Report - trk.thebetterdealz.com/d98fe915-7bd8-462a-b5e2-93a7c286b014

Report Overview

Submitted URL
trk.thebetterdealz.com/d98fe915-7bd8-462a-b5e2-93a7c286b014
IP
18.184.38.55
ASN
#16509 AMAZON-02
Submitted
2022-10-04 11:28:43
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.115
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	416 B	2.5 kB	104.17.24.14
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	2.7 kB	139.45.195.8
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	46 kB	34.120.237.76
trk.thebetterdealz.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	2.5 kB	18.184.38.55
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	662 B	1.4 kB	142.250.74.3
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.35
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383 B	32 kB	142.250.74.106
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	865 B	143.204.42.156
thebetterdealss.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.9 kB	213 kB	54.230.111.17
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	963 B	104.18.32.68
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.81.125.88
shaumtol.com	258042	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	703 B	139.45.197.250
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	6.2 kB	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-04	medium	trk.thebetterdealz.com/d98fe915-7bd8-462a-b5e2-93a7c286b014	Phishing
2022-10-04	medium	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js	Phishing
2022-10-04	medium	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d2886ada8fd722e4d9460289f1b3e1f7.static.ico	Phishing
2022-10-04	medium	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (25)

	URL	Size	First Seen	Last Seen
	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js	81 kB	2023-03-07	2024-02-12
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2024-02-12 05:28:00 Times Seen110 Hash 221a4875f104c38145363ac8d0c34223 9d0916090b6659bc573d3de77bcbdc6a04931824 56ef2b1864e916208271e0307629c14db9201bf91da62246dfeb9d9704b985df Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds	102 B	2023-03-08	2023-03-08
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:46:44 Last Seen2023-03-08 05:46:44 Times Seen1 Hash 634555000963626b6ecaec7fa266aca1 951683ed726d1ff10b19049575b546b94f7527ae 7aa36c3695359cfa2688b44499b2c0cf9cbac2b0e606b5a55ea57d7a84e621e2 Loading...

	shaumtol.com/pfe/current/micro.tag.min.js?z=4492922&ymid=wpo0ul3q9romujgji0k8htbo&var=d98fe915-7bd8-462a-b5e2-93a7c286b014&sw=/sw-check-permissions-a7c35.js	108 kB	2023-03-08	2023-03-08
Pretty URL shaumtol.com/pfe/current/micro.tag.min.js?z=4492922&ymid=wpo0ul3q9romujgji0k8htbo&var=d98fe915-7bd8-462a-b5e2-93a7c286b014&sw=/sw-check-permissions-a7c35.js IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:32:21 Last Seen2023-03-08 13:26:11 Times Seen1 Hash 07a6012bf43f2fc7873f24030704344f 0aaf880b1263be21be1bbce8d6e8955448f77a90 e9673bb923b87987ee656a0c35f39522a5a7161433b8ed236ade3a6f75c304fe Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds	88 B	2023-03-07	2024-04-18
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:40 Last Seen2024-04-18 08:55:45 Times Seen379 Hash ed6cf71315499a6827f20b3e13d312ad 71b272cdddcacc233e31d69df4ed7c38ba05a3d3 06bac6943b40cf25de3797e62a98c681ee26f658ef18871adb9c338d4f8c5e7c Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-23
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-23 18:35:33 Times Seen260704 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js	87 kB	2023-03-07	2024-04-23
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-23 18:29:05 Times Seen61659 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds	103 B	2023-03-07	2024-02-12
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2024-02-12 05:28:00 Times Seen96 Hash c067efefe6c33d907b811d7f3ae64031 543ebbe364b0eb52d1b27e76033350e578f0514e 4d6632cfe46894c451c8b84df933ff9fc77f024b56701b814b2edb4af5799a13 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds	40 B	2023-03-07	2024-03-03
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:14:12 Last Seen2024-03-03 01:26:32 Times Seen301 Hash c908e839697a159f578392b7120a32e6 3177107843b3eb502c5f1c3bc4bda8dd2c4fe2f6 36780db9d5ede0c49775774fd5654f46212440322b1dd8e7d6d83d5bb8547f52 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js	645 B	2023-03-08	2023-11-18
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:46:44 Last Seen2023-11-18 08:23:58 Times Seen15 Hash ba05dd08407d90513d7ea64622f94fab e42b779a85d18f5df3ee6744ac719b1c92c8b26e 32810073d4833635f8add044979b297aa848543a22c3c5d24a3b07486ec21587 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds	822 B	2023-03-07	2024-02-12
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2024-02-12 05:28:00 Times Seen96 Hash b97d7f47f2911874af688e6e2ede8352 5a4b2280a41d2336f08429e8893c977e2b5a9ccf c3bd6903d4aec63ca04f85055acb71ad0305e4a01d104c1e3460afd6bd430c4a Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds	1.0 kB	2023-03-08	2023-11-18
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:46:44 Last Seen2023-11-18 08:23:58 Times Seen9 Hash cd82efc7b3e8893c1352aebacf7f1e2d 49a1a9fd60026f0210c82ba60f2e298e44665795 56c69e31b4a5084999dc5012f3f28d7a8839a17c5925a3c407ce285ea5260b79 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds	136 B	2023-03-07	2024-03-24
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:42 Last Seen2024-03-24 15:05:33 Times Seen533 Hash 96e82ebcc1bba26e17346488fdd431b1 24626aa3c03c14ff2fe20e52694acadbfca5ddba bb30099f988a6c87efcfbe186ff09863e87a3e1f5437e9ab9e224a7e934876cc Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds	1.4 kB	2023-03-07	2023-03-26
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2023-03-26 05:28:46 Times Seen8 Hash 23084c6250077beda06d90124ce3b6d4 71d43ae7499905150a250e45f8be0005184ba3bf 78021c49ef94cc8d7444258ec056e679658fa4732eb85489c52b2f47024c404a Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8	697 B	2023-03-07	2024-02-12
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8 IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2024-02-12 05:28:00 Times Seen181 Hash c9403da8f2e07b42a7abb2ca02510847 54707a8174b1e2539eb1170b78c548a832ea2867 8c4f1df9606db3187c5b0a76d0586cfa938845ab7cfbbe65805fb21c2032ec47 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds	79 B	2023-03-07	2024-04-18
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:40 Last Seen2024-04-18 08:55:45 Times Seen378 Hash 330cb3e23d95121bd55d849997798301 ac065eea17a1fe8f68bf72a5645acdffab3105b5 02edff9349933e1f564c6cad886e0eed218cf96d3b43a390735e2e6084bbc22c Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds	81 B	2023-03-07	2024-04-18
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:40 Last Seen2024-04-18 08:55:45 Times Seen380 Hash c0211a10e5bdf9d68c40a31c758e1771 a1ba4ba2803ccf705fabf143a7422c5da5c67477 e1d462e0028d01b1829fdd49d99c692bcc9189772959390bb18054f14deda85e Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds	660 B	2023-03-07	2023-03-26
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2023-03-26 05:28:46 Times Seen8 Hash 8e0eb89cd27df62f894e9e00c381074c 4a5e50c2e907e58015692800833ef5c2fdaeb587 dad36e2c4afb45d8a95f3e03c3d9dec0f69c13f46bf3cfd5ed8770db70f13392 Loading...

	trk.thebetterdealz.com/d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%25205%2520%2528RON%2529%2528Interstitial%2529%25282%2529%26lander.name%3DCasino-14-TY-Interstitial%26clickid%3Dwpo0ul3q9romujgji0k8htbo%26source%3Dd98fe915-7bd8-462a-b5e2-93a7c286b014%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23&lpt=DAILY%20JACKPOTS!&t=1664882913032	1.2 kB	2023-03-08	2023-03-08
Pretty URL trk.thebetterdealz.com/d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%25205%2520%2528RON%2529%2528Interstitial%2529%25282%2529%26lander.name%3DCasino-14-TY-Interstitial%26clickid%3Dwpo0ul3q9romujgji0k8htbo%26source%3Dd98fe915-7bd8-462a-b5e2-93a7c286b014%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23&lpt=DAILY%20JACKPOTS!&t=1664882913032 IP 18.184.38.55 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:46:44 Last Seen2023-03-08 05:46:44 Times Seen1 Hash a6ba8b0f59ca3cb66d7f3cdd382106c9 55b89690d41f880f3982a8140ec48f987395b2ec a88cfdf2f64727914acea78e18ba06e492297e15eb6d2055e05b543cecd0feb6 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds	103 B	2023-03-08	2023-03-08
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:46:44 Last Seen2023-03-08 05:46:44 Times Seen1 Hash 797e1b2a77d83b74ab8bd5ae47cb2f4b d5b445a082cdae6aa77f125750932f72f3b66627 a9071faa73490a856420d2702250cbbe021adbf116bb7fed31bfb5fbe9e00642 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds	39 B	2023-03-07	2024-02-12
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2024-02-12 05:28:00 Times Seen96 Hash 1a45093d1f9187c67a3bf6d0afa34975 bfaa500c1998604b4ea205c697c548c0f253d3a5 e3e1d984b7f9536015f49da7efa7e18240be98e6c195fe71546e9bcf00c1ca93 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 748ab8176ead5e98e34dae6aa32a7ad2	80 B	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 05:46:44 Last Seen2023-03-08 05:46:44 Times Seen1 Hash 748ab8176ead5e98e34dae6aa32a7ad2 060953abd30e85661289082b78243852bb3e6697 027aef693ccab419e3ced87f760b69c4069f49dddda6f7583402f08a7c79e686 Loading...

