Report - abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/

Report Overview

URL

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
IP

172.67.201.216

ASN

#13335 CLOUDFLARENET
Submitted

2022-12-19T04:03:35Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

25

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
my.rtmark.net (1)	9054	2015-02-04T10:54:57Z	2023-03-09T10:18:28Z	464	1228	139.45.195.8
lemouwee.com (1)	176393	2021-03-12T14:42:34Z	2023-03-09T12:51:13Z	365	14277	139.45.197.251
cdn-go.net (1)	unknown	2022-12-09T06:39:12Z	2023-01-17T12:45:04Z	424	2961	188.114.96.1
ocsp.digicert.com (1)	86	2012-05-21T09:02:23Z	2023-03-09T11:52:10Z	341	797	93.184.220.29
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-09T10:04:36Z	3246	64465	34.120.237.76
r3.o.lencr.org (9)	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	3042	7976	95.101.11.115
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	782	2374	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	413	5856	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	333	391	34.117.237.239
code.jquery.com (1)	634	2012-05-21T19:28:02Z	2023-03-09T05:11:44Z	452	31452	69.16.175.42
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	606	127	35.163.1.35
abcghi123jq456df--loading.sqrkifnsmp4y.xyz (25)	unknown	2022-08-08T15:08:08Z	2023-02-25T08:07:50Z	10525	871451	104.21.93.4

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed
2022-12-19	medium	sqrkifnsmp4y.xyz	Sinkholed

JavaScript (9)

HTTP Transactions (50)

URL IP Response Size

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/

104.21.93.4

200 OK

3446

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1047)

Size

3446
Hash

f637d9ded5d6facbe223845a400efed8

55de350076e006800f42f1a2fee8c3fd14feb72c

3a8d7b71eeb2d249e7c400bd971aced8aca47540ddfa406b4242c2c8551aa8a0

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/ HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gdro145%2F74h9pbvOnO7xC88RYO8Rn9FDC1HQSd6sqCxmhbFYsH56RQ27ofXBtH%2FwCbkvvY0WLvHeK%2FQSLnqDDTgqq4KoeOG13TZGk3TRQ3RmR6rjrxLDLBsd3pIBmibANVokGuyAqx1DbeeimeeX%2F08pfkjBaJeyOGDVPN8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77bd3f8b2d2a0b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

4cbb89840b57466fcbc0b31305c9dc47

c2c08a7a243a3f7972e8068c448488cac6d2519f

5f871ffd142470f132fed1c93f5f1a7fe6a5ecc3b4311d3d47555fce1d9a35f1

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F871FFD142470F132FED1C93F5F1A7FE6A5ECC3B4311D3D47555FCE1D9A35F1"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2163
Expires: Mon, 19 Dec 2022 04:39:27 GMT
Date: Mon, 19 Dec 2022 04:03:24 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

460af93786e1eaa666f135e6c3fdc634

bc8aeba36225c79718f5de73d79928fe817c5490

471f4e7ae29bcf6ba1f749c0f5d4ab446cebfac5aa80c3e19c6edf21be456eb5

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "471F4E7AE29BCF6BA1F749C0F5D4AB446CEBFAC5AA80C3E19C6EDF21BE456EB5"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12565
Expires: Mon, 19 Dec 2022 07:32:49 GMT
Date: Mon, 19 Dec 2022 04:03:24 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

b44c4b5daa307a355e7bab1c83c1ca82

dbd14cd873f1dd4502f277b3f51cb7bc8da0c080

fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 19 Dec 2022 03:34:21 GMT
content-type: application/json
age: 1743
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

555fc6e99ad3bf077d1c4b9b805e428d

4e800fc8e809a950288df0e94992084647762561

fac00cada519279717e2a13528cb202d292fc92ed5eb42782c41f8e7b9509eaf

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAC00CADA519279717E2A13528CB202D292FC92ED5EB42782C41F8E7B9509EAF"
Last-Modified: Fri, 16 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2718
Expires: Mon, 19 Dec 2022 04:48:42 GMT
Date: Mon, 19 Dec 2022 04:03:24 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

53341dea33f4f3d9b4966f80589f429a

20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d

651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: CH22GpjgiRshNnxtgvrB/7e8eay1yzhRLMi0m9JOnv4uu0WVuZMgS7bgKQp3EgFd1ibfIohJJ4tu6aawyzlntw==
x-amz-request-id: PKZMGK72YD33Q3XW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 19 Dec 2022 03:28:50 GMT
age: 2074
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 04:03:24 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.4.1.min.js

69.16.175.42

200 OK

30638

URL HTTP/2

code.jquery.com/jquery-3.4.1.min.js
IP

69.16.175.42:0
ASN

#20446 STACKPATH-CDN

Magic

ASCII text, with very long lines (65451)

Size

30638
Hash

9abb42735168ac9e960b770179b642aa

11475bf8c7244af7a820108b7762e7a3f95aa52c

df53c09a6546b3d23dc0b2d0d92c39808c5663a75f4bf1f8d035fd11b7c81243

HTTP Headers

                                        GET /jquery-3.4.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Mon, 19 Dec 2022 04:03:24 GMT
content-encoding: gzip
content-length: 30638
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15851"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-sp-metadata: HS256.CJzh/5wGEocBCiRhYWM0MjZjMi03N2Q4LTRiYWQtYjQyZS1kNmFhY2IxNzZiZjMQ+OiCoKvU+wIaBgiMxf+cBiIMOTEuOTAuNDIuMTU0KMeyATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkZGI4NzJjYjAtOGQ3My00Njc4LTkyMGItMjI4YWMxZGU5OTk4GK7vASIYCAISFGNkczIwMS5zazEuaHdjZG4ubmV0.3AZm6V5eJlmxSSRG0zRuueue/FdB5mQ9i3TLPxGOmhs=
x-hw: 1671422604.dop216.sk1.t,1671422604.cds247.sk1.hn,1671422604.cds201.sk1.c
X-Firefox-Spdy: h2

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/reset.css

104.21.93.4

200 OK

547

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/reset.css
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text

Size

547
Hash

2df59197286a62c8e5331dfdbde30ac9

09640fb8762fa6f5bb68a6c09f3d43426b6218d3

69f7ceac3635466ab1850b29a9e47b3971c72863f07d3dfdf5e5372f23e2d720

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/reset.css HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
Vary: Accept-Encoding
ETag: W/"627b916e-41f"
Expires: Mon, 19 Dec 2022 16:02:44 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8uTLx3uo4hHVl2Fdo6t06FQP2g2QbskT6xt3k4qBt%2FsuRq6U6rSyRwUIGSbQlXnDb64L1KF4Njc%2B5kuV5YqV6POqrY1VtHlL3PZupxrG1fOXN%2FGd7OJtlxJ3E7CZnOieEwpt3Bk%2FjdR1lZbTP8crnVxGRqoF80wjZa%2BlCZE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77bd3f8e2dc50b31-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/style.css

104.21.93.4

200 OK

2725

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/style.css
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text

Size

2725
Hash

5bde02e54cf3b7c83c6667bd27860190

0a847747e0a7d568bad65c3070b9bd69c834611b

963c0c7f80f64a798bbd559352ab3b919d348b61f5f5228f8dcf82f0f45e36c9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/style.css HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
Vary: Accept-Encoding
ETag: W/"627b916e-32f9"
Expires: Mon, 19 Dec 2022 16:02:44 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6SjuS4gCUT30NYd4opQhs%2FhwdOFk4%2FAQPkoQt8%2BnPce1CGGBEsa0eFnRTD5h7gWzBr216IHGR%2BwxrhJHl5E7ymZpHCZfYzydCGno3ntLdTai6W%2FcaW0xNOgQj8%2FQs1EFIIhEvQf8tW1SIkaIWePcL%2B%2B1Ac1ZuSfbWALqOm8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77bd3f8e290fb4eb-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

36873546bc8b0b69c86c49005473030d

95277b14b4a826ad2600b6ef8c5b671f0051d68b

d3aed5d2b06286ae1330d72ddc1be32fc2f5e853835ec293737cbc26b0fff096

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3AED5D2B06286AE1330D72DDC1BE32FC2F5E853835EC293737CBC26B0FFF096"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13077
Expires: Mon, 19 Dec 2022 07:41:21 GMT
Date: Mon, 19 Dec 2022 04:03:24 GMT
Connection: keep-alive

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/main_script.js

104.21.93.4

200 OK

1599

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/main_script.js
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

Unicode text, UTF-8 text

Size

1599
Hash

68e60b8bcde6ef952d0742955e200851

6a129ea149374a3f7dc2a12a6a30b92199b53ea3

5f1b261fc95b93248df74cf66437f0512982f0ed40904646b78b376577e85cdb

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/main_script.js HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 11:31:12 GMT
Vary: Accept-Encoding
ETag: W/"627b9e80-1610"
Expires: Mon, 19 Dec 2022 16:02:44 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EyiJz%2B0saaYDCL3wre5bkXJ3o4PFJqOVuNzsYqDxtIrmfyaLarJw7WB8G2R2pC%2FnMw0GzxAWpEbdsz8yj6jpWeqsE353FtOQ9oUMaoyjkVZoIRFoiNtgkyyLtK%2B62m4Ft1bn2BFrURQMfLBeQup1%2F%2FIDFguz45W7BVn0ePc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77bd3f8e3917b4eb-OSL
alt-svc: h2=":443"; ma=60

my.rtmark.net/p.js?f=sync&lr=1&partner=6a7a4199623ff4668ca49d3c5281397cab0102bd440abcf63d6b50cfe69e562f

139.45.195.8

200 OK

697

URL HTTP/2

my.rtmark.net/p.js?f=sync&lr=1&partner=6a7a4199623ff4668ca49d3c5281397cab0102bd440abcf63d6b50cfe69e562f
IP

139.45.195.8:0
ASN

#9002 RETN Limited

Magic

ASCII text

Size

697
Hash

52a152c782dfacb76596abbc8f654778

e70c07d304ccc35688a4ffa8110d34bf090f4d4a

b574d504bdefad855ba2b0ff744cda3b5af47a8be2c1febb58ebf1b128ca4eac

HTTP Headers

                                        GET /p.js?f=sync&lr=1&partner=6a7a4199623ff4668ca49d3c5281397cab0102bd440abcf63d6b50cfe69e562f HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 04:03:24 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/img5m.jpg

104.21.93.4

200 OK

1169

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/img5m.jpg
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data

Size

1169
Hash

a848711320a9df61e6457f65b0dfa9fb

68a62a84d89f4f9e1e831a6cef920797c7f2e7d5

aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/img5m.jpg HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/jpeg
Content-Length: 1169
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-491"
Expires: Wed, 18 Jan 2023 04:02:45 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EoJanbAmKDc1qLPwitgkjqY%2FC7vIbmbRTMb%2BIxCecN5mWKJwJGBbiT%2F9LZeEFonDcrGnombvJ42MgxcCn94RGjMmv54suWaDZiENhxRv%2BWAPsOpPn4ORad9MHqbLsZmt%2BbR7jxyYN%2BOqNPCBDXsv2wRTPsQ34eF1vOrBbY4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f8eede90b31-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Sanjeel_Sunny.jpg

104.21.93.4

200 OK

19267

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Sanjeel_Sunny.jpg
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3\012- data

Size

19267
Hash

c2ba8b51ff90b80eb5fa6bb5e33c36ce

a8d1188b0e7d89664580577dee07100f9ed9c80f

1b1560f9fe3fa038c5cde4120382a724d1b4883f26560442f133c1cd5a8d5756

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/Sanjeel_Sunny.jpg HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/jpeg
Content-Length: 19267
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:59:18 GMT
ETag: "627b9706-4b43"
Expires: Wed, 18 Jan 2023 04:02:45 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5bXxbkU1PHJs5w5EbO2PMRPpSX6oigJQMtvJVBarNuFvKFahdBCyBfCVuXXGlmkKXtRFMV08HF0A7YIquvig0DA7LwqJ9w%2B6iWdBl9WJZ%2FwG2iLiyb%2Bp41uWPZeWUn%2FQub8M5OzI3jhD%2FngvfyFKSe3fmXCzZenbqBleW7w%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f8ee948b4eb-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Farhan_Shaikh.jpg

104.21.93.4

200 OK

6308

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Farhan_Shaikh.jpg
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 225x225, components 3\012- data

Size

6308
Hash

b78a35e049c72dbd931d1abfa4108a76

45df1a48f43644ef2f63cc396624bfe6ab1b65f5

d83c2d5f92e6efc926573477ec75928a248077d60ca6f24c9bea6e95cbefe585

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/Farhan_Shaikh.jpg HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/jpeg
Content-Length: 6308
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:59:15 GMT
ETag: "627b9703-18a4"
Expires: Wed, 18 Jan 2023 04:02:45 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S4Ej3fvo2Vj8ovdAOeDXv1yrSqwPa3rnaeFs9xeK%2FQf8V%2Fq9bQwHNgYviu1jkUT325p5p2bBtPGwry8C26kAJhuM79m1uF0E1MGu%2BAYXWxsIQlwfO1kBgXTEKLtvPNfd7Fd6SVueuBRna4gcdghOykjobutsOxu0f%2FhCiUk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f8eeeb30b51-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Abhishek_Jaiswal.jpg

104.21.93.4

200 OK

22487

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Abhishek_Jaiswal.jpg
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3\012- data

Size

22487
Hash

a9bac4c6305875e4a1c534c8188af273

c881c33c5c2c7340c3d66db3ad929727c5aabf6a

0990ed47ac130dde67504586c86b90ac933f66d74e67702bbc76c9d9da50c102

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/Abhishek_Jaiswal.jpg HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/jpeg
Content-Length: 22487
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:59:12 GMT
ETag: "627b9700-57d7"
Expires: Wed, 18 Jan 2023 04:02:45 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B7Cyxl9a4eRo2V5jGntDNIvuxuQybE%2FSjs3jJojSvY6ak%2BTidFj%2FZKdBLVUC13m5DHOTMQ%2BB7JkZoL0Zi2yjk1h065grD2%2B5hV%2F8dqB%2BdR595%2Bx6%2BKE%2BWz8Ze%2BREtBIxEgKp6RozDaMFYk0DNRO6YUaZPsxyB21MAEKK9to%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f8eedb4b521-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Nadia.jpg

104.21.93.4

200 OK

34803

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Nadia.jpg
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3\012- data

Size

34803
Hash

c93f6dfab80f15902b965eb48187eae3

7c831a7086283a802aefa5f282cf5e964ec50261

55e8afc2aead4fc928652e16ab0004d301b828d5b6d597b64061498545add13b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/Nadia.jpg HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/jpeg
Content-Length: 34803
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:59:17 GMT
ETag: "627b9705-87f3"
Expires: Wed, 18 Jan 2023 04:02:45 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vnVlIfMRbdNFuDXuKGduK%2BY1UHM%2BsUk13FkDp0su1wIsrE%2Fad1WdFpKuE0QqrfZvEuwskuHqNjw8XAgYPO6i5LOYf0IoCrtG9cFIfyCOF8UwcNEwkwwqcsug5Ul182STJ4GdJ2yhpBo3g86p8ilmIoAyYHRR%2BKr7SDoI0n8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f8ee951b4eb-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Fayiz_Musthafa.jpg

104.21.93.4

200 OK

11760

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Fayiz_Musthafa.jpg
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x300, components 3\012- data

Size

11760
Hash

1694810b07452555dfa82b7541150bbc

26ae1bbfeea63d310bc8cbc26e809e07869ad35d

6570cc9ffd594aeeadbe54058fcd0a75fe29c6335b636d7749dc3d8603501890

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/Fayiz_Musthafa.jpg HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/jpeg
Content-Length: 11760
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:59:16 GMT
ETag: "627b9704-2df0"
Expires: Wed, 18 Jan 2023 04:02:45 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GHKlnOtTiE2GBEB6CvcQGereQZsExrK2Xcv2nb1qaIlWmX%2BJFDxf07%2FYeJYMd%2Bbodwk3J%2BU2ZG6kYzzVKgKSFaOzp%2FluZG%2BXjBmlAxm%2BRtUC%2Bv7CD%2FG8vLwbRzZYL8QgGgYUwPlv57sEB6hhglQiLHGOYhoL28DTGlvZuWU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f8ee986b4f1-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Spartan_Xozz.jpg

104.21.93.4

200 OK

71316

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Spartan_Xozz.jpg
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x399, components 3\012- data

Size

71316
Hash

4bb87ea8c46012c6c7bbfb38aa5de8a0

e61333104c5abb5f249ebe31b7a36faeaccd5d95

6a70b7fd18637fd8675fc385a5bbd464f97f470a6066c3b0732c954e3f432b33

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/Spartan_Xozz.jpg HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/jpeg
Content-Length: 71316
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:59:22 GMT
ETag: "627b970a-11694"
Expires: Wed, 18 Jan 2023 04:02:45 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dtYnwGZNtzbScieVo6LABFlSRyMYopPEyJm1EQ4IrFQqBQpIjy0XwrSWianOe0DoLZMGIfg4n2aZvnoqRQvCf7Y%2BvjoZn9DucqB04E0bal%2BhiW5Tq6PAzGqeODL%2F20lSA%2BNs3bqr2cH7Yily2bp0O0aKvcDl8KAB83qTl38%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f8f9e050b31-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/slot-start.png

104.21.93.4

200 OK

26084

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/slot-start.png
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data

Size

26084
Hash

f491647556e492de92530b48827690aa

6296c44299f5acb17cb2c06e37391a70672b1fd3

efb819d37f19ec7505d9602488ce97868d84e1c7929ce83e308e23f02d97b95d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/slot-start.png HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/png
Content-Length: 26084
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-65e4"
Expires: Wed, 18 Jan 2023 04:02:44 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d5iUuaS%2BwtsUaixxThGOKYtSAvxV0EGYXW%2B2c6alwNPmPsE0ABpCpdL9J8M6Rguk2HlzZ5ugLUBOnbRj0%2BwyMi3hAefa8DgSKrE%2FVDdLr2B%2FtwWYsCyVi48S3m623Ngc0zX6OPgfSpPPvz4r4dvZsbeSOZsgIgwhdakGa6k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f8f9edc0b51-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Shashi_Thaman.png

104.21.93.4

200 OK

472852

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/Shashi_Thaman.png
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 452 x 461, 8-bit/color RGBA, non-interlaced\012- data

Size

472852
Hash

378c4e4d9065320cadf1bc0ffc0afac9

556a0316828a59788f522383f76691d4d5bd7dce

d7f48bd64ae4b3e7320ef6bd37e1f991758d764a3580b54d742259c3ae21d15c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/Shashi_Thaman.png HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/png
Content-Length: 472852
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:59:20 GMT
ETag: "627b9708-73714"
Expires: Wed, 18 Jan 2023 04:02:45 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j8N%2FG8gXRYGzTN8bmILp%2FE7WiIriMRmAcjK5yCEk0LmobY7Z43pyb6Eo10fRod%2BqeFvMMVZSGVQTFkxBjphd%2Fr0o4q4MDY32UqBthRvPHWHi4kfY8YqaeT6jKF3L%2BiIz4BVS47f%2B3nZpmn2PCPhVV%2BcTL5am1odyRQOpr%2B4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f8f9984b4eb-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/red-arrow-right.png

104.21.93.4

200 OK

1362

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/red-arrow-right.png
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data

Size

1362
Hash

881bdc037be8895ba5d8d53456890e7e

4e105c89e2a1475520bb74c9c20bf2f9e906fcb3

9f8160d6380fef91c8eadecc6e8e59e93e3f5c40be7963018c8104bef4354d8f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/red-arrow-right.png HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/png
Content-Length: 1362
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-552"
Expires: Wed, 18 Jan 2023 04:02:44 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CaVt7%2BTc4RkT5%2Brc2KAEaS5gm1QVxKlWnw8g89Gvmb7jqZ2PjMuW2UmJYmMvMaQaiFtCAYbZLKhZ%2F7OBXd%2Fln26vAnaEwbtxHT5fSBS4KVZavFFvgDwS1V4Fdz%2BoN9ZqQZxqEs7XJTod2iWkDAjteK0vlDMbzBpf8u%2BNEUo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f8fa986b4eb-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/red-arrow-left.png

104.21.93.4

200 OK

1334

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/red-arrow-left.png
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data

Size

1334
Hash

92d3e482cacea857c5dfaf9fa3a21dfb

3f12c410c77d763cc4719ec367a18417b8300758

4a688dc66588e8e86e98ccadb318fa2aca3fd6e2444aac783278b982f3e47eef

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/red-arrow-left.png HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/png
Content-Length: 1334
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-536"
Expires: Wed, 18 Jan 2023 04:02:44 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Zuy8j2cBTaMMjmA9jDUxMqU8%2FYxEeEwnaJioPCnrLW48DqtP%2FKa4OYORnNSVaJRutiNX3cYw%2BV6dXwgzSkRn%2FRHH96EFsPb%2Bt7CL99xZVvwCDMvI16z0MLv9d9C7A2JUGQYOY%2BTzWgraHxDwOgTnY5tkyQkTtazFZtI7Fc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f8fadf8b521-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/slot-spin.gif

104.21.93.4

200 OK

87599

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/slot-spin.gif
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

GIF image data, version 89a, 410 x 279\012- data

Size

87599
Hash

617c16c5e04c8603dd7f157862b1c682

1306296f9a666a7fc50f339a2a924ce8a3a18169

7f8e36cf7ac437d7c42440ef5f522c8e27adb06348b573192308038fa7c1dc7e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/slot-spin.gif HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/gif
Content-Length: 87599
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-1562f"
Expires: Wed, 18 Jan 2023 04:02:44 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5KXMdP3hkRyDlceY618FfDd5swjc8vUu5NeHzoBDR71utme9AzrAXjb7cGXIEDK7A8kNBtC0rCZ6OXmIA%2Bcyty2xeIGVaWsONZKZMGYRD2AMzv%2FtnBURzJFVZb1YlXJwrjYmnSLW%2BGQ1taL%2Bgu1gFJALIC3y7%2BjtBYEBi6A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f8fb9c5b4f1-OSL
alt-svc: h2=":443"; ma=60

lemouwee.com/pfe/current/micro.tag.min.js?z=4907456&sw=/sw-check-permissions-c8e51.js

139.45.197.251

200 OK

13940

URL HTTP/1.1

lemouwee.com/pfe/current/micro.tag.min.js?z=4907456&sw=/sw-check-permissions-c8e51.js
IP

139.45.197.251:0
ASN

#9002 RETN Limited

Magic

C source, ASCII text, with very long lines (39559), with no line terminators

Size

13940
Hash

ed458848fd37b63d91f524403eed8bb7

9579161f6ad0fddaf197720e88fa9a429decb52d

6a495f7d39bf0b46d79a9ab8022bc9edbbdb5a61b41b27e38f65ad9c5ad02345

HTTP Headers

                                        GET /pfe/current/micro.tag.min.js?z=4907456&sw=/sw-check-permissions-c8e51.js HTTP/1.1
Host: lemouwee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/

                                        HTTP/1.1 200 OK
Server: nginx
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: application/javascript
Last-Modified: Tue, 13 Dec 2022 09:06:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63984082-9a87"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/win.mp3

104.21.93.4

206 Partial Content

10391

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/win.mp3
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 32 kbps, 32 kHz, Monaural\012- data

Size

10391
Hash

bca40777013dec4a99eaa8b0b98a7fef

bc1c833577a1dcd82ad01a90e82898bc7b47cad7

635e9ee8fcd18bd4c3ae173f00f4c5cbf15ee90a27a302440e2e77c371314176

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/win.mp3 HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 206 Partial Content
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: audio/mpeg
Content-Length: 10391
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-2897"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Content-Range: bytes 0-10390/10391
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pYLVnR1MLhuEVECpOOmqWfG%2BHWpjYl5JWYKFNLidXWRRdA6uMzF%2FRR0rn2%2Br%2BJX1tZKUhl%2BzEdowP7HfZyEjqET9I1oHvaYbcAr3AP1LWSHBZ3l%2BnEe3feSXUtzj5WNrX%2FFm8VhNQbVS9j5bGyr2nCpCZqftKqHmz8ifqJw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77bd3f904e180b31-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/spin.mp3

104.21.93.4

206 Partial Content

8784

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/spin.mp3
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

MPEG ADTS, layer III, v2, 32 kbps, 16 kHz, JntStereo\012- data

Size

8784
Hash

5a2e10964c7fea8b0181831184bc0d97

8f5233dd6be372e7749c6cd8440db5b43de5a9c9

9b8fa3d6ccb98804102ffd59ee70c19e5d7ca7efabbe6c0d4471a1935348ee3d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/spin.mp3 HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 206 Partial Content
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: audio/mpeg
Content-Length: 8784
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-2250"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Content-Range: bytes 0-8783/8784
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kbnsvxblk7%2B2UtPuAbr3kcR87iTEN3xjnOsQlJs95%2BDJERdoWYWqsZ9DI1D2EbVp3JTkBljDl51sc9FjliP%2B%2BGMIp5FOems1hV4Td8Ya6%2Bmc4HRxAJs7zHnNimuXZ%2FB65o0e9uJQ%2B7SGjgdExBCMzTxrVfUqjhIurFJ%2BRds%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77bd3f905efa0b51-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/slot-result-2.png

104.21.93.4

200 OK

26733

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/slot-result-2.png
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data

Size

26733
Hash

b6ca0bfea4d0cec334f128f5c2c44cff

f6dc006902542a929187af718d9f6a244e5472b5

b09b477eb93ed896b8e52a2f746e435695dbef2a1259987bae4fbea3c35b5435

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/slot-result-2.png HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/png
Content-Length: 26733
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-686d"
Expires: Wed, 18 Jan 2023 04:02:44 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QMLk2ttporhor1aOhuVS7ajZO6ZLHgD8syJRvu4kPsRhydWSNF4ZXlRSAulKhLSRYV%2BxH6PwYuBlmyH9wEdWLURNqZPU1Y4aGAnAPx7E%2B5qt8u861TcOsM44%2FGTgHDS4eLObpVtWn%2FRupiM%2B%2Fg%2FOTNXgGMHsHVLzOtH5wRM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f9079c6b4eb-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/img1Female.jpg

104.21.93.4

200 OK

1315

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/img1Female.jpg
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data

Size

1315
Hash

c3c59916d3b4977017c89125dc42b664

c8e5a97a6e9fbf41558c09c65b2ca6df9ba8723a

aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/img1Female.jpg HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/jpeg
Content-Length: 1315
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-523"
Expires: Wed, 18 Jan 2023 04:02:45 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i9sN3wOCSiom%2FGSaH6DkFPtK0oSY5zKd4x4PqEx7KHciZ%2BSkN560FPnI660YjWXn4FDTKrTEFbBc7D6RlQqfqQWY0tQP9Scm6X64pEnG7orqoIR3r2USqxy5sUKItD2mHUL%2F5fTvlOd9Vd4UXT4BjJLwOrMgeZDEj0Nzvv0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f907e31b521-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/slot-win.png

104.21.93.4

200 OK

14391

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/slot-win.png
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data

Size

14391
Hash

939b6a73c96383ac0842317037f3a0f0

0654b62431c8ba522833950b8166d7a16e2a6b56

b8f1ec0ac028bd024af2cf57b63b07069b2f4a41e61c1577e968ca5d7ba72837

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/slot-win.png HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/png
Content-Length: 14391
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-3837"
Expires: Wed, 18 Jan 2023 04:02:44 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BNQwOwA%2B%2BgmESAmK7mPej93dcFEYceBWfjbke9eTufib%2BNULoc7Vl%2Fj8c8wiWQ3xlriXcHKZhn247tXnHj3EGUnuhfxyyBhtjPBjQFxcRDRQbNCPI%2FFUKVc8DWZwg2euDybO4gs0mwkiR9JJxkwOAJPdR4j35%2B8OuHYIoTg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f907a04b4f1-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/slot-result-1.png

104.21.93.4

200 OK

20370

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/slot-result-1.png
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data

Size

20370
Hash

1fbd2b26e61236d5bcfdfeb6adbd2c8c

c9034272d28dab018b73f1967a679c734f987a1f

c402c36eb8d623b618261d40846e63c130de1e78720ab5578eae1d645198c963

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/slot-result-1.png HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:24 GMT
Content-Type: image/png
Content-Length: 20370
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-4f92"
Expires: Wed, 18 Jan 2023 04:02:44 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dfQHySc%2Fn2r9qcWt8FEzH7LD1zpzF2hSxeUTk26OxPZ7eF8%2BOqazjcxPz7GXzLYhbX16cjdGD5J9I7TRBE32OYM89zatLuTJAhiRHKI0QzBcZHAaaAJSvPVqzW3IDTlrZH7t7cHeG%2FNAYPhWgnpdD%2F55scfWJNA9AUNjPkM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f9069bfb4eb-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/img2Male.jpg

104.21.93.4

200 OK

1297

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/img2Male.jpg
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data

Size

1297
Hash

92b944714cea3e478a8e50dea1a80b26

f12fc267be0ab02e2f3585b42df5b8c10d3cd3a5

fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/img2Male.jpg HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:25 GMT
Content-Type: image/jpeg
Content-Length: 1297
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-511"
Expires: Wed, 18 Jan 2023 04:02:45 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UNwW%2F8Hb48l8c9wCG6ZaPaYHphn7JiY6h2iL3UyPHMST8WCZbT%2Bk9KgWUES0T2hbbqXpzhbkfM6n1TmSfwe4bSKHxCd%2F8Pq9jE3G3uZyoEpRcRolzm12flXDbwfSWPfW9KaxkZ5IDRHd0apOJQP5Mr%2F9BcQcvSnUGTQN%2BI0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f911e3a0b31-OSL
alt-svc: h2=":443"; ma=60

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/img3f.jpg

104.21.93.4

200 OK

2336

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/img3f.jpg
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

JPEG image data, baseline, precision 8, 50x50, components 3\012- data

Size

2336
Hash

5edf4db493423ac10c72a27ad5c4a618

5c535d00eaeaa725b39e3e1167a12de5bd66a1f2

a7c86ca5470f7d68b4c5f1c87f29f7daf816d1bd95353091bba8753341bb6f5f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/img3f.jpg HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:25 GMT
Content-Type: image/jpeg
Content-Length: 2336
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-920"
Expires: Wed, 18 Jan 2023 04:02:45 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nCX3xQsJHh8iIsQzAYXtMMU%2F84YTZmvu6hbyPizREO8T%2BZFyHwJCrcGQkS%2F%2FYTHw0tx8M%2FYcNQr55Pr%2FTVQ0dfNE5p1JX5ErOXN0lX5cBgFaohk7CzW428bMw%2BNQcb2Y8AF8P8HC%2F0iRM98S8yJc0Lb%2BduZg%2FbnVJyDwvQI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f911f310b51-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 19 Dec 2022 03:33:24 GMT
age: 1801
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/favicon.png

104.21.93.4

200 OK

765

URL HTTP/1.1

abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/favicon.png
IP

104.21.93.4:0
ASN

#13335 CLOUDFLARENET

Magic

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data

Size

765
Hash

2c864fa4584a8fd1bbfb7567fa343a7e

75b1002791cddf18d4288ba7a8a0f6c585aaa1bf

e50c46947744e4fb65ead9ac14e00f3e094b514bcc40e712a2c3d2398e7cdfa9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /casino/luckyspin/favicon.png HTTP/1.1
Host: abcghi123jq456df--loading.sqrkifnsmp4y.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/casino/luckyspin/
Cookie: waf_sc=5889647726

                                        HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 04:03:25 GMT
Content-Type: image/png
Content-Length: 765
Connection: keep-alive
Last-Modified: Wed, 11 May 2022 10:35:26 GMT
ETag: "627b916e-2fd"
Expires: Wed, 18 Jan 2023 04:03:25 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UblH0QDnwbzFFuLx8Nd%2BfnHi6URDSf5rc3qnhrsaNKKO8tBOZuptmuNr95AGSfmiluXcMAG1F26IjiBFMtyve%2FqjCH33MI7SKV5YkFsus2UFxwer61OdNtcrn7UI9AL89WxlDyxjVxsis6I7Ytb1sAkdv1NAOA2Bw0AZ2oQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77bd3f920a6fb4eb-OSL
alt-svc: h2=":443"; ma=60

cdn-go.net/vasdev/web_webpersistance_v2/v1.8.2/flog.core.min.js

188.114.96.1

403 Forbidden

2174

URL HTTP/2

cdn-go.net/vasdev/web_webpersistance_v2/v1.8.2/flog.core.min.js
IP

188.114.96.1:0
ASN

#13335 CLOUDFLARENET

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1001)

Size

2174
Hash

99777aff55e254f70126c132f1b72ed4

310a254f9c0b0fa1d840cf53c2a45674f6456eb1

830ce1f83d8783ccf205b8723bc147f9163af0b4dbfe8befdfdc5fccf39433e6

HTTP Headers

                                        GET /vasdev/web_webpersistance_v2/v1.8.2/flog.core.min.js HTTP/1.1
Host: cdn-go.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://abcghi123jq456df--loading.sqrkifnsmp4y.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 403 Forbidden
date: Mon, 19 Dec 2022 04:03:24 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dd5Ax%2Fc3qz7qHsS3D2lQFFjDG5w4WAUO047voUUCjoodTtV2qYKCtnhLhErg5ytCJTwmNJ4Ob7xJ%2Bxfl%2FTlK1OifgZ%2BXOXODwaBzkz0oCbmVf0AUnV%2FI%2BBVqpPuN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77bd3f8e89f9b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

0bc27cdcd6c42d7f8eece6c074bc452f

ff1234b58f7381f51f9082c1ef4894b1ac5700ff

672fc3b7ba7ee7a8b376c73a86a5bab00b1a1aead54c3ca64c0bff83d831348e

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3631
Cache-Control: max-age=108237
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 04:03:25 GMT
Etag: "639ed82b-1d7"
Expires: Tue, 20 Dec 2022 10:07:22 GMT
Last-Modified: Sun, 18 Dec 2022 09:06:51 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.163.1.35

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

35.163.1.35:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0tr3XkB7eFh4SN+TsNu07g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5DsRivhZddz8Y88U9by6FJOvtS8=

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

b52a05c34a7c3eaee8f5c1f73954364c

89c5023a0c43860efd362d0d2751a0ea9a204f54

94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5986
Expires: Mon, 19 Dec 2022 05:43:12 GMT
Date: Mon, 19 Dec 2022 04:03:26 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

b52a05c34a7c3eaee8f5c1f73954364c

89c5023a0c43860efd362d0d2751a0ea9a204f54

94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5986
Expires: Mon, 19 Dec 2022 05:43:12 GMT
Date: Mon, 19 Dec 2022 04:03:26 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (9)

#1 JS:Script (size: 39559)

#2 JS:Script (size: 103)

#3 JS:Script (size: 1024)

#4 JS:Script (size: 88145)

#5 JS:Script (size: 5648)

#6 JS:Script (size: 500)

#7 JS:Script (size: 697)

#1 JS:Eval (size: 80)

#1 JS:Write (size: 95)

HTTP Transactions (50)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic