Report - cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5833048&axcusid1=726858ccd4&clid={ymid}&r=https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret={var_4}&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357

Report Overview

Submitted URL
cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5833048&axcusid1=726858ccd4&clid={ymid}&r=https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret={var_4}&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
IP
172.67.149.153
ASN
#13335 CLOUDFLARENET
Submitted
2023-05-29 15:31:20
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigo.com	487	2018-08-16	2019-11-29	2023-05-29	330 B	963 B	104.18.14.101
datatechone.com	unknown	2021-12-24	2015-06-17	2023-05-29	530 B	465 B	139.45.195.253
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-29	1.3 kB	2.8 kB	142.250.74.131
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-05-29	866 B	145 kB	142.250.74.168
psaudous.com	unknown	2021-04-01	2021-04-30	2023-05-28	532 B	2.5 kB	139.45.197.239
datatechonert.com	46154	2021-12-24	2021-12-24	2023-05-29	534 B	483 B	139.45.195.253
cdn-adef.akamaized.net	125719	2014-03-18	2018-02-06	2023-05-28	3.3 kB	3.1 MB	23.36.76.96
offerimage.com	304078	2019-06-10	2019-06-10	2023-05-29	1.8 kB	57 kB	104.22.32.172
cdntechone.com	64371	2021-12-24	2021-12-24	2023-05-29	403 B	19 kB	172.67.149.153
niwooghu.com	unknown	2022-04-01	2022-04-01	2023-05-29	6.5 kB	38 kB	139.45.197.237
rewardarium.com	unknown	2023-04-05	2023-04-06	2023-05-29	2.5 kB	61 kB	172.67.164.207
www.mysexymatches.com	unknown	2022-02-14	2022-04-23	2023-05-28	1.7 kB	22 kB	52.17.88.125
my.rtmark.net	9054	2014-10-29	2015-02-04	2023-05-29	884 B	1.4 kB	139.45.195.8
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-05-29	866 B	20 kB	142.250.74.35
s.exv6.com	unknown	2021-07-21	2022-03-16	2023-05-28	475 B	433 B	95.211.229.248
i.th61.com	unknown	2013-11-07	2023-04-06	2023-05-29	459 B	578 B	172.67.146.173
stootsou.net	145219	2021-04-03	2021-04-05	2023-05-29	3.5 kB	122 kB	139.45.197.250
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2023-05-29	1.0 kB	1.0 kB	139.45.197.250
tzegilo.com	unknown	2022-01-14	2022-01-14	2023-05-29	400 B	18 kB	172.64.104.21

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-29	medium	www.mysexymatches.com/js/pushjs/1.0.0/utils.js
2023-05-29	medium	www.mysexymatches.com/js/pushjs/1.0.0/subscriber.js

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-05-29	medium	amunfezanttor.com
2023-05-29	medium	amunfezanttor.com

ThreatFox

No alerts detected

JavaScript (27)

	URL	Size	First Seen	Last Seen
	niwooghu.com/400/5776801?ymid=687071612299916065&var=zd_5833048&var3=726858ccd4	83 kB	2023-05-29	2023-05-29
Pretty URL niwooghu.com/400/5776801?ymid=687071612299916065&var=zd_5833048&var3=726858ccd4 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-29 17:31:21 Last Seen2023-05-29 17:31:21 Times Seen1 Hash 711ce8ded536d0eacc52ae0bfad0f0ef c6cc48d4f26b43d45a9812d05fb723622e41d3a4 7e47e699a59a424c48952ab37efe26edb1ada83af10a921fd24e763ae6080d30 Loading...

	cdn-adef.akamaized.net/landings/277419/1669995966/js/MB_push_NEW.js?1669995966	671 B	2023-03-07	2024-04-21
Pretty URL cdn-adef.akamaized.net/landings/277419/1669995966/js/MB_push_NEW.js?1669995966 IP 23.36.76.96 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:22 Last Seen2024-04-21 23:30:57 Times Seen3708 Hash 533a9cb9c41907529c3d603edb25d5d9 222bee472465971cf71bfa210d04136eb765ccc0 45d257677164ebc2c1fd4ff44b4ee5a1ce9c87682f165836a3e38113d1e09eaf Loading...

	www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779	391 B	2023-04-05	2024-01-22
Pretty URL www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779 IP 52.17.88.125 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 09:54:56 Last Seen2024-01-22 06:10:19 Times Seen1908 Hash 5309ed40ce506ad3835aaf9cdb58936e 7f28dc0bbdc514c5facdf048c7675d982d99f8f1 a708a632a45c8428d88229a757ef59a135f2706e6dff043f11a45c4e4dbbd9b6 Loading...

	www.mysexymatches.com/js/pushjs/1.0.0/utils.js	7.1 kB	2023-03-07	2024-04-21
Pretty URL www.mysexymatches.com/js/pushjs/1.0.0/utils.js IP 52.17.88.125 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-21 23:30:57 Times Seen4796 Hash 711c7ecda710a342d24faef1dec76ede d1b38489603a2aecc2be5edb4fa4cd8d442fe727 41a5e34d6777a471d63211252ce51555815b728949dc81cec01414f4ffdb98eb Loading...

	moz-extension://94b86a3e-a8f5-4509-b451-a3e524e5069f/shims/firebase.js	2.3 kB	2023-05-05	2024-04-26
Pretty URL moz-extension://94b86a3e-a8f5-4509-b451-a3e524e5069f/shims/firebase.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 23:38:25 Last Seen2024-04-26 19:57:01 Times Seen9701 Hash 32d439c9ec8c789e843ae58b6774681c deb2c661dacf46eb3a1eacbba3e430dcf10cc395 f65e83801e16f98e150ae8843afb4c98c0b3ac0fa7fbe5a5ec687b08119732d6 Loading...

	rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357	16 kB	2023-05-25	2023-05-31
Pretty URL rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357 IP 172.67.164.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-25 18:09:09 Last Seen2023-05-31 10:32:04 Times Seen22 Hash 722185117c72407dadaabd67436a0c53 3b8b56e5c6c02a4fac4274a1a4f43c4a1b0d7ae6 dcdf7ec305b07626514ce2e59002c4bbc001f8f367e4395506cccbc5003fdb0c Loading...

	unknown	103 kB	2023-05-29	2023-05-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-29 12:35:10 Last Seen2023-05-30 12:09:27 Times Seen109 Hash 19678cef80198d8a463db9289f79aef1 45dc8eb1b189024ddb86e06f6bd06b198120e1e6 c979990265d661f6d46410445dba4fd7cb904440e60d67f9454ea6d6db417814 Loading...

	cdn-adef.akamaized.net/landings/277419/1669995966/js/jquery.min.js?1669995966	86 kB	2023-03-07	2024-04-27
Pretty URL cdn-adef.akamaized.net/landings/277419/1669995966/js/jquery.min.js?1669995966 IP 23.36.76.96 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-27 06:25:49 Times Seen384962 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	www.mysexymatches.com/js/pushjs/1.0.0/subscriber.js	9.4 kB	2023-05-23	2023-07-25
Pretty URL www.mysexymatches.com/js/pushjs/1.0.0/subscriber.js IP 52.17.88.125 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-23 13:07:49 Last Seen2023-07-25 20:18:06 Times Seen1187 Hash 9a76092417bab7e2f25aac9bb01c6a91 07158fa1c2bd1f320b4401b1a535430afe66655a 788a5bacebaac190a447e071de8c171e7f8baa55be95df07621b24ea4fb667a2 Loading...

	rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357	844 B	2023-05-10	2024-02-04
Pretty URL rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357 IP 172.67.164.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-10 22:17:03 Last Seen2024-02-04 18:18:02 Times Seen184 Hash da83f3f67e1427b1b2912ec051d442ac 19b98e18b4d7551cb78786195b0ac3f13d44655f d8fefe93838b19fd7c382e7e94adfc981e4176ae5ea94ee2a0a90cfc3ac58d1a Loading...

	rewardarium.com/sandbox%20eval%20code	123 B	2023-05-05	2024-04-26
Pretty URL rewardarium.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 23:38:25 Last Seen2024-04-26 19:57:01 Times Seen7419 Hash 239166f4d1bda569909c9af241098419 ad3987a93224de5c735c7c380daf5bfaecf60ac8 255566913e81e0587539abba68839777480779575271b734e817e7093f4dceec Loading...

	unknown	1.8 kB	2023-03-07	2024-01-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:22 Last Seen2024-01-22 06:10:19 Times Seen1898 Hash f635f3356b851f81cd3544c628a404d7 1e5b2e303492351cb8e8de3c5569d69d005acce4 2d39b7df8163f76195f1f28e837d34a8de00f146db22be3ea3b91c925ea044fd Loading...