	#2 Eval - d41bdfc938e324c291a177a872f0f9a2	79 B	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 05:46:44 Last Seen2023-03-08 05:46:44 Times Seen1 Hash d41bdfc938e324c291a177a872f0f9a2 211bf61c93a390bdb0825b4bfb92e0f1ebccd6c5 9cbdde22d2361d40242eef374d79ac7cb1c93579c6e98a888691285c67b9fea4 Loading...

	#3 Eval - dae00eef1ea1a29c56b6461026df895b	80 B	2023-03-07	2024-02-12
Pretty Observations First Seen2023-03-07 14:54:04 Last Seen2024-02-12 05:28:00 Times Seen95 Hash dae00eef1ea1a29c56b6461026df895b c0a1942ef7294ad4a98720e1872929ec6995f2b8 6dab1be67891087e84cbef1e2970cbb2d460c9c676e41b2b03c2be0942d1ceb3 Loading...

		Size	First Seen	Last Seen
	#1 Write - f4830432874f86d2e2a1a5f2dbebbc80	4 B	2023-03-07	2024-03-21
Pretty Observations First Seen2023-03-07 01:02:27 Last Seen2024-03-21 17:58:11 Times Seen146 Hash f4830432874f86d2e2a1a5f2dbebbc80 bcc48172e05cafa61c2a2e8f12de220fdb1385b3 43152cc97f457f27c065d352c054743e751c5434da6b95b19b93e607e5b0763b Loading...

	#2 Write - 2310408a63388fe57e3a4177168a8798	7 B	2023-03-07	2024-03-02
Pretty Observations First Seen2023-03-07 01:02:27 Last Seen2024-03-02 10:53:39 Times Seen1245 Hash 2310408a63388fe57e3a4177168a8798 532c67fe1b5afae15d2d08fba7a78de0f63cc4b5 9bd88f2485acbb9426ad3dd9e06842ede8c7516d0ba8559298675f09419681fa Loading...

HTTP Transactions (45)

URL IP Response Size

trk.thebetterdealz.com/d98fe915-7bd8-462a-b5e2-93a7c286b014

18.184.38.55

302

0 B

URL HTTP/1.1
trk.thebetterdealz.com/d98fe915-7bd8-462a-b5e2-93a7c286b014
IP
18.184.38.55:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /d98fe915-7bd8-462a-b5e2-93a7c286b014 HTTP/1.1
Host: trk.thebetterdealz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Server: nginx
Date: Tue, 04 Oct 2022 11:28:32 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Pragma: no-cache
Set-Cookie: d98fe915-7bd8-462a-b5e2-93a7c286b014-v4=h4pb2Dw8mE7C7W58UxSj67-WH8u_ytCVm33PH_G_mD8; Max-Age=86400; Expires=Wed, 05-Oct-2022 11:28:32 GMT; Domain=trk.thebetterdealz.com; Path=/; HttpOnly
cc-v4=ADFdv6y%2FhFfnx5EI0CUTpPRyP%2BBeS0xj5oByvmj1DaIBLoHVxJHD4Bqa8IlcBG8QLgkPdoQdTlU6xZKcjEyoUjHhwCYw6K4B74KgeCBXWVNK7fjy1YHdCrvBj89AZi7TlwNURYdD1WZHfiP%2BpF%2FZXQ%3D%3D; Max-Age=31536000; Expires=Wed, 04-Oct-2023 11:28:32 GMT; Domain=trk.thebetterdealz.com; Path=/; HttpOnly

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9842
Expires: Tue, 04 Oct 2022 14:12:34 GMT
Date: Tue, 04 Oct 2022 11:28:32 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 10:38:17 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: x2xnxbl8mEQiQO5M-i5kKX5iBfg4VDtFPQoUBv9uzEemzTrb51QHIg==
Age: 3015

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: W2egmawwdGqHqvpalkSESHl7EAppKu9E481Lcu1EwlpXo2spvSMxAg==
age: 21605
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 11:28:32 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.156

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
996d12af7f421412d452523d5ba2daab
10f7c7758e3c7810dceac8c5c42ae722f49ac5e9
5a4f972f749a73b19038bad4afbd8ca4785e967f9eca890783561730be56695d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 11:28:32 GMT
Server: ECS (dcb/7FA3)
X-Cache: Miss from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5vwMECea29QGAK0bugUJijG8O4UsbmeBb-22b15NtZRWv1em49aDWg==

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Tue, 04 Oct 2022 10:29:33 GMT
Expires: Tue, 04 Oct 2022 11:17:08 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PFxG0Akz5Y3lCJbgpte2_Uh4FuPQekb3coWX9AH9C-f6HgsZ0886kQ==
Age: 3539

cdnjs.cloudflare.com/ajax/libs/froala-editor/2.8.5/css/froala_style.min.css

104.17.24.14

200 OK

1.4 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/froala-editor/2.8.5/css/froala_style.min.css
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (7048)
Size
1.4 kB (1380 bytes)
Hash
aa3b4ed7478b3a40f2409188a0c9fdab
1b4efc2536689dde7205f6eb81766b6ad54ada8f
80db261e2480e9541813923e022ea7d0dceece776b3aa606216545a1ba272d26

HTTP Headers

GET /ajax/libs/froala-editor/2.8.5/css/froala_style.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 04 Oct 2022 11:28:32 GMT
content-type: text/css; charset=utf-8
content-length: 1380
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e6a-1c28"
last-modified: Mon, 04 May 2020 16:10:18 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 10169776
expires: Sun, 24 Sep 2023 11:28:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kIcqdAx4SUpJYyBR3%2BfG%2Bh0vfgN8lUDAWvO5uw5mc0JvM0Z1BNpqDah78Jj%2FTqApbyqgKR11djNLw0YxzVjqN%2BlMB5NJ5gA0cV%2Fk%2BEHtI2xxd47iR%2F%2BqLd8noNRzCLHC8HdsN8tK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 754d931debfb0b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 11:28:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js

54.230.111.17

200 OK

645 B

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
645 B (645 bytes)
Hash
ba05dd08407d90513d7ea64622f94fab
e42b779a85d18f5df3ee6744ac719b1c92c8b26e
32810073d4833635f8add044979b297aa848543a22c3c5d24a3b07486ec21587

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
content-length: 645
x-amz-meta-origin-date-iso8601: 2022-01-14T21:00:11.083Z
last-modified: Fri, 13 May 2022 18:57:22 GMT
server: AmazonS3
date: Tue, 04 Oct 2022 11:28:33 GMT
etag: "ba05dd08407d90513d7ea64622f94fab"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4o0yGpU-XbxxBOentSNJNGNKG3jSVhWHwfN-GuVnqgHR6OkTOY50uA==
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.106

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65447)
Size
31 kB (31017 bytes)
Hash
7808e0e4b7a714230373852158500533
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 09:42:03 GMT
expires: Tue, 03 Oct 2023 09:42:03 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 92790
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
0a25532c4133886e22a425cacca9c027
41a1b476967aed6ac227717098cd8be3209b45b3
f50b860d2b3b4d59df90ad6b36c84639141ca9dd9530a74e07fd79fd9387f52e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 11:28:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 06:25:20 GMT
Expires: Mon, 10 Oct 2022 06:25:19 GMT
Etag: "41a1b476967aed6ac227717098cd8be3209b45b3"
Cache-Control: max-age=499605,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 754d931e9adbb500-OSL

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d846b391ab89ca16fda20d187927d0a0.static.png

54.230.111.17

200 OK

2.2 kB

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d846b391ab89ca16fda20d187927d0a0.static.png
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type
PNG image data, 265 x 133, 8-bit colormap, non-interlaced\012- data
Size
2.2 kB (2249 bytes)
Hash
46d3b5e50a1c32641e6a1d75edb1a0ee
7241d2bd02093af81f2bc5e47c3980d7530ebe6f
8ce56b652e2fbac94f83d2b6df6ee621e9c4f298eefe4a92c53dda2dbfe744d4

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/d846b391ab89ca16fda20d187927d0a0.static.png HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 2249
date: Tue, 04 Oct 2022 11:28:34 GMT
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:36.000Z
last-modified: Fri, 13 May 2022 18:57:17 GMT
etag: "46d3b5e50a1c32641e6a1d75edb1a0ee"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tuluP9TJuy1CrNf5mZXQEqgPcOCEkHhB44nknSnPvvfvICKCmYGztQ==
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 11:28:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.rtmark.net/p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8

139.45.195.8

200 OK

697 B

URL HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
ASCII text
Size
697 B (697 bytes)
Hash
c9403da8f2e07b42a7abb2ca02510847
54707a8174b1e2539eb1170b78c548a832ea2867
8c4f1df9606db3187c5b0a76d0586cfa938845ab7cfbbe65805fb21c2032ec47

HTTP Headers

GET /p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 11:28:33 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
16ebfb2aa621547ecf581e26fc828a7d
f78993331f6f5b8af6409a9ad2fc50b77070f68a
0f81fd1d6be9ccc04b74f0348aafe642c7b9ab7dffb7e8a679b5d67cc2e5fac3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6584
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 11:28:33 GMT
Last-Modified: Tue, 04 Oct 2022 09:38:49 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/leovegas-casino.png

54.230.111.17

200 OK

25 kB

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/leovegas-casino.png
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type
PNG image data, 394 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
25 kB (25160 bytes)
Hash
6c70312463ee3dcd7b3ad7d71260f0f2
e3e9a5f85076a182b19474c10314abae656e187b
a855f233fbeba18164fdf39dfb454b29fa147af0de581a167691e081a7c8e9c1

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/leovegas-casino.png HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 25160
date: Tue, 04 Oct 2022 11:28:34 GMT
x-amz-meta-origin-date-iso8601: 2021-10-12T07:24:34.244Z
last-modified: Fri, 13 May 2022 18:57:25 GMT
etag: "6c70312463ee3dcd7b3ad7d71260f0f2"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VAEmooFj50IdvPj2lsZ7rKzTKUQQsThaMFAGox3C4ZoEO-fwRH_ZRQ==
X-Firefox-Spdy: h2

thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=prerequest

54.230.111.17

403 Forbidden

1.1 kB

URL HTTP/2
thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=prerequest
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1053 bytes)
Hash
96c6385da04b39ddb62c46f1eccbcf49
1342f6818e1c8887dfca720b3521683147e8032e
6d850f12b377524569dd5ea1a9a7837acee204152608f2f853e3d3bcd1ca0708

HTTP Headers

POST /zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thebetterdealss.com
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 403 Forbidden
server: CloudFront
date: Tue, 04 Oct 2022 11:28:33 GMT
content-type: text/html
content-length: 1053
x-cache: Error from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JPNW-c8kqCeiMpowf_xnDimhcF47mknmsji1CQFwLteNk96lsvV9hg==
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/562b1a8e5aab3041b04ffe62c956ca5f.static.png

54.230.111.17

200 OK

119 kB

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/562b1a8e5aab3041b04ffe62c956ca5f.static.png
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
119 kB (118696 bytes)
Hash
5e81ef327f6ce63e76742ef5b890d99f
6ebcf6b775c0ef4b5aa157b53872cde5ef87be27
e76f6a31d1bac8cbdca494b6c27ea2c9b64dcd320d09c179c159378d55356aee

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/562b1a8e5aab3041b04ffe62c956ca5f.static.png HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 118696
date: Tue, 04 Oct 2022 11:28:33 GMT
x-amz-meta-origin-date-iso8601: 2022-01-14T19:54:30.840Z
last-modified: Fri, 13 May 2022 18:57:31 GMT
etag: "5e81ef327f6ce63e76742ef5b890d99f"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yY5iEgYUhjcTC1XCz0rfM1NA9k4aczY6Jh5GKyhEnNit6Hw_LeD1Xg==
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.81.125.88

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.81.125.88:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: x1mcmc3eq5wrFqLJu8zUzw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: acAJ24N/JKSf0cxzRV6n8Y/2Dtw=

my.rtmark.net/gid.js?pub=0&userId=&zoneId=4495707&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4495707&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
ed349f12bdb3b285ad3fa163021fa23f
3307e0283ac2b8163aa92cd531fcb39ac1a59072
c4705889eeadd9cee3eac5fdf7047d11d0609111fd398b2369955b04293aa84e

HTTP Headers

GET /gid.js?pub=0&userId=&zoneId=4495707&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thebetterdealss.com/
Origin: https://thebetterdealss.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 11:28:33 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://thebetterdealss.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=cdcb34eb8998499f85cc44277f96b7e5; expires=Wed, 04 Oct 2023 11:28:33 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b80e518689484a0c42f4853ca667ffc9
ce312e094d9cdd75d6995883e32328c0acce6eee
b8a67dd8dc0e45c304459da07c8061e5417a4d326c87fac2492561055c3f3b03

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8A67DD8DC0E45C304459DA07C8061E5417A4D326C87FAC2492561055C3F3B03"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5162
Expires: Tue, 04 Oct 2022 12:54:35 GMT
Date: Tue, 04 Oct 2022 11:28:33 GMT
Connection: keep-alive

thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=settings

54.230.111.17

404 Not Found

145 B

URL HTTP/2
thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=settings
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
145 B (145 bytes)
Hash
7d9deb69f65db4270bb311e7fc53d74f
ac80b6deadc4d99c2bcd2a863e7922bd54476713
14560e57dc5dfa3d90dddc49024a858503bcd70dcd263f9bd593ce0a7bf570bc

HTTP Headers

GET /zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=settings HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html
content-length: 145
last-modified: Mon, 09 Aug 2021 20:00:23 GMT
etag: "7d9deb69f65db4270bb311e7fc53d74f"
x-amz-error-code: NoSuchKey
x-amz-error-message: The specified key does not exist.
x-amz-error-detail-key: zone
date: Tue, 04 Oct 2022 11:28:33 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uzqidnVJc4OUrcQWmbWYeNaHPsgWIlcZXtR5tN8YWy9zHxzj-lmrpw==
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/in_css_34d506b688dd263f9470dc2315529716.static.jpg

54.230.111.17

200 OK

56 kB

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/in_css_34d506b688dd263f9470dc2315529716.static.jpg
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size
56 kB (56400 bytes)
Hash
daed3767de815d8c15505c86b978dfbf
2e238bd17a590a987f15c6762185b7e3e58e048e
2596ca41818504ef1d96465d290b129676e812d8b3b09e1b731a690d8d35af50

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/in_css_34d506b688dd263f9470dc2315529716.static.jpg HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/03a2f250c19db9fd62bacac660640af3.static.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 56400
date: Tue, 04 Oct 2022 11:28:34 GMT
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:38.000Z
last-modified: Fri, 13 May 2022 18:57:37 GMT
etag: "daed3767de815d8c15505c86b978dfbf"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lT9vMsKctrXdI-zMF5Bonta_LbDbeKdfDaXHu5n-8q6hUEKN-McAKg==
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b096b098adb81002c6087f34f331d1c0
bbb7f5a93448d07e46c3dc037d888bb54acee091
940e5cdf93641f857dfb1b8e2d6ccacf2370d68ef0c13553be884db92f9c6556

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "940E5CDF93641F857DFB1B8E2D6CCACF2370D68EF0C13553BE884DB92F9C6556"
Last-Modified: Sun, 02 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21594
Expires: Tue, 04 Oct 2022 17:28:27 GMT
Date: Tue, 04 Oct 2022 11:28:33 GMT
Connection: keep-alive

trk.thebetterdealz.com/d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%25205%2520%2528RON%2529%2528Interstitial%2529%25282%2529%26lander.name%3DCasino-14-TY-Interstitial%26clickid%3Dwpo0ul3q9romujgji0k8htbo%26source%3Dd98fe915-7bd8-462a-b5e2-93a7c286b014%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23&lpt=DAILY%20JACKPOTS!&t=1664882913032

18.184.38.55

200 OK

1.2 kB

URL HTTP/2
trk.thebetterdealz.com/d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%25205%2520%2528RON%2529%2528Interstitial%2529%25282%2529%26lander.name%3DCasino-14-TY-Interstitial%26clickid%3Dwpo0ul3q9romujgji0k8htbo%26source%3Dd98fe915-7bd8-462a-b5e2-93a7c286b014%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23&lpt=DAILY%20JACKPOTS!&t=1664882913032
IP
18.184.38.55:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (626)
Size
1.2 kB (1152 bytes)
Hash
a6ba8b0f59ca3cb66d7f3cdd382106c9
55b89690d41f880f3982a8140ec48f987395b2ec
a88cfdf2f64727914acea78e18ba06e492297e15eb6d2055e05b543cecd0feb6

HTTP Headers

GET /d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%25205%2520%2528RON%2529%2528Interstitial%2529%25282%2529%26lander.name%3DCasino-14-TY-Interstitial%26clickid%3Dwpo0ul3q9romujgji0k8htbo%26source%3Dd98fe915-7bd8-462a-b5e2-93a7c286b014%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23&lpt=DAILY%20JACKPOTS!&t=1664882913032 HTTP/1.1
Host: trk.thebetterdealz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 11:28:33 GMT
content-type: application/javascript;charset=UTF-8
content-length: 1152
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=sync&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8&ttl=&rurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%25205%2520%2528RON%2529%2528Interstitial%2529%25282%2529%26lander.name%3DCasino-14-TY-Interstitial%26clickid%3Dwpo0ul3q9romujgji0k8htbo%26source%3Dd98fe915-7bd8-462a-b5e2-93a7c286b014%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=sync&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8&ttl=&rurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%25205%2520%2528RON%2529%2528Interstitial%2529%25282%2529%26lander.name%3DCasino-14-TY-Interstitial%26clickid%3Dwpo0ul3q9romujgji0k8htbo%26source%3Dd98fe915-7bd8-462a-b5e2-93a7c286b014%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8&ttl=&rurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%25205%2520%2528RON%2529%2528Interstitial%2529%25282%2529%26lander.name%3DCasino-14-TY-Interstitial%26clickid%3Dwpo0ul3q9romujgji0k8htbo%26source%3Dd98fe915-7bd8-462a-b5e2-93a7c286b014%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Cookie: ID=cdcb34eb8998499f85cc44277f96b7e5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 11:28:33 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=cdcb34eb8998499f85cc44277f96b7e5; expires=Wed, 04 Oct 2023 11:28:33 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d2886ada8fd722e4d9460289f1b3e1f7.static.ico

54.230.111.17

200 OK

198 B

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d2886ada8fd722e4d9460289f1b3e1f7.static.ico
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type
MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Size
198 B (198 bytes)
Hash
c6acedaff906029fc5455d9ec52c7f42
92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/d2886ada8fd722e4d9460289f1b3e1f7.static.ico HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/x-icon
content-length: 198
date: Tue, 04 Oct 2022 11:28:34 GMT
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:36.000Z
last-modified: Fri, 13 May 2022 18:57:27 GMT
etag: "c6acedaff906029fc5455d9ec52c7f42"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ccGlb-mJ1cFOMBYzhfu8goCefoAnabV40fAuyk9f8RdQQl0wTxR7Rw==
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/03a2f250c19db9fd62bacac660640af3.static.css

54.230.111.17

200 OK

2.2 kB

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/03a2f250c19db9fd62bacac660640af3.static.css
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type
assembler source, ASCII text
Size
2.2 kB (2182 bytes)
Hash
cf8b47027d74de844d0b53a973e3b46b
87cef75c19828f2c7ac22be50bb982910294b33f
7cf7bce3af4fa14de3021414a3e306c80d84b7f672eaa9bcb7ca76396ffb9bf3

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/03a2f250c19db9fd62bacac660640af3.static.css HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
date: Tue, 04 Oct 2022 11:28:34 GMT
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:38.000Z
last-modified: Fri, 13 May 2022 18:57:34 GMT
etag: W/"85f5243aa29794da8e981c44feae0346"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cmRxTU1O9cLJbmtM3e7RuAYenu7hMgb7GDJtPT4VT0NXgZue7k1R1A==
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9004
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 11:28:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9004
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 11:28:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9004
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 11:28:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9004
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 11:28:34 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11955 bytes)
Hash
54b3ef7aa50273b78b59c24511b0c1f9
e2ea2ef6805e391c497e62e101e76a0bdecfce64
296e8954022d5160137b3e02ab5085a15cee7c23cd6d4ca61b36880706062457

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11955
x-amzn-requestid: ce6bbe93-95b0-4b6e-a8bc-012796485e67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zcqb9FUtoAMF0WQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b577f-59dc0a18523f900a059aa5df;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tJwzKfs7HnQ7dVcINwnlzxTChXiEi4JPj8jrS8p5KhurRx_o3ZVOZQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
etag: "e2ea2ef6805e391c497e62e101e76a0bdecfce64"
content-type: image/jpeg
age: 47855
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdb412b7-1bf6-4a48-b9f1-b171f540e434.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.2 kB (4151 bytes)
Hash
24a4a122273ef9f772852031eb13114a
c20f1fac9020eb4bd6c84583f73872979639b991
8e1ffbed5f156637ed2f22e81d03f6d85eff0c28237c1639ea5f977e92ee7b70

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdb412b7-1bf6-4a48-b9f1-b171f540e434.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4151
x-amzn-requestid: f709a11e-cbea-4965-8502-94ddbd8768bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvSF3YIAMFdow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-29bfa31d51e8f60b38136dba;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7H1QKlOtoBoVz93G5lddxHSGiTjtMnHJCZX5FhwqhNPkspslaDoFQA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:57:01 GMT
age: 48693
etag: "c20f1fac9020eb4bd6c84583f73872979639b991"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9917 bytes)
Hash
d8c08f8066cc732de8befd6ccd629a95
22aab05208a01ae5def4d63dc145085630f57bcb
f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 48760
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5504 bytes)
Hash
6c6882c60d7ca6f918c77104e3ad1d52
20ef861be49c652a938e0145e4ca3a60159367e2
861f5870990fbd2939d151ae18384cf311e87067ca9a50818efe0c2d51b83088

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5504
x-amzn-requestid: 37405eb0-5c75-46a9-84c0-e8ed726995d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHPvoAMF3mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-77fd550b58af612525e74761;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ovm2wuk28PygH4EZNEUoPchoHQggWCyXbYHOjMV1tZmfyDrL6PjPZA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:29:19 GMT
age: 46755
etag: "20ef861be49c652a938e0145e4ca3a60159367e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.4 kB (3430 bytes)
Hash
488ec5b4267ccb1cdc4e6e08556f7f3b
42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88
d9b05fe92962a58b9a8e8dbd4757969aa361be12018107ae649ffcdb8a0f8d84

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3430
x-amzn-requestid: 22a0e400-1567-4c9c-aca9-782f3f81a8ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKLCrEn4IAMFZWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f210-11fa888c78719c44160accf8;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:04:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 69u2trVvquFefzPFeOg_AuyzqQ6EBpY_ok9d9RXv71NE3TB_qELdtg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 16:24:09 GMT
age: 68665
etag: "42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4858 bytes)
Hash
6779181f9c06975f2a662da743893939
585e7146fd24cdc2496b05baafea04091dc541e2
8e9a9f92fd89b7cdce77884ccd76b83ab82d28f125ebfc1cb0d371d4046b7985

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4858
x-amzn-requestid: fb21c414-2994-444a-a838-e643fd05b171
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTEfPoAMFfeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-593dd8043b0490e7301cac0d;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MiSh_FjAciKCaOakY2mM_EHBN1Z6GIDYIP8mwS4ikkrToQN3Ktsv2g==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:56:46 GMT
age: 48708
etag: "585e7146fd24cdc2496b05baafea04091dc541e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

shaumtol.com/zone?&pub=0&zone_id=4492922&is_mobile=false&domain=thebetterdealss.com&var=d98fe915-7bd8-462a-b5e2-93a7c286b014&ymid=wpo0ul3q9romujgji0k8htbo&var_3=&dsig=&action=prerequest

139.45.197.250

200 OK

0 B

URL HTTP/2
shaumtol.com/zone?&pub=0&zone_id=4492922&is_mobile=false&domain=thebetterdealss.com&var=d98fe915-7bd8-462a-b5e2-93a7c286b014&ymid=wpo0ul3q9romujgji0k8htbo&var_3=&dsig=&action=prerequest
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=4492922&is_mobile=false&domain=thebetterdealss.com&var=d98fe915-7bd8-462a-b5e2-93a7c286b014&ymid=wpo0ul3q9romujgji0k8htbo&var_3=&dsig=&action=prerequest HTTP/1.1
Host: shaumtol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thebetterdealss.com
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 11:28:41 GMT
content-length: 0
x-trace-id: 70549fc8bebe04a8ebe91834c50e4731
access-control-allow-origin: https://thebetterdealss.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js

54.230.111.17

200 OK

0 B

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:36.000Z
last-modified: Fri, 13 May 2022 18:57:20 GMT
server: AmazonS3
content-encoding: gzip
date: Tue, 04 Oct 2022 11:28:34 GMT
etag: W/"c9f5aeeca3ad37bf2aa006139b935f0a"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9ZHnuM5qbIOsB23FzgYNxYFUPaz-vhkk6lzU3d6Y_AHRgddsDnqP4w==
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js

54.230.111.17

200 OK

0 B

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:36.000Z
last-modified: Fri, 13 May 2022 18:57:38 GMT
server: AmazonS3
content-encoding: gzip
date: Tue, 04 Oct 2022 11:28:34 GMT
etag: W/"221a4875f104c38145363ac8d0c34223"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 94__mq91MHH2ml35rtK9Rw-sZPcTtqbOk1FF7WXBnT6ccpejYE4IuA==
X-Firefox-Spdy: h2

shaumtol.com/pfe/current/micro.tag.min.js?z=4492922&ymid=wpo0ul3q9romujgji0k8htbo&var=d98fe915-7bd8-462a-b5e2-93a7c286b014&sw=/sw-check-permissions-a7c35.js

139.45.197.250

200 OK

0 B

URL HTTP/2
shaumtol.com/pfe/current/micro.tag.min.js?z=4492922&ymid=wpo0ul3q9romujgji0k8htbo&var=d98fe915-7bd8-462a-b5e2-93a7c286b014&sw=/sw-check-permissions-a7c35.js
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=4492922&ymid=wpo0ul3q9romujgji0k8htbo&var=d98fe915-7bd8-462a-b5e2-93a7c286b014&sw=/sw-check-permissions-a7c35.js HTTP/1.1
Host: shaumtol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 11:28:33 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 13:19:37 GMT
etag: W/"6332f869-1a5ed"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds

54.230.111.17

200 OK

0 B

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html
date: Tue, 04 Oct 2022 11:28:33 GMT
x-amz-meta-origin-date-iso8601: 2022-04-26T11:32:08.725Z
last-modified: Fri, 13 May 2022 18:57:22 GMT
etag: W/"9beb0e67242c5df9ca339db557f594ea"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cKgePy9tvuCkn-czqvKqDCTY9-SF-SdB4K7w0u0gGwOEoCw33MbPXQ==
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/ae50ba77acae77ced1d303cb70026f9b.static.css

54.230.111.17

200 OK

0 B

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/ae50ba77acae77ced1d303cb70026f9b.static.css
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/ae50ba77acae77ced1d303cb70026f9b.static.css HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%205%20%28RON%29%28Interstitial%29%282%29&lander.name=Casino-14-TY-Interstitial&clickid=wpo0ul3q9romujgji0k8htbo&source=d98fe915-7bd8-462a-b5e2-93a7c286b014&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
date: Tue, 04 Oct 2022 11:28:33 GMT
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:38.000Z
last-modified: Fri, 13 May 2022 18:57:31 GMT
etag: W/"ec3bb52a00e176a7181d454dffaea219"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: N8Cu86-ckuDNhQmrI5Cqdzv5Sf-LZK6F2Mn52DyURPK1TbJOCZqoag==
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations