyTnSCDML6HvbvKj5wxqFIdI=
x-amz-request-id: VP8AR323VYQA5Z2F
last-modified: Tue, 24 Jan 2023 19:56:27 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qk%2FUMoAms9iC6rfoOknHBjPxAL55%2BxKCjHvLGk9aYuHLE5ghBqyibWq3%2Ff3BiIs8IKaiO5KusCTuuOnjNWUtCWzwlitLaJmCuxHxDVdLqSiipzIwxjKMWE2IMDuRcRyb1mK7epxnCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7916f2e34c611c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.bonus-wizard.com/en/lionbonus/js/aw-form.js | 104.21.74.75 | 200 OK | 0 B |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/js/aw-form.js IP104.21.74.75:0
Analyzer | Verdict | Alert | fortinet | Malware | |
GET /en/lionbonus/js/aw-form.js HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: application/javascript
x-amz-id-2: EIMVJ/t/dIoHZZ7tcEkNN/ar/LayHZ4tm7Y4Mb2KG7ktQiqW1dRERu228mEzQGBXYjuEfmPl7vQ=
x-amz-request-id: VP80363BMA4NQPBR
last-modified: Fri, 20 Jan 2023 17:16:27 GMT
etag: W/"ecd1152b09d02df2ecc292070ae4cd81"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qF0CUdwwWytTXA3ClEkggK1Xely7DD5Fl66sWxi56TliCpLTnTxA1A9Zx%2Fl6rd61xUmViVvicNtBvFtidRoySpWgNlfRuSFiUWtvhOwHKjKk4lr4WOtmJmtIjoqttm5582ary3ql7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d0f1c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.bonus-wizard.com/en/lionbonus/img/cup.b346f44.svg | 104.21.74.75 | 200 OK | 0 B |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/img/cup.b346f44.svg IP104.21.74.75:0
Analyzer | Verdict | Alert | fortinet | Malware | |
GET /en/lionbonus/img/cup.b346f44.svg HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/svg+xml
x-amz-id-2: ZBAxPsXDHA9/PDQOlo8zX1zWpcRaNjx6kai/HsWT6+3ltQFU1yi4nGoEXv5sN1ochHC23sd961A=
x-amz-request-id: VP8FB6240YSHQT55
last-modified: Fri, 20 Jan 2023 17:16:33 GMT
etag: W/"54b7d67206f5a6672af0e1081f274541"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ucWQ7mqTmadzczFoNa7%2BXlaF8BAemZz86EPOq2XTSDav1OEF%2FhTFZaHtmqHYnkMrGycz5JhmuIJM9MlpTXHzgYaUQPjPgYvd47b10SavgOnSaYM6NvAUPR%2FYfTzt0uVfCzY%2FolC%2Fzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d0a1c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.bonus-wizard.com/en/lionbonus/js/modal-form.js | 104.21.74.75 | 200 OK | 0 B |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/js/modal-form.js IP104.21.74.75:0
Analyzer | Verdict | Alert | fortinet | Malware | |
GET /en/lionbonus/js/modal-form.js HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: application/javascript
x-amz-id-2: 5cedb5akJIM1pQaWowJ55F3qrciQzfAkW2TUHC6bkLseNvnTDnO8V2pnzpO4YY867ouhwqBnH/U=
x-amz-request-id: VP83FS29TKBDSQAC
last-modified: Fri, 20 Jan 2023 17:16:29 GMT
etag: W/"1846f611f4c1ab491bd2a71643a2874c"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LeFiE1sZ1fLbRIXOVtCjF1%2FFUscOiUTVTTdY17aixRilGtVg%2FaveQ4GMEcek3rmc7PDKGcIgWhYd%2FpSK1ppFzuxmgj1ESP6MO7V%2BmPJN3v3VfaGjN07u1%2BpU%2B6FXPdLzhea817wT8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d111c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.bonus-wizard.com/en/lionbonus/js/fields.js | 104.21.74.75 | 200 OK | 0 B |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/js/fields.js IP104.21.74.75:0
Analyzer | Verdict | Alert | fortinet | Malware | |
GET /en/lionbonus/js/fields.js HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: application/javascript
x-amz-id-2: tH+jImXLGUvSXwuGH1m2LVwQxNXpKm+6uBSFu1LbNYU3RBWUIBAMDsufq5qVewr1iS0rqUntQ0A=
x-amz-request-id: VP8DNTXWWT5BVAMJ
last-modified: Sat, 21 Jan 2023 08:22:21 GMT
etag: W/"6af7b0794bb395a7027735bfdf3569bb"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vTS8YOv%2Fzal33Gwd0KZ0%2Bbw0b7WaIzmMn3iM%2FDcBK%2FYnVJUlNMsq21vaQ491mL3043e4UvvK4f1F6aQ4zCivsDUIqTFWyFZh%2FeiWyed6FX5n9RZ5KKa40HC9VlIXya2rCc28LbrCMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d101c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.bonus-wizard.com/en/lionbonus/js/bonus.js | 104.21.74.75 | 200 OK | 0 B |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/js/bonus.js IP104.21.74.75:0
Analyzer | Verdict | Alert | fortinet | Malware | |
GET /en/lionbonus/js/bonus.js HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: application/javascript
x-amz-id-2: VD+p9CqoUyO8HZH/lwEsaQsNc/xj3Kj712kuqGbSpyRtjV6POVlfmywCFOHuTwuT2VDCq916oqo=
x-amz-request-id: VP8CNA3KXV7N2C10
last-modified: Fri, 20 Jan 2023 17:16:28 GMT
etag: W/"220966047436dc5c95be43ca3fa5dfef"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YsIMpQUFiBzspkDU5bnutu55P%2F3yJVYaJ3%2Bg5xPI18WkPS8ODtu%2FlfvbMUWWkvYEeTIrxoPXQuFFMV809ZlF9meJCRkRpu5db2W9EzTHO%2FdgoDhxOjQuP4nHosijHWllTWQdsQRtQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e59d121c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.bonus-wizard.com/en/lionbonus/img/wheel.e7e3a06.svg | 104.21.74.75 | 200 OK | 0 B |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/img/wheel.e7e3a06.svg IP104.21.74.75:0
Analyzer | Verdict | Alert | fortinet | Malware | |
GET /en/lionbonus/img/wheel.e7e3a06.svg HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/svg+xml
x-amz-id-2: wzjY0j7b4pAOjMJaSOulROP5DvxZ7+rlUxbmDSLoplh4JF8xP/P5Bwdq66xrpvfikExWEDSuc68=
x-amz-request-id: VP8ADA3XC12XA77E
last-modified: Fri, 20 Jan 2023 17:16:48 GMT
etag: W/"5d0fba225e9cb1bdb9bdede535babae2"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kHlPahSWaztz2CMnEoJDGi%2Bv9ymWwm7FhoLMJFdSd7BLAtgwogqn3wI4QL64K%2BpliaiiuZSbkwEj7fPlpicAftxacbNcyqQoNY7guPBt5DWYlCP0vlZrA7b95esAGnP%2BaQSUmBMHWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e58d081c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.bonus-wizard.com/en/lionbonus/img/crown.2a86162.svg | 104.21.74.75 | 200 OK | 0 B |
URL HTTP/2www.bonus-wizard.com/en/lionbonus/img/crown.2a86162.svg IP104.21.74.75:0
Analyzer | Verdict | Alert | fortinet | Malware | |
GET /en/lionbonus/img/crown.2a86162.svg HTTP/1.1
Host: www.bonus-wizard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bonus-wizard.com/en/lionbonus/?aff_id=&ads=&country=Norway&fonte=Propeller&traffic_type=Push&cep=GkTrkbgp1vHLW3b8NLrN_ETpZugYKrkEQQC9vd2mGU462DLX1Bk6airBjyOqmQC-NQ3NnnmlD8N3konSr9TZ2eD8wiqMHy0nqS55KnhWaiV6gScLFuCPAgWv4nUXZSrzwTp7mssuUVzOm-W1zusHeLpZhA88ZPlbz2d2LjG-tTz1n4oQbgFTuWvmH9neOrOX_6W25HWFnYuVWbTaCO1YWOAJmyLcJLf0pnk7o-vmSjRozIKfL7toEJ-OsrWQxKMVINXsSuOM0GYH8tSSEZ1HcojiiYp2iIUzjBmBX8EyIU0-QVze7K9Jajav3CvQzGG91B28iXSjOa-OqLNVhGPuHb2Hj8W6-oMI54YJYZi16Dk&lptoken=16e0757004a1932536a5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 02:58:57 GMT
content-type: image/svg+xml
x-amz-id-2: 7IxaO99mIGyOJt96fG92CIyg6xwlJfGYogCAWfJR6kXHL6JCxdx6Nsl4/tuCW3GbzGL9lorlre0=
x-amz-request-id: VP86VQSB4TS8BXCJ
last-modified: Fri, 20 Jan 2023 17:16:32 GMT
etag: W/"cf3ae00893e4b607a201849ff1377960"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jYj3Cn%2FYyuH67f8NzlfIytkVl0Hb1piUmtC53DTU6JbsdsdtL0BavZLLNXLNRRJRin1ULqeBYypz%2F3Zpfihp%2FFYKp0xcYlw0X2tTfnGsF4GhXr%2FF4yolscB%2BsKJZfhs%2FCrBO%2BBRNcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7916f2e58d061c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|