	www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js	36 kB	2023-03-07	2024-04-21
Pretty URL www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:22 Last Seen2024-04-21 23:30:58 Times Seen11070 Hash 0cb7a0eb328ea70ab360f861314c8820 e3e20eb50dae36f4cbcef1890b1cc7878acb537a 4569845f7c550a55311814032e88541bd3b4a055ec3894e9cf58c4fff1be91d9 Loading...

	stootsou.net/pfe/current/tag.min.js?z=5776812&ymid=687071612299916065&var=zd_5833048&var3=726858ccd4	15 kB	2023-05-29	2023-05-30
Pretty URL stootsou.net/pfe/current/tag.min.js?z=5776812&ymid=687071612299916065&var=zd_5833048&var3=726858ccd4 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-29 12:35:10 Last Seen2023-05-30 12:09:27 Times Seen92 Hash 83f6e56a3b901fac2707ecccf0965f09 995200921efdbeb113f3ef2673940ddb67ea1c43 cecd92849ee17cc9ac45fca3d6219454f117ad03bbc4c94d76297c482448c0f3 Loading...

	cdn-adef.akamaized.net/landings/277419/1669995966/js/main.js?1669995966	164 kB	2023-03-07	2024-04-21
Pretty URL cdn-adef.akamaized.net/landings/277419/1669995966/js/main.js?1669995966 IP 23.36.76.96 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:20 Last Seen2024-04-21 23:30:57 Times Seen3930 Hash a0f4da40bd81c65d824afc106743d47f 55b2d4c57fdb017314f62ac2fe8a3e287dcadf7f e40e7cc368c897d6a3a5095fae6ccd6d9a3f88af5ef9c590f79b9fd22293ad10 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-MLVPDTJ	152 kB	2023-05-29	2023-05-29
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-MLVPDTJ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-29 14:10:17 Last Seen2023-05-29 22:45:55 Times Seen8 Hash f7072dedb53e96568a10af67ed16e205 ae597976abad4552f9cbcf944dcb06b0e97f0022 d436bdd39b57dd900eb9d31ec680545610a779b4fb5cecac4614995cf7d2cab0 Loading...

	rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357	190 B	2023-05-10	2024-02-04
Pretty URL rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357 IP 172.67.164.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-10 22:17:03 Last Seen2024-02-04 18:18:02 Times Seen184 Hash da008c9bc760ff0122c71b55fc16c512 a07ba07634f6a8f6a937e90b34d8440876396832 30a4bff1b5332bdf1f3c643ba78d60626589944b9f94a6a444ddce76b37cc176 Loading...

	rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357	390 B	2023-05-10	2024-02-04
Pretty URL rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357 IP 172.67.164.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-10 22:17:03 Last Seen2024-02-04 18:18:02 Times Seen184 Hash cbf570f04431e4be78453c93dfc41729 27c7be0bb145ff5f85be32107b1be536983e7356 43649afdd5bdc0df08cdea23986fa0a7b2c1e2da389ec9715fc38b72dc9d1dbf Loading...

	rewardarium.com/00a08dba-48c4-4771-b8cb-32c07d361fe1	21 B	2023-05-02	2024-02-04
Pretty URL rewardarium.com/00a08dba-48c4-4771-b8cb-32c07d361fe1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-02 01:31:34 Last Seen2024-02-04 18:18:02 Times Seen190 Hash b11a16e856ed427b41a1a9b57424ae10 02e2fbdc94b155e6fc7c35f85d2daa6d279dbabe 6aae7759a4341d69e02c86cefdf85f822416a27a9aeb5a758a70a8f8cdea5fba Loading...

	www.googletagmanager.com/gtag/js?id=G-F0JFDXF7TQ	263 kB	2023-05-29	2023-05-29
Pretty URL www.googletagmanager.com/gtag/js?id=G-F0JFDXF7TQ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-29 17:31:21 Last Seen2023-05-29 19:02:03 Times Seen6 Hash 8c6e8a33435c75290b7e60887bb9f13f ea0f7401f5ef953456cbbe35c856b257047bff28 1d9e05f51695de2c4b7e38dc90bbf1505bae6997be464252ff602abdfdbe2a04 Loading...

	tzegilo.com/stattag.js	18 kB	2023-05-22	2023-09-06
Pretty URL tzegilo.com/stattag.js IP 172.64.104.21 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 16:37:35 Last Seen2023-09-06 23:37:01 Times Seen3156 Hash dd2f9f2bb1e1c74b905556d0a7bc5545 0c831c8c56da8167b9e2dfd1d3eb3288348da85d 63f957dde1ae04a83eaff7e442e693725562c4aa1062bc072b7509640ec4f663 Loading...

	www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779	0 B	2023-03-07	2024-04-27
Pretty URL www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779 IP 52.17.88.125 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 06:34:22 Times Seen37112957 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357	329 B	2023-05-10	2024-02-04
Pretty URL rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357 IP 172.67.164.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-10 22:17:03 Last Seen2024-02-04 18:18:02 Times Seen183 Hash 4c9a9cb26ff0be1ae596d884a738ea0a 8c86213c17adb91b4d8b290c5fbf9877e3902ad8 f2a31793286d483a8c1d7d18125cce9604554ecc6f4961fb776749f79f251c81 Loading...

	cdn-adef.akamaized.net/landings/277419/1669995966/js/backoffer.js?1669995966	430 B	2023-03-07	2024-04-26
Pretty URL cdn-adef.akamaized.net/landings/277419/1669995966/js/backoffer.js?1669995966 IP 23.36.76.96 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-04-26 20:18:02 Times Seen5806 Hash 6d5aa83d23ce0b9f72d3b87d000d8fae 034fb8768eb58ffc0b5849e2c162989741a6cbec 89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800 Loading...

	cdn-adef.akamaized.net/landings/277419/1669995966/js/secondofferv2.js?1669995966	1.2 kB	2023-03-07	2024-04-21
Pretty URL cdn-adef.akamaized.net/landings/277419/1669995966/js/secondofferv2.js?1669995966 IP 23.36.76.96 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:20 Last Seen2024-04-21 23:30:57 Times Seen3751 Hash 9bbe216b8e526fd98d219f2b91ccaa57 3f5d1be91ba58b6501c022155fe6778ce82b1663 1c83d2863f746a234e46c5578826ceeb8cbe126bc4c274ca679295441c44b948 Loading...

	www.gstatic.com/firebasejs/5.0.2/firebase-app.js	25 kB	2023-03-07	2024-04-21
Pretty URL www.gstatic.com/firebasejs/5.0.2/firebase-app.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:22 Last Seen2024-04-21 23:30:58 Times Seen10994 Hash 9164d0e8a317eceb870cca88c9683127 4617c910005f7100b4ff26a458a8b4463e33cdc6 15c9bd66992ef54979c981763cae280f28b6845520020ed38b5ab5f3f70f7931 Loading...

	cdntechone.com/stattag.js	18 kB	2023-05-22	2023-09-07
Pretty URL cdntechone.com/stattag.js IP 172.67.149.153 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 16:28:01 Last Seen2023-09-07 08:45:40 Times Seen4488 Hash 0fdff67feab23cc69ecfb6800fc54cb7 eb84c650e6d27e290795207b1f37dd7b67f2aa06 456e420aecd5ac679cc2bcb33daf7c063f54894fd076e99e05c06629234d3378 Loading...

HTTP Transactions (51)

URL IP Response Size

ocsp.sectigo.com/

104.18.14.101

471 B

URL
ocsp.sectigo.com/
IP
104.18.14.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
45c44320445221beacf6cb407a7724b0
6123b952d3ee7cd14358b82305e95c73cba0d906
ce74ba8d47e2cf668b51f8394d3a99e83bf7056e819762e55287712b46a1299b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 29 May 2023 15:31:00 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 29 May 2023 02:07:07 GMT
Expires: Mon, 05 Jun 2023 02:07:06 GMT
Etag: "6123b952d3ee7cd14358b82305e95c73cba0d906"
Cache-Control: max-age=557164,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7cefc829afecb524-OSL

datatechone.com/log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853

139.45.195.253

2 B

URL
datatechone.com/log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP
139.45.195.253:0
ASN
#9002 RETN Limited

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1593
Origin: https://cdntechone.com
DNT: 1
Connection: keep-alive
Referer: https://cdntechone.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 29 May 2023 15:31:00 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://cdntechone.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf41763493034cf0721a38e55b1b3ddc
286ada2e9811dec033e7c630fa0c33a036771ae1
8bb566767ad110bd2452aca59b4190694cce97ab9601de46067d8643efaad86d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 15:31:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=G-F0JFDXF7TQ

142.250.74.168

200 OK

88 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-F0JFDXF7TQ
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT

File type
ASCII text, with very long lines (6408)
Size
88 kB (88261 bytes)
Hash
8c6e8a33435c75290b7e60887bb9f13f
ea0f7401f5ef953456cbbe35c856b257047bff28
1d9e05f51695de2c4b7e38dc90bbf1505bae6997be464252ff602abdfdbe2a04

HTTP Headers

GET /gtag/js?id=G-F0JFDXF7TQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 29 May 2023 15:31:01 GMT
expires: Mon, 29 May 2023 15:31:01 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88261
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf41763493034cf0721a38e55b1b3ddc
286ada2e9811dec033e7c630fa0c33a036771ae1
8bb566767ad110bd2452aca59b4190694cce97ab9601de46067d8643efaad86d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 15:31:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

psaudous.com/4/5776779/?ymid=687071612299916065&var=zd_5833048&var3=726858ccd4

139.45.197.239

200 OK

1.1 kB

URL GET HTTP/2
psaudous.com/4/5776779/?ymid=687071612299916065&var=zd_5833048&var3=726858ccd4
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectpsaudous.com
Fingerprint74:1B:0B:1B:1B:A5:B9:16:B3:8D:1B:39:D1:7D:7D:00:8A:53:AB:D0
ValidityThu, 23 Mar 2023 05:13:48 GMT - Wed, 21 Jun 2023 05:13:47 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
1.1 kB (1122 bytes)
Hash
9629284291a496aca2e6b91dc7986d17
3481b84d7e4c1ef85a8f17b693a5c0802dfd1f62
fa803db275bea06d0f71994e887b4e69c9e818f65874a8913122024bda5f7e34

HTTP Headers

GET /4/5776779/?ymid=687071612299916065&var=zd_5833048&var3=726858ccd4 HTTP/1.1
Host: psaudous.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:01 GMT
content-type: text/html; charset=utf8
x-trace-id: 31678049b49a935f8d5c5fddce833b6a
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://www.mysexymatches.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://xobr219pa.com>; rel="preconnect dns-prefetch"
access-control-allow-credentials: true
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=c3b910da29ce46678da8d47a9e6e64c8; expires=Tue, 28 May 2024 15:31:01 GMT; path=/; secure; SameSite=None
oaidts=1685374261; expires=Tue, 28 May 2024 15:31:01 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, Accept, Content-Type, Content-Length, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

niwooghu.com/400/5776801?ymid=687071612299916065&var=zd_5833048&var3=726858ccd4

139.45.197.237

200 OK

32 kB

URL GET HTTP/2
niwooghu.com/400/5776801?ymid=687071612299916065&var=zd_5833048&var3=726858ccd4
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectniwooghu.com
FingerprintD6:61:D9:C1:16:B4:4D:E5:88:E3:06:BA:A2:09:52:99:B6:CE:9B:CF
ValiditySat, 06 May 2023 05:15:47 GMT - Fri, 04 Aug 2023 05:15:46 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
32 kB (32370 bytes)
Hash
037adbb73337c190bccb65f85db5a1fb
ea47d8cd36628614e14b1037c91bcfc5da950d88
2d9b09a6ae2169e7b9c4f288b68f8d5dc8daad0aacc677f0c2cd0b0ea8dee1f7

HTTP Headers

GET /400/5776801?ymid=687071612299916065&var=zd_5833048&var3=726858ccd4 HTTP/1.1
Host: niwooghu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:01 GMT
content-type: application/javascript
x-trace-id: fd086967c284e6a39e58bddb6040d0a9
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=6c8c5cd4a86747d190aeb33bd6c0a8e6; expires=Tue, 28 May 2024 15:31:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

datatechonert.com/log/add?cid=4fdc95c9-9001-4768-aac8-c1886405d3a9

139.45.195.253

200 OK

12 B

URL POST HTTP/1.1
datatechonert.com/log/add?cid=4fdc95c9-9001-4768-aac8-c1886405d3a9
IP
139.45.195.253:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerSectigo Limited
Subjectdatatechonert.com
Fingerprint6F:17:15:C2:7F:CC:16:6C:9D:C0:AD:C3:EE:DA:69:61:8C:77:0B:5B
ValiditySun, 18 Dec 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=4fdc95c9-9001-4768-aac8-c1886405d3a9 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1465
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 29 May 2023 15:31:01 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://rewardarium.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

my.rtmark.net/img.gif?f=merge&userId=c3b910da29ce46678da8d47a9e6e64c8

139.45.195.8

43 B

URL
my.rtmark.net/img.gif?f=merge&userId=c3b910da29ce46678da8d47a9e6e64c8
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

POST /img.gif?f=merge&userId=c3b910da29ce46678da8d47a9e6e64c8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:01 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c3b910da29ce46678da8d47a9e6e64c8; expires=Tue, 28 May 2024 15:31:01 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint84:56:36:C3:24:DE:FB:F0:E7:EB:EB:9D:C8:B6:28:31:B5:3C:8B:80
ValiditySat, 06 May 2023 08:48:01 GMT - Fri, 04 Aug 2023 08:48:00 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
d68bc0b1d210350ff5721f0a8a023f9f
ecbd8c7d7be449789fa742886648eb19d1fd047d
0ae500d57fb952e1043c52372c1f60d96308aad98c8ead39893f8282787ff384

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Cookie: ID=c3b910da29ce46678da8d47a9e6e64c8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:01 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://rewardarium.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c3b910da29ce46678da8d47a9e6e64c8; expires=Tue, 28 May 2024 15:31:01 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

stootsou.net/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
stootsou.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectstootsou.net
Fingerprint8B:6D:C9:76:36:ED:10:46:55:21:54:23:8C:4E:AC:7D:02:17:DD:7C
ValiditySun, 26 Mar 2023 05:17:40 GMT - Sat, 24 Jun 2023 05:17:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:01 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

stootsou.net/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
stootsou.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectstootsou.net
Fingerprint8B:6D:C9:76:36:ED:10:46:55:21:54:23:8C:4E:AC:7D:02:17:DD:7C
ValiditySun, 26 Mar 2023 05:17:40 GMT - Sat, 24 Jun 2023 05:17:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:01 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

rewardarium.com/sw.js

172.67.164.207

200 OK

2.5 kB

URL GET HTTP/3
rewardarium.com/sw.js
IP
172.67.164.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectrewardarium.com
FingerprintE9:09:05:81:43:DE:42:13:8F:E6:CA:66:34:30:0C:F1:2C:8D:E1:7E
ValidityThu, 06 Apr 2023 14:36:16 GMT - Wed, 05 Jul 2023 14:36:15 GMT

File type
ASCII text, with very long lines (5235)
Size
2.5 kB (2541 bytes)
Hash
809c8f2863e519babd2dc405af277aa0
7a0f43bd8f81ef944627a6d83ced615d0eda962f
ecbb19ecba66133221ec0f3d6db1932b0507cc76f224b175768134f393e2033d

HTTP Headers

GET /sw.js HTTP/1.1
Host: rewardarium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
DNT: 1
Connection: keep-alive
Cookie: _ga_F0JFDXF7TQ=GS1.1.1685374261.1.0.1685374261.0.0.0; _ga=GA1.1.1891579888.1685374261
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 15:31:01 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"ca2bad6cb20023661b53ea682a457ede"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=siXrp5lmyxMZWi%2BsHvosFprxbQJMRVgKcM2XFSGU1Odi0hIoO8jnaQkKMbZBVFe%2F2SKLahHdWGvqbq45bxmTtCzfYffpLrreChsarwd7k%2BB1YhcDGddabpetOW%2B6kS8Y%2Bq4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5229
server: cloudflare
cf-ray: 7cefc830ec8e0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

stootsou.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
stootsou.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectstootsou.net
Fingerprint8B:6D:C9:76:36:ED:10:46:55:21:54:23:8C:4E:AC:7D:02:17:DD:7C
ValiditySun, 26 Mar 2023 05:17:40 GMT - Sat, 24 Jun 2023 05:17:39 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Content-Type: application/json
Content-Length: 567
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:01 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: cf0e6e9e969c320328ce6f5e33b281f6
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

stootsou.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
stootsou.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectstootsou.net
Fingerprint8B:6D:C9:76:36:ED:10:46:55:21:54:23:8C:4E:AC:7D:02:17:DD:7C
ValiditySun, 26 Mar 2023 05:17:40 GMT - Sat, 24 Jun 2023 05:17:39 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Content-Type: application/json
Content-Length: 925
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:01 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 3b978e86d0054b071e1bc9301e85fb28
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:02 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

cdn-adef.akamaized.net/landings/277419/1669995966/js/backoffer.js?1669995966

23.36.76.96

200 OK

430 B

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277419/1669995966/js/backoffer.js?1669995966
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text, with very long lines (430), with no line terminators
Size
430 B (430 bytes)
Hash
6d5aa83d23ce0b9f72d3b87d000d8fae
034fb8768eb58ffc0b5849e2c162989741a6cbec
89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800

HTTP Headers

GET /landings/277419/1669995966/js/backoffer.js?1669995966 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: v1f1Ns7fb7Q4cR2Ntee8ybeaybY18IfPH9BqwE0dAo018VonckiRUPfeBvuUVrbfV7OT2dETY8k=
x-amz-request-id: YXPPYDEP11K3TXZJ
Last-Modified: Fri, 02 Dec 2022 15:46:08 GMT
ETag: "6d5aa83d23ce0b9f72d3b87d000d8fae"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 430
Date: Mon, 29 May 2023 15:31:02 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/277419/1669995966/css/stylesheet.css?1669995966

23.36.76.96

200 OK

1.3 kB

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277419/1669995966/css/stylesheet.css?1669995966
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text
Size
1.3 kB (1266 bytes)
Hash
8196a9f7321975d3b06574de1095f7b8
958b12af03cee5e6b96c7d03493f126a2a3931c8
ac48eeab2289762113d8a1bc82eafa6af17cd70e2fe03bfce3b4fefb29951780

HTTP Headers

GET /landings/277419/1669995966/css/stylesheet.css?1669995966 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 8+Ko1lb4bEGjQFtc0vUOloHz9qE5GWEeW5qyEH/3I1tNo6wyPeMxwj9NR1J0MaoTioNl77ksxwM=
x-amz-request-id: F34EQHW776AA2E3S
Last-Modified: Fri, 02 Dec 2022 15:46:08 GMT
ETag: "8196a9f7321975d3b06574de1095f7b8"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 29 May 2023 15:31:02 GMT
Content-Length: 1266
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/277419/1669995966/js/secondofferv2.js?1669995966

23.36.76.96

200 OK

454 B

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277419/1669995966/js/secondofferv2.js?1669995966
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text
Size
454 B (454 bytes)
Hash
9bbe216b8e526fd98d219f2b91ccaa57
3f5d1be91ba58b6501c022155fe6778ce82b1663
1c83d2863f746a234e46c5578826ceeb8cbe126bc4c274ca679295441c44b948

HTTP Headers

GET /landings/277419/1669995966/js/secondofferv2.js?1669995966 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: xT1VfiD/gDu7mGS2SB+4fEAa7xPf3tUn5q0B+kr1Sn6JzaJm3G2pSjcldU0dUusQrkTB3yljSMc=
x-amz-request-id: YXPMHDVQP0FEF9C8
Last-Modified: Fri, 02 Dec 2022 15:46:09 GMT
ETag: "9bbe216b8e526fd98d219f2b91ccaa57"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 29 May 2023 15:31:02 GMT
Content-Length: 454
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/277419/1669995966/js/MB_push_NEW.js?1669995966

23.36.76.96

200 OK

671 B

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277419/1669995966/js/MB_push_NEW.js?1669995966
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
671 B (671 bytes)
Hash
533a9cb9c41907529c3d603edb25d5d9
222bee472465971cf71bfa210d04136eb765ccc0
45d257677164ebc2c1fd4ff44b4ee5a1ce9c87682f165836a3e38113d1e09eaf

HTTP Headers

GET /landings/277419/1669995966/js/MB_push_NEW.js?1669995966 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: RCvhgqsVseFmfOXEnKcVyncLyjtIYNVqpZ/z9pJWd1fKjKPSySK/XYR9gYQ7bawk+9MXb9U41pw=
x-amz-request-id: 3N3F0T1ZDTHRAQZC
Last-Modified: Fri, 02 Dec 2022 15:46:09 GMT
ETag: "533a9cb9c41907529c3d603edb25d5d9"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 671
Date: Mon, 29 May 2023 15:31:02 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/277419/1669995966/js/jquery.min.js?1669995966

23.36.76.96

200 OK

30 kB

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277419/1669995966/js/jquery.min.js?1669995966
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32065)
Size
30 kB (29855 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /landings/277419/1669995966/js/jquery.min.js?1669995966 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 1tdB4q9dfEQd1bC2mMotNqHRjbCEGQ0QDcnXBc8wgZ/gJd828utRw69oHtptMEmurgXovUOoufU=
x-amz-request-id: 3N39SVF38SJ7N63Y
Last-Modified: Fri, 02 Dec 2022 15:46:08 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 29 May 2023 15:31:02 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

cdn-adef.akamaized.net/landings/277419/1669995966/js/main.js?1669995966

23.36.76.96

200 OK

40 kB

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277419/1669995966/js/main.js?1669995966
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
ASCII text, with very long lines (568), with CRLF line terminators
Size
40 kB (40511 bytes)
Hash
a0f4da40bd81c65d824afc106743d47f
55b2d4c57fdb017314f62ac2fe8a3e287dcadf7f
e40e7cc368c897d6a3a5095fae6ccd6d9a3f88af5ef9c590f79b9fd22293ad10

HTTP Headers

GET /landings/277419/1669995966/js/main.js?1669995966 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: f+QX96vu+ApDvIrT4YH3Pyrk61kjWPQIIMeKbfQF6nz+0w0be+Npchhi1miy2Nc9CT7ymeeejGQ=
x-amz-request-id: 3N3CJF20S2DP1V3Q
Last-Modified: Fri, 02 Dec 2022 15:46:08 GMT
ETag: "a0f4da40bd81c65d824afc106743d47f"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 29 May 2023 15:31:02 GMT
Content-Length: 40511
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
8c71d843aee008d4fcd281149c3b7910
b48b7730f83f710614eacb8e0a8b840364c6e862
4e3c73082360119ddec4f2e49f8973e085019565a1c3e36e286fc0aeddfd982b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Content-Type: application/json
Content-Length: 616
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:02 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 3d5484c397feb1d73988eb031c77d0cb
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

niwooghu.com/500/5776801?excludes=&oaid=c3b910da29ce46678da8d47a9e6e64c8&var=zd_5833048&ymid=687071612299916065&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL OPTIONS HTTP/2
niwooghu.com/500/5776801?excludes=&oaid=c3b910da29ce46678da8d47a9e6e64c8&var=zd_5833048&ymid=687071612299916065&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectniwooghu.com
FingerprintD6:61:D9:C1:16:B4:4D:E5:88:E3:06:BA:A2:09:52:99:B6:CE:9B:CF
ValiditySat, 06 May 2023 05:15:47 GMT - Fri, 04 Aug 2023 05:15:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/5776801?excludes=&oaid=c3b910da29ce46678da8d47a9e6e64c8&var=zd_5833048&ymid=687071612299916065&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: niwooghu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:02 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://rewardarium.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

cdn-adef.akamaized.net/landings/277419/1669995966/images/bg.gif

23.36.76.96

200 OK

3.0 MB

URL GET HTTP/1.1
cdn-adef.akamaized.net/landings/277419/1669995966/images/bg.gif
IP
23.36.76.96:443
ASN
#20940 Akamai International B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT

File type
GIF image data, version 89a, 403 x 655\012- data
Size
3.0 MB (3015268 bytes)
Hash
49a2459c98974c49e78e4838a8a91020
3878cc447715455a199246de7621930bb94c0671
f27c1915d07f59b1040092c6eb696a4e450b3e70ab4988234c9c5911d3b07aef

HTTP Headers

GET /landings/277419/1669995966/images/bg.gif HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-adef.akamaized.net/landings/277419/1669995966/css/stylesheet.css?1669995966
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: dqtHzzMTHxoqMqy5ok0cr6i0XG3miiPWIrtYO3x5nFs+znKJ/KDBo/Xj41Rdn7xfILmb3eKnrE4=
x-amz-request-id: 7P31F2ZV9F2FJ8SM
Last-Modified: Fri, 02 Dec 2022 15:46:08 GMT
ETag: "49a2459c98974c49e78e4838a8a91020"
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 3015268
Date: Mon, 29 May 2023 15:31:02 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"

www.googletagmanager.com/gtm.js?id=GTM-MLVPDTJ

142.250.74.168

200 OK

56 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-MLVPDTJ
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT

File type
ASCII text, with very long lines (4691)
Size
56 kB (55506 bytes)
Hash
f7072dedb53e96568a10af67ed16e205
ae597976abad4552f9cbcf944dcb06b0e97f0022
d436bdd39b57dd900eb9d31ec680545610a779b4fb5cecac4614995cf7d2cab0

HTTP Headers

GET /gtm.js?id=GTM-MLVPDTJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 29 May 2023 15:31:02 GMT
expires: Mon, 29 May 2023 15:31:02 GMT
cache-control: private, max-age=900
last-modified: Mon, 29 May 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 55506
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

offerimage.com/www/images/98ed61d31ada31b21d7863111789ac6a.jpg

104.22.32.172

200 OK

13 kB

URL GET HTTP/2
offerimage.com/www/images/98ed61d31ada31b21d7863111789ac6a.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
13 kB (13438 bytes)
Hash
98ed61d31ada31b21d7863111789ac6a
f0a75b3d6fad9b6922ffc89eb6c947a1de0b409e
1b4a058a3df7d319c4daaf544c6da4278eadb32919ced9b0fc610403ae0e3977

HTTP Headers

GET /www/images/98ed61d31ada31b21d7863111789ac6a.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 May 2023 15:31:02 GMT
content-type: image/jpeg
content-length: 13438
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6426a55c-347e"
expires: Tue, 30 May 2023 12:13:05 GMT
last-modified: Fri, 31 Mar 2023 09:18:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 11877
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefc8344c112d7a-ARN
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e75b43e8a7beaf5ded692008749eb5b0
5f96a142b29fc6ca88b33a9cb5c2c5b4b95b8635
a100d74db29961c793a7254e52dd854c8f85761876369b45073d911be95bab3a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 15:31:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e75b43e8a7beaf5ded692008749eb5b0
5f96a142b29fc6ca88b33a9cb5c2c5b4b95b8635
a100d74db29961c793a7254e52dd854c8f85761876369b45073d911be95bab3a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 15:31:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js

142.250.74.35

200 OK

10 kB

URL GET HTTP/2
www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
ASCII text, with very long lines (35547)
Size
10 kB (10017 bytes)
Hash
0cb7a0eb328ea70ab360f861314c8820
e3e20eb50dae36f4cbcef1890b1cc7878acb537a
4569845f7c550a55311814032e88541bd3b4a055ec3894e9cf58c4fff1be91d9

HTTP Headers

GET /firebasejs/5.0.2/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 21:40:27 GMT
expires: Wed, 22 May 2024 21:40:27 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 10 May 2018 20:35:52 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 496235
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/5.0.2/firebase-app.js

142.250.74.35

200 OK

8.6 kB

URL GET HTTP/2
www.gstatic.com/firebasejs/5.0.2/firebase-app.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
ASCII text, with very long lines (25088)
Size
8.6 kB (8604 bytes)
Hash
9164d0e8a317eceb870cca88c9683127
4617c910005f7100b4ff26a458a8b4463e33cdc6
15c9bd66992ef54979c981763cae280f28b6845520020ed38b5ab5f3f70f7931

HTTP Headers

GET /firebasejs/5.0.2/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 8604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 17:31:35 GMT
expires: Wed, 22 May 2024 17:31:35 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 10 May 2018 20:35:51 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 511167
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

139.45.197.237

200 OK

1.6 kB

URL OPTIONS HTTP/2
niwooghu.com/500/5776801?excludes=&oaid=c3b910da29ce46678da8d47a9e6e64c8&var=zd_5833048&ymid=687071612299916065&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectniwooghu.com
FingerprintD6:61:D9:C1:16:B4:4D:E5:88:E3:06:BA:A2:09:52:99:B6:CE:9B:CF
ValiditySat, 06 May 2023 05:15:47 GMT - Fri, 04 Aug 2023 05:15:46 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
1.6 kB (1571 bytes)
Hash
db32ff7f2912cf34ef7754855c227636
19451b4e5ddf91a7accbe278d23512141ea3af2f
10d065c63420c91bb15fcfc4d8b33ebab621d59346bbea14e97f964ca0c6a8d5

HTTP Headers

GET /500/5776801?excludes=&oaid=c3b910da29ce46678da8d47a9e6e64c8&var=zd_5833048&ymid=687071612299916065&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: niwooghu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Content-Type: application/json
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Cookie: OAID=6c8c5cd4a86747d190aeb33bd6c0a8e6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:02 GMT
content-type: application/javascript
x-trace-id: fc79e11a4311ef6290faf2854d1a2101
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://rewardarium.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=c3b910da29ce46678da8d47a9e6e64c8; expires=Tue, 28 May 2024 15:31:02 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

s.exv6.com/tag.php?goal=bffb3c5e28d21c389b381a46bb5cd6e6&gtmcb=271399252

95.211.229.248

200 OK

20 B

URL GET HTTP/1.1
s.exv6.com/tag.php?goal=bffb3c5e28d21c389b381a46bb5cd6e6&gtmcb=271399252
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Certificate
IssuerLet's Encrypt
Subjectexv6.com
Fingerprint95:DF:82:34:08:E0:F8:A7:24:C5:64:DB:75:CB:C7:E5:8D:E1:4D:6E
ValidityTue, 09 May 2023 12:39:36 GMT - Mon, 07 Aug 2023 12:39:35 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /tag.php?goal=bffb3c5e28d21c389b381a46bb5cd6e6&gtmcb=271399252 HTTP/1.1
Host: s.exv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 29 May 2023 15:31:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A71748%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222023-05-29%22%3B%7D%7D; expires=Tue, 28 May 2024 15:31:02 GMT; path=/; domain=.exv6.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

niwooghu.com/impression/ML26kZTe89gsB1nai-t3p_oyQpHcGX03LBUi_kOW8JgW5mUOq-GSLE_A6lS-MQT0PBFUn5ERYNC2U1tgsaT6ej9ySY8eKMESQuFDeEC3mfnpBRhHIqgNOQrpxn2rPszQmAnCS-gqmtSI0hK2y1Bdd-b_-oxfFqwzvgMepU-CeNYSthe256O7ZkTeJsNtF6Eegdo3t07wvs9FrHSlt1wQb6CJHHrRiA0lth3qS7lnusppuIqWl0x7Rw5gJsABGCIcgvA7h1RHTLC_YLNpMO-Mf8xtrT0oDK6t_eIqqelqBXoyyAXI5p5gAluZ2dzNJPThADQvjufJtv70TXd9lCPg1jOln38I1WSG3VuIGHYoHoyUu7GEVMMD7hvdc9tAGqS_4NJXeQvld4EIcWg_u0iNnWU_oIBU7FJ9T1Ewdvy26pM6YIfjgZOhep-5R8fnrpXjccffZx-BWEZ_kxLtJPWfXtQPVxcLrRQdP10xlXSMJZKDhMizpwrbPWvOOnFebwVHe2z245LAhh6aKkIu98OI5yemtfl8XUxkaU1DJZPyPZL_0z0brj4xdlxGIkHGxuPj5VBeGEmpX2_fl1I6N9KF03jWvZC-0X1GudOT8AvgZ8mFgp2vQBxzeyJhcGs7eZqZ?_z=5776801&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

43 B

URL GET HTTP/2
niwooghu.com/impression/ML26kZTe89gsB1nai-t3p_oyQpHcGX03LBUi_kOW8JgW5mUOq-GSLE_A6lS-MQT0PBFUn5ERYNC2U1tgsaT6ej9ySY8eKMESQuFDeEC3mfnpBRhHIqgNOQrpxn2rPszQmAnCS-gqmtSI0hK2y1Bdd-b_-oxfFqwzvgMepU-CeNYSthe256O7ZkTeJsNtF6Eegdo3t07wvs9FrHSlt1wQb6CJHHrRiA0lth3qS7lnusppuIqWl0x7Rw5gJsABGCIcgvA7h1RHTLC_YLNpMO-Mf8xtrT0oDK6t_eIqqelqBXoyyAXI5p5gAluZ2dzNJPThADQvjufJtv70TXd9lCPg1jOln38I1WSG3VuIGHYoHoyUu7GEVMMD7hvdc9tAGqS_4NJXeQvld4EIcWg_u0iNnWU_oIBU7FJ9T1Ewdvy26pM6YIfjgZOhep-5R8fnrpXjccffZx-BWEZ_kxLtJPWfXtQPVxcLrRQdP10xlXSMJZKDhMizpwrbPWvOOnFebwVHe2z245LAhh6aKkIu98OI5yemtfl8XUxkaU1DJZPyPZL_0z0brj4xdlxGIkHGxuPj5VBeGEmpX2_fl1I6N9KF03jWvZC-0X1GudOT8AvgZ8mFgp2vQBxzeyJhcGs7eZqZ?_z=5776801&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectniwooghu.com
FingerprintD6:61:D9:C1:16:B4:4D:E5:88:E3:06:BA:A2:09:52:99:B6:CE:9B:CF
ValiditySat, 06 May 2023 05:15:47 GMT - Fri, 04 Aug 2023 05:15:46 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/ML26kZTe89gsB1nai-t3p_oyQpHcGX03LBUi_kOW8JgW5mUOq-GSLE_A6lS-MQT0PBFUn5ERYNC2U1tgsaT6ej9ySY8eKMESQuFDeEC3mfnpBRhHIqgNOQrpxn2rPszQmAnCS-gqmtSI0hK2y1Bdd-b_-oxfFqwzvgMepU-CeNYSthe256O7ZkTeJsNtF6Eegdo3t07wvs9FrHSlt1wQb6CJHHrRiA0lth3qS7lnusppuIqWl0x7Rw5gJsABGCIcgvA7h1RHTLC_YLNpMO-Mf8xtrT0oDK6t_eIqqelqBXoyyAXI5p5gAluZ2dzNJPThADQvjufJtv70TXd9lCPg1jOln38I1WSG3VuIGHYoHoyUu7GEVMMD7hvdc9tAGqS_4NJXeQvld4EIcWg_u0iNnWU_oIBU7FJ9T1Ewdvy26pM6YIfjgZOhep-5R8fnrpXjccffZx-BWEZ_kxLtJPWfXtQPVxcLrRQdP10xlXSMJZKDhMizpwrbPWvOOnFebwVHe2z245LAhh6aKkIu98OI5yemtfl8XUxkaU1DJZPyPZL_0z0brj4xdlxGIkHGxuPj5VBeGEmpX2_fl1I6N9KF03jWvZC-0X1GudOT8AvgZ8mFgp2vQBxzeyJhcGs7eZqZ?_z=5776801&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: niwooghu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Cookie: OAID=c3b910da29ce46678da8d47a9e6e64c8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:03 GMT
content-type: image/gif
content-length: 43
x-trace-id: 75209d22399618391e1978acd2448ea8
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

niwooghu.com/500/5776801?excludes=17520735&oaid=c3b910da29ce46678da8d47a9e6e64c8&var=zd_5833048&ymid=687071612299916065&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL OPTIONS HTTP/2
niwooghu.com/500/5776801?excludes=17520735&oaid=c3b910da29ce46678da8d47a9e6e64c8&var=zd_5833048&ymid=687071612299916065&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectniwooghu.com
FingerprintD6:61:D9:C1:16:B4:4D:E5:88:E3:06:BA:A2:09:52:99:B6:CE:9B:CF
ValiditySat, 06 May 2023 05:15:47 GMT - Fri, 04 Aug 2023 05:15:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/5776801?excludes=17520735&oaid=c3b910da29ce46678da8d47a9e6e64c8&var=zd_5833048&ymid=687071612299916065&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: niwooghu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:03 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://rewardarium.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/61e3e972c08bdf71568f820339ae5633.jpg

104.22.32.172

200 OK

14 kB

URL GET HTTP/2
offerimage.com/www/images/61e3e972c08bdf71568f820339ae5633.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
14 kB (14137 bytes)
Hash
61e3e972c08bdf71568f820339ae5633
62c5aa78c334ea2de454f1062468d390ca910b2e
120363ce44c7034d0080dfe237c7ff77cd6a727d6f2451c54727a73c3425c2c2

HTTP Headers

GET /www/images/61e3e972c08bdf71568f820339ae5633.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 29 May 2023 15:31:04 GMT
content-type: image/jpeg
content-length: 14137
cache-control: max-age=86400
cf-bgj: h2pri
etag: "64663d6c-3739"
expires: Mon, 29 May 2023 16:23:15 GMT
last-modified: Thu, 18 May 2023 14:59:56 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 83269
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefc83e0ccd2d7a-ARN
X-Firefox-Spdy: h2

offerimage.com/www/images/98ed61d31ada31b21d7863111789ac6a.jpg

104.22.32.172

200 OK

13 kB

URL GET HTTP/2
offerimage.com/www/images/98ed61d31ada31b21d7863111789ac6a.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
13 kB (13438 bytes)
Hash
98ed61d31ada31b21d7863111789ac6a
f0a75b3d6fad9b6922ffc89eb6c947a1de0b409e
1b4a058a3df7d319c4daaf544c6da4278eadb32919ced9b0fc610403ae0e3977

HTTP Headers

GET /www/images/98ed61d31ada31b21d7863111789ac6a.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 29 May 2023 15:31:04 GMT
content-type: image/jpeg
content-length: 13438
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6426a55c-347e"
expires: Tue, 30 May 2023 12:13:05 GMT
last-modified: Fri, 31 Mar 2023 09:18:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 11879
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefc83e6d3d2d7a-ARN
X-Firefox-Spdy: h2

niwooghu.com/impression/xVz9FIw7cgw36AywNaHYdfG9KGa-jstfOpl8k0PIb6krtaRoz9UGIRPoUPKprVUWgB_WRQJiP0fRE0Ap9w6u9CDRzkMMHw8b0Xa9zlz_k9VSaoJAILPNlZcgLzkL9xs0-UOF3VVw3KNAXaRg-FfGdrq2NJ3vKWklU5XmlTUtgZVO7fdoWwyto1feqnQinjFAdbLJtX9hcbJAvNPZyEVgOcSnRs7ks2WSdbTTsjsuIsdXrb-WzHelHyKLp1KNW78_5AJ5s5cVrocK9msxjamJ3PlDgZ3ft5fNWhv9G5vLTPutGJjOsfW26Xb6w8KbQNhvKO9fxGMSJPc4_GKgU3RyNU-5yR48-lk_CU1nGuNOvsyTmlz2okXta_IyozIRxTuox1t4NEgXWX1EDDZii0o_KTH3rEre96d77_f99PCjPImJYd0qipcnCEjDKLtWSmqHovr5ED-qvejIaEbAFOM73dfH7j2nz8W2MHOyhkWmKvct5eBs5n0dVs2c3-qMFVnq_4DiBXsKpkIGYHxjsobpklYDh2jm3SpwEfEk7VJ01DZ4UBh5Bq1MFRKsbBVhFmKJElsHg5eio-slII3zh7Evl7UCS5d1ZYInwaeJiNM34qspcnofbhkPqq7_hKFSX4Qd?_z=5776801&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

43 B

URL GET HTTP/2
niwooghu.com/impression/xVz9FIw7cgw36AywNaHYdfG9KGa-jstfOpl8k0PIb6krtaRoz9UGIRPoUPKprVUWgB_WRQJiP0fRE0Ap9w6u9CDRzkMMHw8b0Xa9zlz_k9VSaoJAILPNlZcgLzkL9xs0-UOF3VVw3KNAXaRg-FfGdrq2NJ3vKWklU5XmlTUtgZVO7fdoWwyto1feqnQinjFAdbLJtX9hcbJAvNPZyEVgOcSnRs7ks2WSdbTTsjsuIsdXrb-WzHelHyKLp1KNW78_5AJ5s5cVrocK9msxjamJ3PlDgZ3ft5fNWhv9G5vLTPutGJjOsfW26Xb6w8KbQNhvKO9fxGMSJPc4_GKgU3RyNU-5yR48-lk_CU1nGuNOvsyTmlz2okXta_IyozIRxTuox1t4NEgXWX1EDDZii0o_KTH3rEre96d77_f99PCjPImJYd0qipcnCEjDKLtWSmqHovr5ED-qvejIaEbAFOM73dfH7j2nz8W2MHOyhkWmKvct5eBs5n0dVs2c3-qMFVnq_4DiBXsKpkIGYHxjsobpklYDh2jm3SpwEfEk7VJ01DZ4UBh5Bq1MFRKsbBVhFmKJElsHg5eio-slII3zh7Evl7UCS5d1ZYInwaeJiNM34qspcnofbhkPqq7_hKFSX4Qd?_z=5776801&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectniwooghu.com
FingerprintD6:61:D9:C1:16:B4:4D:E5:88:E3:06:BA:A2:09:52:99:B6:CE:9B:CF
ValiditySat, 06 May 2023 05:15:47 GMT - Fri, 04 Aug 2023 05:15:46 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/xVz9FIw7cgw36AywNaHYdfG9KGa-jstfOpl8k0PIb6krtaRoz9UGIRPoUPKprVUWgB_WRQJiP0fRE0Ap9w6u9CDRzkMMHw8b0Xa9zlz_k9VSaoJAILPNlZcgLzkL9xs0-UOF3VVw3KNAXaRg-FfGdrq2NJ3vKWklU5XmlTUtgZVO7fdoWwyto1feqnQinjFAdbLJtX9hcbJAvNPZyEVgOcSnRs7ks2WSdbTTsjsuIsdXrb-WzHelHyKLp1KNW78_5AJ5s5cVrocK9msxjamJ3PlDgZ3ft5fNWhv9G5vLTPutGJjOsfW26Xb6w8KbQNhvKO9fxGMSJPc4_GKgU3RyNU-5yR48-lk_CU1nGuNOvsyTmlz2okXta_IyozIRxTuox1t4NEgXWX1EDDZii0o_KTH3rEre96d77_f99PCjPImJYd0qipcnCEjDKLtWSmqHovr5ED-qvejIaEbAFOM73dfH7j2nz8W2MHOyhkWmKvct5eBs5n0dVs2c3-qMFVnq_4DiBXsKpkIGYHxjsobpklYDh2jm3SpwEfEk7VJ01DZ4UBh5Bq1MFRKsbBVhFmKJElsHg5eio-slII3zh7Evl7UCS5d1ZYInwaeJiNM34qspcnofbhkPqq7_hKFSX4Qd?_z=5776801&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Frewardarium.com%2F%3Fvar%3Dzd_5833048%26ar%3D1%26pb%3D3%26ymid%3D687071612299916065%26source%3D726858ccd4%26ret%3Dnull%26acb%3Dproxy%26axcusid2%3DSweepstakes%26axadvid%3D3599371%26axcamid%3D9357&drf=https%3A%2F%2Fcdntechone.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: niwooghu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Cookie: OAID=c3b910da29ce46678da8d47a9e6e64c8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:06 GMT
content-type: image/gif
content-length: 43
x-trace-id: abf9545d6c777278a14f7c3fb6dda87d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/61e3e972c08bdf71568f820339ae5633.jpg

104.22.32.172

200 OK

14 kB

URL GET HTTP/2
offerimage.com/www/images/61e3e972c08bdf71568f820339ae5633.jpg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
14 kB (14137 bytes)
Hash
61e3e972c08bdf71568f820339ae5633
62c5aa78c334ea2de454f1062468d390ca910b2e
120363ce44c7034d0080dfe237c7ff77cd6a727d6f2451c54727a73c3425c2c2

HTTP Headers

GET /www/images/61e3e972c08bdf71568f820339ae5633.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 29 May 2023 15:31:07 GMT
content-type: image/jpeg
content-length: 14137
cache-control: max-age=86400
cf-bgj: h2pri
etag: "64663d6c-3739"
expires: Mon, 29 May 2023 16:23:15 GMT
last-modified: Thu, 18 May 2023 14:59:56 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 83272
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefc8511b842d7a-ARN
X-Firefox-Spdy: h2

www.mysexymatches.com/js/pushjs/1.0.0/utils.js

52.17.88.125

200 OK

7.1 kB

URL GET HTTP/2
www.mysexymatches.com/js/pushjs/1.0.0/utils.js
IP
52.17.88.125:443
ASN
#16509 AMAZON-02

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Certificate
IssuerLet's Encrypt
Subject*.mysexymatches.com
Fingerprint7D:35:18:C7:41:6B:DC:68:1E:F2:FB:E0:71:F3:96:D3:FE:1A:B7:7C
ValiditySat, 20 May 2023 00:31:45 GMT - Fri, 18 Aug 2023 00:31:44 GMT

File type
C source, ASCII text, with very long lines (7334), with no line terminators
Size
7.1 kB (7071 bytes)
Hash
7df62062a027cd25d5a179c520f38668
0ddaa8cd9090908d987e0299cef74fbf7f118738
cdf93aff990bae251f609ef00d7d2bdbb56a35f003c7184ba067b5948629faa3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/pushjs/1.0.0/utils.js HTTP/1.1
Host: www.mysexymatches.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Cookie: unique_id=6474c535000f4917; unique_id2=6474c535000f5110; 6474c535000f5110_sl=[277419]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:02 GMT
content-type: application/javascript
expires: Mon, 05 Jun 2023 15:31:02 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2

www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779

52.17.88.125

200 OK

4.4 kB

URL GET HTTP/2
www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
IP
52.17.88.125:443
ASN
#16509 AMAZON-02

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subject*.mysexymatches.com
Fingerprint7D:35:18:C7:41:6B:DC:68:1E:F2:FB:E0:71:F3:96:D3:FE:1A:B7:7C
ValiditySat, 20 May 2023 00:31:45 GMT - Fri, 18 Aug 2023 00:31:44 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4478), with no line terminators
Size
4.4 kB (4372 bytes)
Hash
0d94da902ba01cbb85a57497ce374e81
7ccc5e2b7c0fab258e3131e8d438e8a96c96bf73
4de3f83413e8a697056fb187d1a9616dc2e47c5149f8d0c5336362e3dafb627b

HTTP Headers

GET /c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779 HTTP/1.1
Host: www.mysexymatches.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:01 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_id=6474c535000f4917; Path=/; Expires=Fri, 28 Jul 2023 15:31:01 GMT; Secure; SameSite=None
unique_id2=6474c535000f5110; Path=/; Expires=Sun, 27 Aug 2023 15:31:01 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Mon, 29 May 2023 15:31:01 GMT; Secure; SameSite=None
6474c535000f5110_sl=[277419]; Path=/; Expires=Mon, 12 Jun 2023 15:31:01 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

www.mysexymatches.com/js/pushjs/1.0.0/subscriber.js

52.17.88.125

200 OK

9.4 kB

URL GET HTTP/2
www.mysexymatches.com/js/pushjs/1.0.0/subscriber.js
IP
52.17.88.125:443
ASN
#16509 AMAZON-02

Requested by
https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Certificate
IssuerLet's Encrypt
Subject*.mysexymatches.com
Fingerprint7D:35:18:C7:41:6B:DC:68:1E:F2:FB:E0:71:F3:96:D3:FE:1A:B7:7C
ValiditySat, 20 May 2023 00:31:45 GMT - Fri, 18 Aug 2023 00:31:44 GMT

File type
C source text\012- troff or preprocessor input, ASCII text, with very long lines (9653), with no line terminators
Size
9.4 kB (9389 bytes)
Hash
84b622eb79d84a20b4fb5d3e2e122e2a
73eb77325e2b070e36f393eb4db66fa5af549ac6
514e603036c84a1e1afbc3b0eb748362dbd294f6af16bf88637d7b27f7a224dc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/pushjs/1.0.0/subscriber.js HTTP/1.1
Host: www.mysexymatches.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mysexymatches.com/c/9fa1e2ea536c4871?s1=181_6420036_cfa_web_NO_pop&s2=16086902&s3=5776779
Cookie: unique_id=6474c535000f4917; unique_id2=6474c535000f5110; 6474c535000f5110_sl=[277419]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:02 GMT
content-type: application/javascript
expires: Mon, 05 Jun 2023 15:31:02 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2

stootsou.net/pfe/current/tag.min.js?z=5776812&ymid=687071612299916065&var=zd_5833048&var3=726858ccd4

139.45.197.250

200 OK

15 kB

URL GET HTTP/2
stootsou.net/pfe/current/tag.min.js?z=5776812&ymid=687071612299916065&var=zd_5833048&var3=726858ccd4
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectstootsou.net
Fingerprint8B:6D:C9:76:36:ED:10:46:55:21:54:23:8C:4E:AC:7D:02:17:DD:7C
ValiditySun, 26 Mar 2023 05:17:40 GMT - Sat, 24 Jun 2023 05:17:39 GMT

File type
C source, ASCII text, with very long lines (14679), with no line terminators
Size
15 kB (14679 bytes)
Hash
83f6e56a3b901fac2707ecccf0965f09
995200921efdbeb113f3ef2673940ddb67ea1c43
cecd92849ee17cc9ac45fca3d6219454f117ad03bbc4c94d76297c482448c0f3

HTTP Headers

GET /pfe/current/tag.min.js?z=5776812&ymid=687071612299916065&var=zd_5833048&var3=726858ccd4 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:01 GMT
content-type: application/javascript
last-modified: Mon, 29 May 2023 10:02:24 GMT
etag: W/"64747830-3957"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

rewardarium.com/lightning.svg

172.67.164.207

200 OK

558 B

URL GET HTTP/3
rewardarium.com/lightning.svg
IP
172.67.164.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectrewardarium.com
FingerprintE9:09:05:81:43:DE:42:13:8F:E6:CA:66:34:30:0C:F1:2C:8D:E1:7E
ValidityThu, 06 Apr 2023 14:36:16 GMT - Wed, 05 Jul 2023 14:36:15 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (603), with no line terminators
Size
558 B (558 bytes)
Hash
9c0ef0f4019464092e924742904d75ea
33ed4dae960a9bfc33b63882d39e47ec431ec46d
2b810d0b2fb0339bca96276a4646b209804b992d8dbffb6e0d62651e48d97e83

HTTP Headers

GET /lightning.svg HTTP/1.1
Host: rewardarium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 15:31:01 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"9cbec3ef22e57179a0901d90b7b6e2fd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qpQpBOFvDdK%2BoTU1VOGw4MJcVcW0ADzCZvxq6lrZXi3NbUQshNi8Ws0G2vDf%2BzSYkZtmHSOJbpZLXlM2I%2BE7FLYkXA9q6a%2FwLIaKpiW7R2fhsJ%2B25gwQKXTzbxRad997NKJGXrmiqMxerEFWjZg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5978
server: cloudflare
cf-ray: 7cefc82bdefd0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

rewardarium.com/favicon.ico

172.67.164.207

200 OK

27 kB

URL GET HTTP/3
rewardarium.com/favicon.ico
IP
172.67.164.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectrewardarium.com
FingerprintE9:09:05:81:43:DE:42:13:8F:E6:CA:66:34:30:0C:F1:2C:8D:E1:7E
ValidityThu, 06 Apr 2023 14:36:16 GMT - Wed, 05 Jul 2023 14:36:15 GMT

File type

Size
27 kB (27236 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rewardarium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
DNT: 1
Connection: keep-alive
Cookie: _ga_F0JFDXF7TQ=GS1.1.1685374261.1.0.1685374261.0.0.0; _ga=GA1.1.1891579888.1685374261
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 15:31:01 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JWjAmVeHwn4Czg3HCHqQHP8ngGMv8ZiC4prkF2gxFoxzjTaX0u0UxEL3sHersztr7FMzUnSuZkjjOKdOnK2WUhD0gm5IUL%2FHa4kJLHBeRmcER85dkKdJHtLbNWpurRFE%2FnI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 4478
server: cloudflare
cf-ray: 7cefc8302b820b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357

172.67.164.207

200 OK

27 kB

URL User Request GET HTTP/2
rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
IP
172.67.164.207:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectrewardarium.com
FingerprintE9:09:05:81:43:DE:42:13:8F:E6:CA:66:34:30:0C:F1:2C:8D:E1:7E
ValidityThu, 06 Apr 2023 14:36:16 GMT - Wed, 05 Jul 2023 14:36:15 GMT

File type

Size
27 kB (27236 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357 HTTP/1.1
Host: rewardarium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdntechone.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 May 2023 15:31:00 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1lm6%2BEQTtEJsV%2FdqRrWxBikNgSQngPiZmYGvP9tGWTjd55gUiKdRLKQvVZ803EaaBFEmBErhd2W1sd5qB38T%2BIopEZY29N0ms8itXDduYarIdr6TaEqeCojZ%2FncjLi%2BfKcY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cefc82afbe3fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

stootsou.net/zone?pub=0&zone_id=5776812&is_mobile=false&domain=rewardarium.com&var=zd_5833048&ymid=687071612299916065&var_3=

139.45.197.250

200 OK

880 B

URL GET HTTP/2
stootsou.net/zone?pub=0&zone_id=5776812&is_mobile=false&domain=rewardarium.com&var=zd_5833048&ymid=687071612299916065&var_3=
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectstootsou.net
Fingerprint8B:6D:C9:76:36:ED:10:46:55:21:54:23:8C:4E:AC:7D:02:17:DD:7C
ValiditySun, 26 Mar 2023 05:17:40 GMT - Sat, 24 Jun 2023 05:17:39 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (977), with no line terminators
Size
880 B (880 bytes)
Hash
68a6d61d9ff42278711c88fd618e29d4
1f04e419443be2c8873674f409c2d4bea56f3b65
4c3d0bfc5902fe0f38cea1f82026458bad06ef57145999a5ddd6c0e23e33d5b9

HTTP Headers

GET /zone?pub=0&zone_id=5776812&is_mobile=false&domain=rewardarium.com&var=zd_5833048&ymid=687071612299916065&var_3= HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:01 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: b1be20b99d8e33cd0b55ddb13c0a757e
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

cdntechone.com/stattag.js

172.67.149.153

200 OK

18 kB

URL GET HTTP/2
cdntechone.com/stattag.js
IP
172.67.149.153:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint22:B1:48:87:A8:EF:B2:9B:65:EB:D6:C6:FD:8D:EF:A7:A7:DE:52:29
ValidityThu, 26 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (17871)
Size
18 kB (18521 bytes)
Hash
0fdff67feab23cc69ecfb6800fc54cb7
eb84c650e6d27e290795207b1f37dd7b67f2aa06
456e420aecd5ac679cc2bcb33daf7c063f54894fd076e99e05c06629234d3378

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 May 2023 15:31:01 GMT
content-type: application/javascript
last-modified: Fri, 19 May 2023 08:43:53 GMT
etag: W/"646736c9-4859"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5398
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F0nDVVL0q98TPfI%2BBHeWraF3EAgm48KJ%2BUZaxsOVRust%2Brrvga9FJIHIt3NAE0hBf%2FewBzCoVEYDf6ly0q8SbHdusOctvCzIoR8QIOzFXInW6P2wQOr7%2B6MMCT5d4OPmKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefc82c4ec70b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

172.64.104.21

200 OK

18 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
172.64.104.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerGoogle Trust Services LLC
Subject*.tzegilo.com
FingerprintDF:12:8C:B5:F2:22:D6:BE:72:F3:C6:9A:FA:DD:9E:1F:4E:58:63:1E
ValidityTue, 11 Apr 2023 10:11:54 GMT - Mon, 10 Jul 2023 10:11:53 GMT

File type
ASCII text, with very long lines (17479), with no line terminators
Size
18 kB (17479 bytes)
Hash
dd2f9f2bb1e1c74b905556d0a7bc5545
0c831c8c56da8167b9e2dfd1d3eb3288348da85d
63f957dde1ae04a83eaff7e442e693725562c4aa1062bc072b7509640ec4f663

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 May 2023 15:31:01 GMT
content-type: application/javascript
last-modified: Fri, 19 May 2023 08:43:59 GMT
etag: W/"646736cf-4447"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 241
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2BMvkrFJjDUQdUvefZN%2BP%2FIr%2Bfm9kX8374PE5006xm%2Bo8L%2BtcjMmPopN4%2BLFYchsU41EoitFGHpUw8saSALogeLUUntEzeKlQR9236SwdE9x50%2FluQ814rNRHv9Yrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cefc82fdb747320-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

stootsou.net/pfe/current/universal.min.js?v=3.1.435

139.45.197.250

200 OK

103 kB

URL GET HTTP/2
stootsou.net/pfe/current/universal.min.js?v=3.1.435
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerLet's Encrypt
Subjectstootsou.net
Fingerprint8B:6D:C9:76:36:ED:10:46:55:21:54:23:8C:4E:AC:7D:02:17:DD:7C
ValiditySun, 26 Mar 2023 05:17:40 GMT - Sat, 24 Jun 2023 05:17:39 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
103 kB (103271 bytes)
Hash
19678cef80198d8a463db9289f79aef1
45dc8eb1b189024ddb86e06f6bd06b198120e1e6
c979990265d661f6d46410445dba4fd7cb904440e60d67f9454ea6d6db417814

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.435 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 15:31:01 GMT
content-type: application/javascript
last-modified: Mon, 29 May 2023 10:02:24 GMT
etag: W/"64747830-19367"
access-control-allow-origin: https://rewardarium.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

i.th61.com/watch?zone=5776779&var=zd_5833048&ymid=687071612299916065&s=3

172.67.146.173

200 OK

0 B

URL POST HTTP/2
i.th61.com/watch?zone=5776779&var=zd_5833048&ymid=687071612299916065&s=3
IP
172.67.146.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rewardarium.com/?var=zd_5833048&ar=1&pb=3&ymid=687071612299916065&source=726858ccd4&ret=null&acb=proxy&axcusid2=Sweepstakes&axadvid=3599371&axcamid=9357
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint80:B8:25:47:ED:82:D4:A7:46:25:E7:D0:EF:21:B6:EE:31:E1:D5:63
ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /watch?zone=5776779&var=zd_5833048&ymid=687071612299916065&s=3 HTTP/1.1
Host: i.th61.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rewardarium.com/
Origin: https://rewardarium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
date: Mon, 29 May 2023 15:31:01 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tfW7yObDxIm9N1AlcwPDOG1zNu8N%2B6Y0g42Ul94weta30YvdS7CFwNSiuGvdJR7pf%2By6kYcpSI5ypRLM6XusaIDoYbTCHC50Mw0t7pK18TdIrOCQDLTcXG6F8zeq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cefc82c2bf00b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL