Report - officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

Report Overview

Submitted URL
officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com
IP
54.230.111.51
ASN
#16509 AMAZON-02
Submitted
2022-11-25 10:50:17
Access
Website Title
Final URL
Tags
None
urlquery detections
Scam / Brand infringement

Detections

urlquery
17
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.36.76.226
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
desekansr.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	28 kB	139.45.197.250
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.39.96.8
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	59 kB	34.120.237.76
officialgifts.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	11 kB	233 kB	54.230.111.129
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-25	medium	officialgifts.xyz/1/prizewheel/cash/ngcashn/js/landers/prizewheel-fb/app.js?id=c3c399d8b44b50eee3e6	Phishing
2022-11-25	medium	officialgifts.xyz/1/prizewheel/cash/ngcashn/css/app.css?id=c588c17324f2be0e0ec9	Phishing
2022-11-25	medium	officialgifts.xyz/1/prizewheel/cash/ngcashn/img/fb-like.svg	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-25	medium	desekansr.com	Sinkholed

JavaScript (15)

	URL	Size	First Seen	Last Seen
	officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com	498 B	2023-03-07	2023-07-17
Pretty URL officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:49:23 Last Seen2023-07-17 14:06:33 Times Seen639 Hash 5883cd53a4e3788bac0bf84ec6569353 c131a703eaca10a46c4a6eb1e212caa6d13e5541 3d802fe84930509454d19d1340b5c340c6acbc2a08c8a8eb89dd0349714ebfa8 Loading...

	officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com	320 B	2023-03-07	2024-04-06
Pretty URL officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:52 Last Seen2024-04-06 22:03:28 Times Seen379 Hash dd84036149c5641b097936e5e3a60ac8 55e20ff12fd5738372aa23411dfbad98c4580e79 e6e02208b66e48bb0c1ebbc3c335ef676c7ad19ad84c21658e3636b0808fc9f3 Loading...

	officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com	111 B	2023-03-07	2024-04-15
Pretty URL officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:11 Last Seen2024-04-15 01:27:42 Times Seen672 Hash 1cc0dcb56c5a8dd0da55394b35b20a29 e8e863364d915222b6692bfe868588da7975bd2c c25ce95ac3308e9634e6fd294a7ddc328d43f4d050fec69d5409a3d01fbc1928 Loading...

	officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com	731 B	2023-03-07	2024-04-15
Pretty URL officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:11 Last Seen2024-04-15 12:08:38 Times Seen1697 Hash 4c6e9aede3b035d2a54844ddc88b93b0 f4cc613ce26cb24038821cc1d292f038ffdc9d01 023d5b59c6ff0e9b4fe0f8b4da8436c945f636c0e8ebbc8e84d4a32d6f299ab6 Loading...

	desekansr.com/pfe/current/micro.tag.min.js?z=5378963&sw=/sw-check-permissions-f40a4.js	78 kB	2023-03-09	2023-03-17
Pretty URL desekansr.com/pfe/current/micro.tag.min.js?z=5378963&sw=/sw-check-permissions-f40a4.js IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 23:03:50 Last Seen2023-03-17 22:46:33 Times Seen1 Hash 2ff31a855f49b8556bc52e2c0e4742c4 6e4a4532a83fa78fff0719b7e13f644fb842dc68 46c4d68f925af64956704d5ff2389c648fba60ac4baaf1963624e84abd4b6c1f Loading...

	officialgifts.xyz/1/prizewheel/cash/ngcashn/js/landers/prizewheel-fb/app.js?id=c3c399d8b44b50eee3e6	150 kB	2023-03-07	2024-04-20
Pretty URL officialgifts.xyz/1/prizewheel/cash/ngcashn/js/landers/prizewheel-fb/app.js?id=c3c399d8b44b50eee3e6 IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-20 00:08:56 Times Seen2080 Hash cdf97653c213f02233f50a1ec975633c 0445187a07bfa933c3328d8248f61503f5f3fef0 c7eb3be411c7a475be0b5cb8d8979b47025b834180494c58d77fcf16a6a9a861 Loading...

	officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com	241 B	2023-03-07	2024-04-18
Pretty URL officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-18 08:23:10 Times Seen3041 Hash 825899569915b84f68b26d0cd783de56 25980612702ec59729cd51a1ae4889d90b2d81c0 5d5f9e205ad51e722a55d693a4a02c4e55728ffc4d19cc3b2fcf36d6aea17536 Loading...

	officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com	366 B	2023-03-07	2024-04-15
Pretty URL officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:11 Last Seen2024-04-15 01:27:42 Times Seen586 Hash 40f2114f951199cb58a18a09aced59ac 2e8668b1491bc84c8cb4b968c52367a7d0ca83be 5bd0b29def7bdcfa084a85c9f395f801cb264976c7ae682d944c37d05d7ef97a Loading...

	officialgifts.xyz/1/prizewheel/cash/ngcashn/js/app.js?id=15b1bae461854d516179	977 B	2023-03-07	2024-04-20
Pretty URL officialgifts.xyz/1/prizewheel/cash/ngcashn/js/app.js?id=15b1bae461854d516179 IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-20 00:08:56 Times Seen3063 Hash 15b1bae461854d516179a34a8c9b5f08 330c1d191253fe07c5fe6b5af37872408f2e5904 1bd25e467ea078265aee433e0cf9732a7e127514304634590a2de17fb2330896 Loading...

	officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com	103 B	2023-03-11	2023-03-11
Pretty URL officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 19:46:58 Last Seen2023-03-11 19:46:58 Times Seen1 Hash 5d1df78e55643dedb5987445e11dd1d1 98239f95ddcabe93309a58e1032c5478745b6c4f 5f7fb3e90aec574316907c45726bac84066432dd42f584442e4f4e68f8444721 Loading...

	officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com	879 B	2023-03-07	2023-04-05
Pretty URL officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2023-04-05 02:10:58 Times Seen280 Hash 6773165f880d9c5aee5e7eebe7b73621 684a5d8200ae966b0da79881d6691cdf1ee584d1 6edcdc5cc151163e6547e5bbaff85aee07dfd9d0d270c6d8e72ac992976165ed Loading...

	officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com	40 B	2023-03-07	2024-04-20
Pretty URL officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com IP 54.230.111.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-20 00:15:36 Times Seen3863 Hash fe0dc8d4915af0701a005086d0696180 2e65cc10554fde204edbde4d3b1e4fedff82cfa7 909b1dec809484d438fc8a24deba298ffbed61663709c5f0a5302746a8ac41be Loading...

		Size	First Seen	Last Seen
	#1 Eval - 07bec1b3326b1fc4a5d0b39761a55859	80 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 19:46:58 Last Seen2023-03-11 19:46:58 Times Seen1 Hash 07bec1b3326b1fc4a5d0b39761a55859 0c97207071e4aa2f87377f4650b99670d954e0e8 7fbd16b27fb914f4f8fa30af6a87673ea6b052a1c68bb669f364a2b84b76322e Loading...

		Size	First Seen	Last Seen
	#1 Write - 8b36e9207c24c76e6719268e49201d94	6 B	2023-03-07	2024-03-04
Pretty Observations First Seen2023-03-07 01:19:05 Last Seen2024-03-04 05:56:46 Times Seen377 Hash 8b36e9207c24c76e6719268e49201d94 2b681c0a24baff8899d7163cc7f805c75e1f44e4 ce770667e5f9b0d8f55367bb79419689d90c48451bb33f079f3a9a72ae132de8 Loading...

	#2 Write - 6352c39cd4969a56bce1b6eea4e81b9f	79 B	2023-03-07	2023-05-18
Pretty Observations First Seen2023-03-07 01:03:11 Last Seen2023-05-18 19:45:28 Times Seen45 Hash 6352c39cd4969a56bce1b6eea4e81b9f c698e9d14aed2b5f6587dfc0a828aab2381698bb 2cb1881291bb11e8f4e9709dfbfe650118178bbb91f361e903f14b3a5bf49886 Loading...

HTTP Transactions (42)

URL IP Response Size

officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

54.230.111.129

200 OK

4.1 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1226)
Size
4.1 kB (4056 bytes)
Hash
ec76ed45eede226aaf22cadf9affa29d
9eeed772b8b25ffd8ab88607d0144da70d2aafae
5f6ecd00a6c3b27bc6a8bee81cb190269418205fcca79b0a0d412d2182574c34

HTTP Headers

GET /1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 24 Nov 2022 21:13:17 GMT
ETag: W/"58e4ac8c593e2766a573ff7a8ae00eb5"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TQ8K_700OB7mB8B1qBkh-BOWJZBIR3q0AIzDVGBN2i1LT6uHGIAYpQ==
Age: 49010

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6407
Expires: Fri, 25 Nov 2022 12:36:53 GMT
Date: Fri, 25 Nov 2022 10:50:06 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 545
Cache-Control: max-age=85810
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 10:50:06 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 10:40:16 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 10:19:05 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1861
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10664
Expires: Fri, 25 Nov 2022 13:47:50 GMT
Date: Fri, 25 Nov 2022 10:50:06 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 8o5TDLfmRTK2X4sY4gA1F098IdNXqF/RW5VFALcUeMkyNcN3C0pVDoJOzGHWT/KYFwKOsz84azs=
x-amz-request-id: NZV17TFWZQF8RAHF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 10:43:48 GMT
age: 378
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

officialgifts.xyz/1/prizewheel/cash/ngcashn/css/landers/prizewheel-fb/app.css?id=cd41123a11e97e0f2444

54.230.111.129

200 OK

1.1 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/css/landers/prizewheel-fb/app.css?id=cd41123a11e97e0f2444
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3495), with no line terminators
Size
1.1 kB (1095 bytes)
Hash
ba8a1435ff223b2909706f678310def7
6d945ed87239f4b1544ee080873e3aacd70ac653
cafe68f02f3d4331a25a26a8419497011c8d18b583064f9ad7eacc167a5f5081

HTTP Headers

GET /1/prizewheel/cash/ngcashn/css/landers/prizewheel-fb/app.css?id=cd41123a11e97e0f2444 HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 24 Nov 2022 20:03:12 GMT
ETag: W/"cd41123a11e97e0f2444b57d180631a0"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rKPHzFTjT3vXKwh2P4piS8ZHn1xQwnUEOqc8i369tZQXAlrirNOcow==
Age: 53215

officialgifts.xyz/1/prizewheel/cash/ngcashn/js/app.js?id=15b1bae461854d516179

54.230.111.129

200 OK

977 B

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/js/app.js?id=15b1bae461854d516179
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (977), with no line terminators
Size
977 B (977 bytes)
Hash
15b1bae461854d516179a34a8c9b5f08
330c1d191253fe07c5fe6b5af37872408f2e5904
1bd25e467ea078265aee433e0cf9732a7e127514304634590a2de17fb2330896

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/js/app.js?id=15b1bae461854d516179 HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 977
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 10:49:59 GMT
ETag: "15b1bae461854d516179a34a8c9b5f08"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: FTHgK8oRS13jaFlVDr88BcVuQucvPse7u26AsvD1SMZB56X5tl8c7Q==
Age: 5275

officialgifts.xyz/1/prizewheel/cash/ngcashn/js/landers/prizewheel-fb/app.js?id=c3c399d8b44b50eee3e6

54.230.111.129

200 OK

52 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/js/landers/prizewheel-fb/app.js?id=c3c399d8b44b50eee3e6
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65475)
Size
52 kB (52342 bytes)
Hash
efcc82bafbcfac0863bfede2ac01b7a4
0ba4a5dac6abc75b99c0e5baf7d7e00868d41ebf
fa73a5603bc0b105df30b50e376ccde230e9b76433ea78e7c9f6f7f261c670c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /1/prizewheel/cash/ngcashn/js/landers/prizewheel-fb/app.js?id=c3c399d8b44b50eee3e6 HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 24 Nov 2022 20:03:12 GMT
ETag: W/"cdf97653c213f02233f50a1ec975633c"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: A5sjEMGF3yCkzzFKQP8FzYSaTZ77-8_l1r7iwDAocLFItsWktzcSGw==
Age: 53215

officialgifts.xyz/1/prizewheel/cash/ngcashn/css/app.css?id=c588c17324f2be0e0ec9

54.230.111.129

200 OK

33 B

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/css/app.css?id=c588c17324f2be0e0ec9
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
33 B (33 bytes)
Hash
c588c17324f2be0e0ec90a18f39e7d7c
69d360eddd15f527aac7f7e610346517732b7770
b83e8830b6b2f1253a78f90191cf1087e8fd7638831fd4c1376a7a6029297240

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement
fortinet	Phishing

HTTP Headers

GET /1/prizewheel/cash/ngcashn/css/app.css?id=c588c17324f2be0e0ec9 HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 33
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 05:31:54 GMT
ETag: "c588c17324f2be0e0ec90a18f39e7d7c"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9NYq1pJvDRNxovb-PV8a3iLCmEDGiG5b3NxaNVfPcCgLdC4ujsc-KA==
Age: 19093

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 10:50:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/landers/prizewheel-fb/notification.png

54.230.111.129

200 OK

449 B

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/landers/prizewheel-fb/notification.png
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
PNG image data, 30 x 28, 8-bit colormap, non-interlaced\012- data
Size
449 B (449 bytes)
Hash
bd5203f2cc9e7a9125e4575e029541b0
9fa565ab2f4b55da4735b79e529562252b3c9afe
db94c8ae725f947f20e12df29e6b6c8ade5ffcd5a7dc9ffd9be0351d963f826f

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/landers/prizewheel-fb/notification.png HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 449
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 08:49:34 GMT
ETag: "bd5203f2cc9e7a9125e4575e029541b0"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NC5hrEsxa_mZhTbuh2JZj8Wy98OseBM2RKGhhT-r5iMZ4BbBespsOg==
Age: 7233

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/landers/prizewheel-fb/loader.gif

54.230.111.129

200 OK

5.1 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/landers/prizewheel-fb/loader.gif
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 50 x 50\012- data
Size
5.1 kB (5083 bytes)
Hash
ed786659a534e0d183c09a90c50abc9d
a6c3d90bfaa86a7cda490bc5d04c8939c31a414e
cbaeb154dcb93bff5f6e382cede5d51a11175a2295e56bb2790611910280ba97

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/landers/prizewheel-fb/loader.gif HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 5083
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 05:31:54 GMT
ETag: "ed786659a534e0d183c09a90c50abc9d"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: JLkuT4tvsg-ZElllLf_ZYZx3TjAAjLoBOXKc_gRVYQAq0IyEbwUTpQ==
Age: 19093

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/prizes/iphone-12-pro-max/default@0.5x.png

54.230.111.129

200 OK

50 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/prizes/iphone-12-pro-max/default@0.5x.png
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
PNG image data, 250 x 179, 8-bit/color RGBA, non-interlaced\012- data
Size
50 kB (50312 bytes)
Hash
f7b097df011b0dc3a43b4da028057c6c
d1235aca11ade4d28485030479791f31395d8a45
5714eae7a2f7410b716491fa80a058c617c7d1104064638ba27017ad47fc3e2a

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/prizes/iphone-12-pro-max/default@0.5x.png HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 50312
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 05:32:22 GMT
ETag: "f7b097df011b0dc3a43b4da028057c6c"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yhuRXQiTrFK-moRVUS1N8z3ihA5dta33fy_AqQsynpUQIZP3v_Na2g==
Age: 19065

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/landers/prizewheel-fb/prizewheel_spinner.jpg

54.230.111.129

200 OK

32 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/landers/prizewheel-fb/prizewheel_spinner.jpg
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1002x1002, components 3\012- data
Size
32 kB (32496 bytes)
Hash
d4655cba21d806e849eed4e4119fbe1a
6453039d85005643e9d65074ca022f63b5d47cdd
90f2363aaebaf03f06fb20c6c02fb2e97497d7cd54b611281303ce7e10335ee7

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/landers/prizewheel-fb/prizewheel_spinner.jpg HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 32496
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 08:50:10 GMT
ETag: "d4655cba21d806e849eed4e4119fbe1a"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: e5jkusbaGgbBC_Z7mXzdsmdLMVpylSJ3knxI11X-l1sf-3tiRt0XnQ==
Age: 7197

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/male/9@0.25x.jpg

54.230.111.129

200 OK

3.1 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/male/9@0.25x.jpg
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size
3.1 kB (3146 bytes)
Hash
4c30d4f61201b822adcfa58dbe32389c
9d9edd23a3b074135d9e043b5d1e52d8dbe29c91
19d491c137daf159170ed6d6340c33b11806347b18b2e89840989b914346d9f4

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/profiles/african/male/9@0.25x.jpg HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 3146
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 03:13:29 GMT
ETag: "4c30d4f61201b822adcfa58dbe32389c"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: HJu5HctLRWs0bp3WY6lpJ9MzMzXduwQ2qwmr0eo7d4yBrF_jvPOYrA==
Age: 27397

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/landers/prizewheel-fb/prizewheel_static.png

54.230.111.129

200 OK

3.4 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/landers/prizewheel-fb/prizewheel_static.png
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1002 x 1002, 4-bit colormap, non-interlaced\012- data
Size
3.4 kB (3370 bytes)
Hash
dc484e0043b5ff6191b1880c8779863c
a5b67e3dff3dea3940eed090431aecbb36611b1d
30bc059973d84a6e1d22d16747bce062025561f2555cdd9cec012a87866abcb6

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/landers/prizewheel-fb/prizewheel_static.png HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 3370
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 07:50:53 GMT
ETag: "dc484e0043b5ff6191b1880c8779863c"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 173EQr6S8yl7By2pgKb6xn0G_1ZXBdbPPNRdR9orcAGrnLyh6VnJPA==
Age: 10753

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/female/3@0.25x.jpg

54.230.111.129

200 OK

2.7 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/female/3@0.25x.jpg
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size
2.7 kB (2727 bytes)
Hash
2790f79b7e764407ae4b87a9dc30734b
30f0a1e4d30ac25108f2d0487f49944fbe630b72
8970ba9af5b39727ac25d42ab540c42ae7f58de4011fadb8efd2f5f317a8d575

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/profiles/african/female/3@0.25x.jpg HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 2727
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 05:32:55 GMT
ETag: "2790f79b7e764407ae4b87a9dc30734b"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: WjHAljCkbRBNGbQ8x8S9UL0SAKZWgCR1fXuA8k29EcMPy47ml2u94Q==
Age: 19032

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/male/3@0.25x.jpg

54.230.111.129

200 OK

2.5 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/male/3@0.25x.jpg
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size
2.5 kB (2518 bytes)
Hash
2c188d082f97b0a5b29c92dbaf7a9787
f2a3828b68ba4d06d450832a977c48a22360d5eb
afc758b894177d4003b5d02d80cd023429c99cfc3cd880804570d237cf6a96f0

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/profiles/african/male/3@0.25x.jpg HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 2518
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 05:32:55 GMT
ETag: "2c188d082f97b0a5b29c92dbaf7a9787"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jSnpr_c61UvTmTCF0luE7vTpRC7wAAwDVrTs7LaSPw_v9Ue03XB-wQ==
Age: 19032

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/male/10@0.25x.jpg

54.230.111.129

200 OK

2.3 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/male/10@0.25x.jpg
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size
2.3 kB (2302 bytes)
Hash
2ec37a714ba9202b2492cc1eff504041
29d005604784110044c80c13610ec1fe946a7d83
278b0f8b52650d39e549fc69ea49d62d3bdd0c41b3ffd939da265842b6e40369

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/profiles/african/male/10@0.25x.jpg HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 2302
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 05:32:55 GMT
ETag: "2ec37a714ba9202b2492cc1eff504041"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mHHxlPOz_m-U8Y8Jdb6-Rf1mRsH-UgyxnM9xla9ZQYi8XhDjdqlCkg==
Age: 19032

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/female/6@0.25x.jpg

54.230.111.129

200 OK

2.8 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/female/6@0.25x.jpg
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size
2.8 kB (2766 bytes)
Hash
af242991b9a56424739c63a6bd4090a7
7b41b3b2cfbbe69a865efa8863883bf029738b6e
c53bda952fa4ca1869dfb4fd7db948ef87f1a8c8f2e6633e2320465f01f0829f

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/profiles/african/female/6@0.25x.jpg HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 2766
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 05:32:55 GMT
ETag: "af242991b9a56424739c63a6bd4090a7"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: e-qjz7hN7iBSMMGYaGTy7HDQzn11en9GS32JxFYepwAWc7YyNtkrpw==
Age: 19032

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/prizes/iphone-12-pro-max/proof.jpg

54.230.111.129

200 OK

51 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/prizes/iphone-12-pro-max/proof.jpg
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=523, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=768], progressive, precision 8, 160x109, components 3\012- data
Size
51 kB (50746 bytes)
Hash
ab1390c6bf82ba2695703b4de58813dc
091757351d862fa64281d74131a92014606a6813
0609d377911d2b2874a42ef9cc9916efb758070eb1d1420f3ec2b6d36f82e75a

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/prizes/iphone-12-pro-max/proof.jpg HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 50746
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 05:11:35 GMT
ETag: "ab1390c6bf82ba2695703b4de58813dc"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UR5jupUWRz3t6PfI9eUfO6OJ5GitOQns1_GAgBlgKZW7_k6XrTNGaQ==
Age: 20312

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/female/5@0.25x.jpg

54.230.111.129

200 OK

2.0 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/female/5@0.25x.jpg
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size
2.0 kB (1960 bytes)
Hash
732da0e5f3968ec3d9014a6bbb62c04a
5d306c8778fdcac19f03542fccaf31df1cb8a783
d3eefd5709b25e1bb1129cccb1da22e54816cb2d15a2ed4cfa045b57579a7ef8

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/profiles/african/female/5@0.25x.jpg HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 1960
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 05:32:55 GMT
ETag: "732da0e5f3968ec3d9014a6bbb62c04a"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Ty_B9TWVKkn0Fgtr1g0zTUnghDD_krQmXJgYV-F1xkZtcJKcqToK0A==
Age: 19032

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/female/1@0.25x.jpg

54.230.111.129

200 OK

2.8 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/female/1@0.25x.jpg
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size
2.8 kB (2781 bytes)
Hash
9ef452251daa9ff9fbdc5fe827a35061
2cb40a02efce5fd8772f57b8e9737018fed3f9ba
355126576c7a0bdbbe771a2b039d093c855efe6805941a36456324a2076e2ce1

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/profiles/african/female/1@0.25x.jpg HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 2781
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 05:32:55 GMT
ETag: "9ef452251daa9ff9fbdc5fe827a35061"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Gn12l3ITOVh-uL58GWfcjBUipEPnFMto7-p861OQ79pn0d1JTo0QKA==
Age: 19032

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/male/2@0.25x.jpg

54.230.111.129

200 OK

2.1 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/profiles/african/male/2@0.25x.jpg
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Size
2.1 kB (2053 bytes)
Hash
0f15632c24d4646c58f30feaa3baaa8a
a7f319366432f5a63d7f11d30b0a6c9cb6398b64
4118d09fb21a7f34160f470078f6dcba042e8a07e2b4e32de12a4dcd9c5e7da8

Detections

Analyzer	Verdict	Alert
urlquery		Scam / Brand infringement

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/profiles/african/male/2@0.25x.jpg HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 2053
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 25 Nov 2022 05:11:35 GMT
ETag: "0f15632c24d4646c58f30feaa3baaa8a"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vW7ZHKB6-QyuVeXafiZmmBID4rzZ0FyLNBJ8MxDquaQVjSJNyDtnFA==
Age: 20312

officialgifts.xyz/1/prizewheel/cash/ngcashn/img/fb-like.svg

54.230.111.129

200 OK

2.1 kB

URL HTTP/1.1
officialgifts.xyz/1/prizewheel/cash/ngcashn/img/fb-like.svg
IP
54.230.111.129:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (4627), with no line terminators
Size
2.1 kB (2062 bytes)
Hash
6339f263a7bd6246056bda98ae188336
60b93c1930cef992fac533e306c6e1033f95e028
0068899ef50e4bcb1827c1ce475827d3d82e2ddd8a24e578a5c669a613aa7fa2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /1/prizewheel/cash/ngcashn/img/fb-like.svg HTTP/1.1
Host: officialgifts.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/1/prizewheel/cash/ngcashn/index.html?domain=continuetosite.com&brand=Google&bemobdata=c=b8fc33c3-b74c-4958-9447-21104c7eddf3..l=a3d45b74-f99f-4b55-bde2-cf376baa3991..a=0..b=0..r=continuetosite.com

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 09:25:40 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Fri, 25 Nov 2022 05:14:48 GMT
ETag: W/"765203989756e91925e8f947e660b644"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: u2GNxe0b9Sw63oW05y7PBJRMyelv3gqvwyiPi7EWCk-g5UueEedNsg==
Age: 20119

desekansr.com/pfe/current/micro.tag.min.js?z=5378963&sw=/sw-check-permissions-f40a4.js

139.45.197.250

200 OK

27 kB

URL HTTP/1.1
desekansr.com/pfe/current/micro.tag.min.js?z=5378963&sw=/sw-check-permissions-f40a4.js
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
27 kB (27347 bytes)
Hash
44702f11a7b61f534fecc7809465cde9
418254b9eb4bbc21b9d839e6db5b56bc474a62dd
4b8b8b52ce1028e5877b71ac5b3e93867207d3030f31ee9deaec2eda11e4263c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=5378963&sw=/sw-check-permissions-f40a4.js HTTP/1.1
Host: desekansr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://officialgifts.xyz/

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 10:50:06 GMT
Content-Type: application/javascript
Last-Modified: Thu, 24 Nov 2022 15:53:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"637f9392-12fca"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 10:08:53 GMT
cache-control: public,max-age=3600
age: 2474
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
df06e70fc8a35facf1d8db463d18e231
fa8a2975566cc792898f870e48ae7518d3657326
4cef7e704f4d575ce6733f6f2d803d241b597be51ff3fb03f72e5c33a893b504

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5906
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 10:50:07 GMT
Last-Modified: Fri, 25 Nov 2022 09:11:41 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.39.96.8

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.39.96.8:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4TYvt8JbdpEX4wFZFhF2Ug==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XsZzn6Q5fMGRdT+OXfbKuMGNU8w=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14496
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 10:50:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14496
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 10:50:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14496
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 10:50:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14496
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 10:50:08 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14496
Expires: Fri, 25 Nov 2022 14:51:44 GMT
Date: Fri, 25 Nov 2022 10:50:08 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11743 bytes)
Hash
8784bb7a8b88736a6016f712e3183bf3
b0ddc1555d2506177adcdcea77864d75f1245d07
8e331713b0ad0b5670dd33dfdadde665e076a40ddb80905d4df89876d49803d8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11743
x-amzn-requestid: 9ab0aba7-5cd1-4f6c-8984-dc221e1cbf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cICD-F7joAMFqmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe3b2-152ba5f1495a44447356cdab;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oWSNdsrz59sJC2znLnFqa_Zm3T14_d6j-rjzDQe4yV22Dy2Qc4Swaw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:45 GMT
age: 46524
etag: "b0ddc1555d2506177adcdcea77864d75f1245d07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.0 kB (3955 bytes)
Hash
4006a9037ab5f28dca62b0aa7a704c41
74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 04:23:00 GMT
age: 23229
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9e23502-5ace-42f4-a990-42412dc7e04e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6385 bytes)
Hash
f6292a2988fb4505d0098553b8e99ddc
9b8aafcda0e22edcc16d3048f4b88659d3b42419
16b7b473229c5e519ab81b385c50277424f3f3b2a5d7647035e84ba58e44f3be

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9e23502-5ace-42f4-a990-42412dc7e04e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6385
x-amzn-requestid: 4c2a84f7-f038-4f5a-86c2-5c8ce1a48c6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cI5NVFMAoAMFn7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63803bee-45c6411c2430e2375f530dd8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 03:52:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fj82i9qJmEiUy2DOkkowq8WRyzupMwNyQqu110sJ3o72HEW4yb7bjQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 07:35:26 GMT
age: 11683
etag: "9b8aafcda0e22edcc16d3048f4b88659d3b42419"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8006 bytes)
Hash
8b6ee13d43732f7c764a49500d092865
5d15fd672e968d59b541e4d5d0d01cd5e69f4075
fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NntLZ3wUdcX9kEo-afFLU0TPKgqAlSK3bToNh2mmoqoyLBJINNk7ow==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:54:39 GMT
age: 46530
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11249 bytes)
Hash
481c033b9ffd030ff0de6e35cf788b47
85d3baad9217af2b5d75c019d2ef95dbb919a788
02443c7869914c2b29892deb0c645395bcf4e8379da3cf20974614ff9c92893b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11249
x-amzn-requestid: 8f679d7f-2ea5-4e47-b78d-79af59435a62
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFPHYHkAIAMFpBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec562-26108a785e910dc3355d58f1;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 01:14:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NKwpIdw2RZNZNh69AF5GNvunA_QfRGClvzcRP3zYwn7c8BLBlt097g==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 07:46:20 GMT
age: 11029
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4dfd2143-7cf2-4a28-b8bf-bc3121d6a4d8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10950 bytes)
Hash
4abf25d4a15ce58edadd54994b3434a2
18800e21d05596f7b64213072dee7dda5c1faf61
633138e70f43e2be9cc447967044c4070bfc4d9285e5228361bebe255dc286e2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4dfd2143-7cf2-4a28-b8bf-bc3121d6a4d8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10950
x-amzn-requestid: 9bb73841-83d9-48b2-8c79-f00a57612b4a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFNstFeZoAMFopQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec31d-4e6aafd367c7740c77df133b;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 01:04:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tCG6Llkb9UHrJDHyxk5RgLkQ3Cds3dXRc0uMhy_9GbnzgMWk5UBS6w==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:04:29 GMT
age: 74316
etag: "18800e21d05596f7b64213072dee7dda5c1faf61"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5d608c50d2b9b484de63149c6a59a661
f33ce6432abeaf5369dbbff4218a09fc7f85452a
49d236c8214bafbef86e380e32aa49c041f0f4df2ce508de9842191c1fa8f9ff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49D236C8214BAFBEF86E380E32AA49C041F0F4DF2CE508DE9842191C1FA8F9FF"
Last-Modified: Wed, 23 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18162
Expires: Fri, 25 Nov 2022 15:52:56 GMT
Date: Fri, 25 Nov 2022 10:50:14 GMT
Connection: keep-alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations