Report - ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7

Report Overview

Submitted URL
ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
IP
172.67.219.147
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-02 14:08:56
Access
public
Website Title
(1) المكافأة متاحة!
Final URL
ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7#
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
backunder.com	unknown	2022-12-13	2022-12-14	2024-03-31	394 B	1.7 kB	172.67.169.6
ribhek.com	unknown	unknown	No data	No data	11 kB	440 kB	172.67.219.147
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-01	1.1 kB	1.9 kB	139.45.195.8
bujerdaz.com	unknown	2022-10-03	2022-10-03	2024-02-25	1.0 kB	16 kB	139.45.197.250
jouteetu.net	260109	2021-07-08	2021-07-15	2024-04-30	868 B	1.3 kB	139.45.197.251
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-05-02	987 B	1.1 kB	139.45.197.250

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-02	medium	bujerdaz.com	Sinkholed
2024-05-02	medium	bujerdaz.com	Sinkholed
2024-05-02	medium	amunfezanttor.com	Sinkholed
2024-05-02	medium	amunfezanttor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	Size	First Seen	Last Seen
	ribhek.com/ar/spinwhel-iq2/js/bioep.min.js	5.3 kB	2023-03-07	2024-05-11
Pretty URL ribhek.com/ar/spinwhel-iq2/js/bioep.min.js IP 172.67.219.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:55 Last Seen2024-05-11 20:22:10 Times Seen791 Hash b4be5a852fefdae43b355f2c154e3d65 d5a07889208ed421085aa023485bec0a133e10fc 325981e28cde77631c69c478b3c5e84e7284218b0659284217f80e9766381641 Loading...

	ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7#	244 B	2024-01-26	2024-05-11
Pretty URL ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-26 18:05:40 Last Seen2024-05-11 20:22:10 Times Seen97 Hash 19596257c78a3231bd3b1453f93169c5 6c85d256c5bd39f1ec2577f6276ca1a2647daed9 214fe758d0d9ee5aafdbec9358d5ed21897ba3f3c1f850c92afad81936491207 Loading...

	ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7#	47 B	2023-03-07	2024-05-11
Pretty URL ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:51:24 Last Seen2024-05-11 20:22:10 Times Seen850 Hash d48b742a8126a08d750fa1b377ed188f 6300ca7e01b65a15584093e084602307cbc5b6d7 e6b723e6819663edf262d46ece768a8ecedb47e6f691ee4671e78e7d5713a7a0 Loading...

	ribhek.com/ar/spinwhel-iq2/js/jquery.min.js	87 kB	2023-03-07	2024-05-15
Pretty URL ribhek.com/ar/spinwhel-iq2/js/jquery.min.js IP 172.67.219.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-05-15 16:46:04 Times Seen2963 Hash 24f2e59beae1680f19632d9c1b89d730 b3a77b35c4809324ab79e64d40c4ee391234e008 39646863a414e0a84920b3a8639c0f3e8c94535e8dc051b42b485a068dc2902f Loading...

	ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7#	169 B	2024-01-26	2024-05-11
Pretty URL ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-26 18:05:41 Last Seen2024-05-11 20:22:10 Times Seen97 Hash d7f23ed64ef6ca9fe27cf6f7ba0a390c 19ae77a24c1440f33069a5c14853835d2729c7bf 03930a1833374d42df99faccb6dbb8267ea0ef515b824a25d293a738011c81c9 Loading...

	ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7#	497 B	2024-04-18	2024-05-11
Pretty URL ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 10:03:00 Last Seen2024-05-11 20:22:10 Times Seen41 Hash d1da1025596639030bc7d4c1073315cf 38a98819149dbdacc76b8ca62fe32d1ec978a55b 310c0c808877dcada2822b04b51ec722a42adcfa7ed9c0ce3775f32a4738d130 Loading...

	ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7#	424 B	2023-03-08	2024-05-11
Pretty URL ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 06:59:33 Last Seen2024-05-11 20:22:10 Times Seen759 Hash a102885e8b625d589175ec4ae066ca78 83d15b7f26bcb6cd8d9a333370714a07b6171e46 25eab42f224eac7a3dcde5347408bd37a2766651363c7ff923adde69a0fb58bc Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc	697 B	2023-09-16	2024-05-11
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 06:08:32 Last Seen2024-05-11 20:22:10 Times Seen675 Hash 9f449dd93aff5d19981521dc1718011e 704d0f2cef85ba5c7f36a9ba707b9116b88ff8f5 78a9e77051816292528bde89251006ecd6c3f563218f4d78217df175b2883029 Loading...

	ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7#	272 B	2023-03-08	2024-05-11
Pretty URL ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 06:59:33 Last Seen2024-05-11 20:22:10 Times Seen768 Hash 0c2bbc796c2132a49e24010e984990a3 271e9238fdd0b165701351225b0420f2c67435f8 74f12c01536bababfdf62a4bca9b912bf952923dc0bbaf904c4efcdf19b91d3f Loading...

	unknown	30 B	2023-04-10	2024-05-11
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 16:01:16 Last Seen2024-05-11 20:22:10 Times Seen1254 Hash 06cebcd37b089928232e6b67fd61c4a6 3531ee80345a4ba30d2f7dfea5450fdebcebda48 4211f10262715fdc749cd6a7732702821f89922042dc3f9ccdd80a1dc2da6b4c Loading...

	ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7#	168 B	2023-03-07	2024-05-11
Pretty URL ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:27 Last Seen2024-05-11 20:22:10 Times Seen1210 Hash 358a88f8d096f927e095e6182e6c875d c35c37cc80ba3929d8d4e045a2282c5f39ac6c00 9cae33187c5d941447410b80ff22429d03297dfc2bbc149546f70bc19724525a Loading...

	ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7#	168 B	2023-03-07	2024-05-11
Pretty URL ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:27 Last Seen2024-05-11 20:22:10 Times Seen1209 Hash 25a637ab7e8911baf488da8be4e1b905 93e5992bc39ab55d39557de79cdf1c1d8cf8d7de 5916a6e296bd31a4066725850e0a361f132dcb26fa2f0a7397f6ccb38569e675 Loading...

	ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7#	48 B	2023-03-07	2024-05-11
Pretty URL ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:27 Last Seen2024-05-11 20:22:10 Times Seen1210 Hash e0e85b06d67335c7ee1446615958d231 b65b4fc00127903ae221747d09e12318a87deac3 1d619e571a4a453367553ee865cc84096a01dbc6f70216e929f5739d58230d3e Loading...

	backunder.com/script.js	911 B	2023-03-13	2024-05-17
Pretty URL backunder.com/script.js IP 172.67.169.6 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:39:15 Last Seen2024-05-17 12:48:19 Times Seen2415 Hash 87431f5c53069a8fd36f6efee29a514f 08296a974e36b3c9c9eb2a853658fbb8659c8836 e05b5f6d873b1857e696af8883191ef454f3919e62df36805ad502ba6a0dbfb7 Loading...

	ribhek.com/ar/spinwhel-iq2/js/en_date.js	6.7 kB	2023-03-07	2024-05-11
Pretty URL ribhek.com/ar/spinwhel-iq2/js/en_date.js IP 172.67.219.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-05-11 20:22:10 Times Seen1583 Hash 159cca5aaccda0ce719041c87f432522 51a7090ebc8d851aab5f87d8f19f392ed260d545 62769705ac94c6659cba7cc5ff84fca57e16dfe3222f613677c3c5da4c2728a5 Loading...

	ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7#	168 B	2023-03-07	2024-05-11
Pretty URL ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:27 Last Seen2024-05-11 20:22:10 Times Seen1189 Hash c43fa36762d3eb9b33523e0b75097bc9 ec3a635ea954277745c29cdc77a063ea9fcd0506 496b75e4b69eb322c2b46d488da6d8b33d17db6519e935a164b16b70d76eedd4 Loading...

	bujerdaz.com/pfe/current/micro.tag.min.js?z=7071124&sw=/sw-check-permissions-39799.js	37 kB	2024-04-25	2024-05-15
Pretty URL bujerdaz.com/pfe/current/micro.tag.min.js?z=7071124&sw=/sw-check-permissions-39799.js IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 13:01:48 Last Seen2024-05-15 20:42:51 Times Seen2522 Hash 32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de Loading...

	ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7#	3.0 kB	2023-04-05	2024-05-11
Pretty URL ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 13:49:23 Last Seen2024-05-11 20:22:10 Times Seen145 Hash fc72e55f8a5f8ea5c4e44b1d4c6bec97 3f1fa0ec3b273ee2fe368515e4968681e54b2cb6 2d14ca7fce56636c0006424da099db253a7678dc8906aa9274ebabdff917c6a4 Loading...

		Size	First Seen	Last Seen
	#1 Write - 27f61caa3724efd9a5018c6049ff36a5	8 B	2023-04-30	2024-05-02
Pretty Observations First Seen2023-04-30 22:06:49 Last Seen2024-05-02 22:21:05 Times Seen22 Hash 27f61caa3724efd9a5018c6049ff36a5 b4235a782f215330cd1f55339da9e38c3cb12319 8341c42dd19527b4b0bfbeed0aa37970f50c27bb3e9bb98e8985ecd971cdaa36 Loading...

	#2 Write - 22201d22a64375b668c661167b958d38	8 B	2023-04-30	2024-05-05
Pretty Observations First Seen2023-04-30 22:06:49 Last Seen2024-05-05 01:47:16 Times Seen48 Hash 22201d22a64375b668c661167b958d38 9650b83b269b6385c0135d700545ee05a4ec1417 e9701364bd7a805b39ee8936d6428c8523dcf9b1fc720c564396792cc7ea0e91 Loading...

	#3 Write - 34c294d57269a605e468ded5df340b34	8 B	2023-05-01	2024-05-04
Pretty Observations First Seen2023-05-01 22:32:58 Last Seen2024-05-04 00:03:11 Times Seen34 Hash 34c294d57269a605e468ded5df340b34 00c3c8dfacdea2eb339ea71cc7654e2d8cb21ca9 84191733d722f80b6c678a57ccf6313b3b3c07f4a0d34491f55be1b11d94bfee Loading...

HTTP Transactions (30)

URL IP Response Size

ribhek.com/ar/spinwhel-iq2/img/1.jpg

172.67.219.147

200 OK

18 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/1.jpg
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, description=Smiling hispanic or middle eastern young man looking at the camera��], baseline, precision 8, 360x360, components 3
Size
18 kB (18232 bytes)
Hash
8d4757a7ca89741ae1ef279ac277739b
e3134530778bbf711de60829f9ee270ae3309d4b
e0b4b9068a7fe672f712bb1a39080e06604c506465394214cfde2382ba52f047

HTTP Headers

GET /ar/spinwhel-iq2/img/1.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/jpeg
content-length: 18232
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "0fdf1d98ca06e6a3b06349fd9985af77-ssl"
x-nf-request-id: 01HWT905A5SAHBH3CMBCZSCE18
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GIoXziAqveM%2FpdVkN3k%2B125leVOvzJWl33%2BI%2Feoo43YI7wjWNhjKIu1aG6LmZNgto2TUS1VMZ6IKcuHeO39e2V62EptpbwSkV%2Fl1eDSfvWub5VumbDpx9%2FgYNp%2Ba"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d89572f848b515-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/img/2.jpg

172.67.219.147

200 OK

8.1 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/2.jpg
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3
Size
8.1 kB (8149 bytes)
Hash
d3a748efcc12b64924280109f7b42c99
733dca7bef4f1f344b9bd0176ed9f8e6b38111e9
0f6c00936fa720c5c4b4bd5b410badd270114ba65d06ad148b550617a296ab17

HTTP Headers

GET /ar/spinwhel-iq2/img/2.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/jpeg
content-length: 8149
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "192591960bd52039aaec63c9d453a3a2-ssl"
x-nf-request-id: 01HWT905AZ5YQG3HKZ8SCW3MW2
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5l500uzzrE%2FTfTKkYsbdkPVWhMwnEqaIzHdBKClt%2BsV2pp%2BISjlgwYM1NDhRbITRQhySxjhQtO90FBurOR83OQ1%2FBUrz4FGtGBZn5yd%2BF2K8ZGVkGmlFHviEshOs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d89572f84bb515-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/img/spin_vi.png

172.67.219.147

200 OK

44 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/spin_vi.png
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
PNG image data, 501 x 501, 8-bit colormap, non-interlaced
Size
44 kB (44532 bytes)
Hash
909b1e117787148d9077ee694ca5b038
d8d04588707e419f0a2bf04ec891183b3fe64d29
6dd60427599c797204b6698be7b48b5d091e935c72ba8084d3bd343c3b0f79bc

HTTP Headers

GET /ar/spinwhel-iq2/img/spin_vi.png HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/png
content-length: 44532
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "a555f273c16794b813250b146236f401-ssl"
x-nf-request-id: 01HWT905AYVRBT2NFP4YJEWH2N
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WMJMSJFoyCaNUpd2SXqZ7rKIAUuB4B98GxVgCFsbWOC8BOJvrNMEY3UED4LGzpn8%2B7EE7%2BWRs9AN5blj5XV7J6hni%2BpL8mwu3bbmUsXSuZRA%2F8NUNv5MrEXZR0Ga"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d89572f83fb515-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/img/cash.png

172.67.219.147

200 OK

64 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/cash.png
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
PNG image data, 372 x 368, 8-bit colormap, non-interlaced
Size
64 kB (64073 bytes)
Hash
1139894d02e3017837dab31330877007
760500f5a5f8b5ead948094e13d7646079a56aea
4b085445a906c42d4fb009ff252f8f7e8040235b3a7848f0fc9af501316fad9e

HTTP Headers

GET /ar/spinwhel-iq2/img/cash.png HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/png
content-length: 64073
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "b0f06bd9dc6e086e00185f96daa3c2a6-ssl"
x-nf-request-id: 01HWT905APHRH8RBY16WDQTSAP
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gszjsP53nMShfmeTN2Mpe%2BQ1MIN5RXv7ks%2FOX0cLWFfGpGRgC7lb4EoubKdUTZ0Ov%2FG6LKlgDKXWftaB9hIfEGzvKCYUOTpQ2ZtBAysj58N6BEKI5NHKDiG7PYUe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d89572f842b515-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/img/8.jpg

172.67.219.147

200 OK

4.8 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/8.jpg
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 240x240, components 3
Size
4.8 kB (4831 bytes)
Hash
f1b90b01b26661e37ecdb01a4753a1bf
b6c3960258ba473581daf27df9db972540ec29ed
a8079bac57434af72b399fb198d79cbd9c46a5363096afa97398e4da4228218d

HTTP Headers

GET /ar/spinwhel-iq2/img/8.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/jpeg
content-length: 4831
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "b9ce8499900b91e7201edecbf1f2962e-ssl"
x-nf-request-id: 01HWT905AYRBQ2N9SC3CJHFQQJ
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FXdm314Y%2BJb4bCaW8VDatMGaswyznPfPtaGF0q13Opao3%2F6mi%2F%2FEuj7kRbOZ4izCJ06wqvs1UA7xbqBa2wNgWEI84p9exIwPgeUk74HmNQYhQLRapCiG7KjwHZNi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d89572f845b515-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/img/4.jpg

172.67.219.147

200 OK

21 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/4.jpg
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 400x400, components 3
Size
21 kB (21109 bytes)
Hash
5c6bd23de24730e4b4b37730dd74aef8
6ad9ac3a16e2cd8521eeb8d918f0ceb383fb1f90
2fa0af8cb1cffe84b9fadb389a4750f9fe8a5a1ff0a3bce12ec329d4c5e9bcd8

HTTP Headers

GET /ar/spinwhel-iq2/img/4.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/jpeg
content-length: 21109
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "143c69aaf1e8ba0aabf3dd9ec1d9e445-ssl"
x-nf-request-id: 01HWT905AVF9V204R1K04REV32
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hw3XUoCB7M9Jn8VLxqneX9%2B2Iyjb%2BlWc1BZ9Or46I1wqywT1kYp03JFDq%2BJBSXuEIT66jcRIZ%2F0uIhVG1drfCVPZaP5UbJy6%2FuIs92V772fi2AY4WxjyUfkPC%2Fa1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d89572f84db515-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/img/3.jpg

172.67.219.147

200 OK

15 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/3.jpg
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, description=Smiling young man looking at the camera with his arms crossed��], baseline, precision 8, 360x360, components 3
Size
15 kB (14686 bytes)
Hash
56612da382cd894c3d9a7066200c8987
b50307ef6d081ab84e04f3077551ef52bc677bf8
235ac72915d61b0433f01ae12e6a2a0dd5a676b0e85fdeeb67f6a5b2ea9bb63d

HTTP Headers

GET /ar/spinwhel-iq2/img/3.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/jpeg
content-length: 14686
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "a84fd5388db24f436ebb6879d0e97503-ssl"
x-nf-request-id: 01HWT905B4HEAQNDF36B281BRV
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Fj6iwtjWyGwb4f8YFvPL0wjDvdM0XcswdsDwmU0O65%2FkJrPiryK4QW%2Bnck2J2LGPAbMMV8aUr3OAkvH6dUip%2Bl3WKm1HAZaFaTUiaY8Sv1vklKmra7Ypz49lfb4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d89572f84fb515-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/img/5.jpg

172.67.219.147

200 OK

48 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/5.jpg
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, copyright=Shannon Selim], baseline, precision 8, 640x640, components 3
Size
48 kB (48500 bytes)
Hash
6b4d6ee00c74e83d9951c81d58ce9295
9594243fe36fb66f7f0cf659cd279be1cf1cc864
49950c2963d8d425b48440d5663c436b5cd6a4ee550f57912120d530c96032d2

HTTP Headers

GET /ar/spinwhel-iq2/img/5.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/jpeg
content-length: 48500
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "b7af897904fb4d58f4a27936259bb793-ssl"
x-nf-request-id: 01HWT905AYGBDBT67EC1F88A33
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7r%2FZy%2B3JqmlY6MSJ5Dlmu%2BmB27i3poiLuk8O9XXJs7P2T7sONs5qyltV2EmgvY7Ej5%2FN9SuZmF3wwk9qmB1moyp1ELbLnMW8KB3yWMnRhrNf8rVS%2Fct097gLnIGu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d89572f850b515-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/img/6.jpg

172.67.219.147

200 OK

21 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/6.jpg
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, description=happy refuuge at camp��], baseline, precision 8, 408x408, components 3
Size
21 kB (20826 bytes)
Hash
ccddf6a16d3fcc1c7ba4acef48fdef50
de01377d44746d8e92c46e1a64788b5df04340d4
a6fc77c7cb826f01f0aa8c3182b8b0006125f0d5fbec3ceff93b004d14e17d01

HTTP Headers

GET /ar/spinwhel-iq2/img/6.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/jpeg
content-length: 20826
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "d9f71630def6a1050f1f740068adb403-ssl"
x-nf-request-id: 01HWT905B51NZ7XBH542JX4QMV
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B6ybTWQrcHTThDDHFrPxCvv13zf4DJLjxmYcjT1flQaJWroxqEQ%2BK%2FPlMqyux1suNCREWG%2BSxqd0tzQ%2FgVds6XmbMbPToBghKs23VT2e2SrWSWtxfPp9x1JUM2V0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d89572f856b515-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/img/smiley.png

172.67.219.147

200 OK

5.0 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/smiley.png
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Size
5.0 kB (4992 bytes)
Hash
6a1b1fb2c9a70e8bb232985a5e7c76f2
a371f8e561576cb893e897f1e156597d3abbd0be
68c86e51e47a972e3191621e48685c0d9d1e166235cd816dc74370bc439567fc

HTTP Headers

GET /ar/spinwhel-iq2/img/smiley.png HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/png
content-length: 4992
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "a770a97f2ef0e3b3edd238062c9e3313-ssl"
x-nf-request-id: 01HWT905B266V33F6BK7Q55KRY
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bOTqAQd6G7jryjH8Z1acg3OfWAMF409jRRXSNhMpiRNu%2FJPQD6HoOGXs%2FdwEBaPm0EwNLBPdwh93pIgRsNJJwpgfsq0Nts%2FI5oRbVOUKaTfh0r5re6HheumtH3Hi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d89573085cb515-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/img/refresh.png

172.67.219.147

200 OK

1.8 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/refresh.png
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
PNG image data, 70 x 70, 8-bit colormap, non-interlaced
Size
1.8 kB (1798 bytes)
Hash
2d0f4539e28850747bcdf03e8c9a9f10
c400935fad4c29d04714cf5b9e74fb4d4d8f1e1d
c04fa254d43e1b6db555962ac2dbc6cd67d47aff3c1d7895a229cdaca87a688e

HTTP Headers

GET /ar/spinwhel-iq2/img/refresh.png HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/png
content-length: 1798
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "a8f2cf0e5f0e85d12faa27e61c1d49a3-ssl"
x-nf-request-id: 01HWT905B912GFXQPEX60NAR0G
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qOmMLPKEPic7RSKVdi51wzfNRKDSKtSX8y3w5ZQtjd2kp4wXOAsRYciMudhrZcSu1mA1zwCb1ZZjR5r8XvsgmiD%2FBGLUAKfM9aKSQ0npSRmdEW75P7nWp%2BSnc0yt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d89573085fb515-OSL
alt-svc: h3=":443"; ma=86400

my.rtmark.net/p.js?f=sync&lr=1&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc

139.45.195.8

200 OK

697 B

URL GET HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JavaScript source, ASCII text
Size
697 B (697 bytes)
Hash
9f449dd93aff5d19981521dc1718011e
704d0f2cef85ba5c7f36a9ba707b9116b88ff8f5
78a9e77051816292528bde89251006ecd6c3f563218f4d78217df175b2883029

HTTP Headers

GET /p.js?f=sync&lr=1&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 02 May 2024 14:08:31 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ribhek.com/ar/spinwhel-iq2/img/spin.png

172.67.219.147

200 OK

2.4 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/spin.png
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
PNG image data, 142 x 173, 8-bit colormap, non-interlaced
Size
2.4 kB (2444 bytes)
Hash
79051a4f9ac575664b4d932d577a65fc
ebae669a090fd6de43fb1854e5ba4868e8e8ffc0
0109faa660c321bbc20f82c8ba38eddd5490bc3b77d72c4b1de965a01a4f12b4

HTTP Headers

GET /ar/spinwhel-iq2/img/spin.png HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/css/style__base.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/png
content-length: 2444
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "8cf94e3e08876699f7d4768c58d88a1c-ssl"
x-nf-request-id: 01HWT905J0QHKM6N2SQH60G007
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bD3su4ucX0fwK4jvv0sHvCoFyuHZVg5YZSq3qSXsdpjcQHNAEB2iRNazYVFyGc9UX6ZIhqFpejAfL%2BDjwQCWHTqal2hWUByO7XpOUVNKqcc4d33GeVEjyxlf2qX%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d8957449deb515-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/img/logo.png

172.67.219.147

200 OK

2.9 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/logo.png
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
PNG image data, 128 x 128, 8-bit colormap, non-interlaced
Size
2.9 kB (2852 bytes)
Hash
05209921be4171eee0954c5ae54850f9
3c6e2db019b4483a6e9e4b77cc93734548f30087
2cde3636ca32586133a4a4967f43e3c0f0b64fb6d645d6c9482eff50124692d5

HTTP Headers

GET /ar/spinwhel-iq2/img/logo.png HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/png
content-length: 2852
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "9e05192c5a0bab692a490873ae8b7bd2-ssl"
x-nf-request-id: 01HWT905PX43J4AGH8BT527RJ4
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qC%2BPUJe93TbsQ2ecGQys3Bpnw%2BPZM0FRATP9SjD98qj1OdPo9yOKAGwCR4qrWteLSxAdN8NmK%2Fkg3hMQspLhRHBtIqJI%2FpeOiX8Ya7tvuz4NvYkLuFE7hUPdrrOm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d895757bb1b515-OSL
alt-svc: h3=":443"; ma=86400

bujerdaz.com/zone?&pub=0&zone_id=7071124&is_mobile=false&domain=ribhek.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=b0ec8eb2-d649-4983-b3f8-d1bd8e0bcf05&action=prerequest

139.45.197.250

200 OK

0 B

URL POST HTTP/2
bujerdaz.com/zone?&pub=0&zone_id=7071124&is_mobile=false&domain=ribhek.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=b0ec8eb2-d649-4983-b3f8-d1bd8e0bcf05&action=prerequest
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerLet's Encrypt
Subjectbujerdaz.com
Fingerprint0C:8C:A0:AE:3A:F2:8E:BC:C9:F8:38:17:34:12:6E:06:46:3D:35:A3
ValidityMon, 15 Apr 2024 05:19:24 GMT - Sun, 14 Jul 2024 05:19:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=7071124&is_mobile=false&domain=ribhek.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=b0ec8eb2-d649-4983-b3f8-d1bd8e0bcf05&action=prerequest HTTP/1.1
Host: bujerdaz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ribhek.com
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 May 2024 14:08:31 GMT
content-length: 0
x-trace-id: 60c34e429b3af8f11aa0c3cb7a25e814
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ribhek.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ribhek.com/sw-check-permissions-39799.js?zoneId=7071124

172.67.219.147

200 OK

775 B

URL GET HTTP/3
ribhek.com/sw-check-permissions-39799.js?zoneId=7071124
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
Java source, ASCII text
Size
775 B (775 bytes)
Hash
e0144a309aa6909ad0e562fd78b31b8c
271dc63301f2d88f5a87b8cdb320807a6d942e46
0bcf2a9473c63763a589cef771ca39e02fdf01bc4219f34bb0eeb8abce855d91

HTTP Headers

GET /sw-check-permissions-39799.js?zoneId=7071124 HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: W/"b66b69ce955a5c83d67e661d27432485-ssl"
x-nf-request-id: 01HWQWWSHBDCFCVH3ANW4N6C7G
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPi0brlUQ7m6HJGnxaEpcy3FvpJk4%2FeAm51wQySK6eECE2Atb1Lp2L%2Br2JeaBbSNKwwlHW4AiiF5fYF0khYxkOStOAK1lJTWpukk0QcCELW0GihQrEZlWKX1me27"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d895768d4db515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bujerdaz.com/pfe/current/micro.tag.min.js?z=7071124&sw=/sw-check-permissions-39799.js

139.45.197.250

200 OK

15 kB

URL GET HTTP/2
bujerdaz.com/pfe/current/micro.tag.min.js?z=7071124&sw=/sw-check-permissions-39799.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerLet's Encrypt
Subjectbujerdaz.com
Fingerprint0C:8C:A0:AE:3A:F2:8E:BC:C9:F8:38:17:34:12:6E:06:46:3D:35:A3
ValidityMon, 15 Apr 2024 05:19:24 GMT - Sun, 14 Jul 2024 05:19:23 GMT

File type
gzip compressed data, max speed, from Unix
Size
15 kB (14718 bytes)
Hash
79ab4f5f20178d8996c060bb397118cb
1c4b2573fec4c28a0fabe5f38102b69cac5b9e97
05c6f230d524bab329e3cd7e74295e02df901851cc6350c1759b308d2ee09038

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=7071124&sw=/sw-check-permissions-39799.js HTTP/1.1
Host: bujerdaz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 02 May 2024 14:08:31 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-9116"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 328
Origin: https://ribhek.com
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 02 May 2024 14:08:31 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 346348cdd71669319e3b5dbaa6144b25
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ribhek.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 329
Origin: https://ribhek.com
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 02 May 2024 14:08:31 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 4c7f5bc75b8e124fa14b967e56bd2e7a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ribhek.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://ribhek.com/
Origin: https://ribhek.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 02 May 2024 14:08:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://ribhek.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
92e5b51b58b80653b89206a6a4b66e9d
6e4a0359357af6e6f21cc0025c00d5f3a1263c5c
e558087bebdd3e48424141745da3ea9b2808cd94e032d75d86a490568219e23f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ribhek.com/
Content-Type: application/json
Content-Length: 954
Origin: https://ribhek.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 May 2024 14:08:31 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ribhek.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=sync&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc&ttl=&rurl=https%3A%2F%2Fribhek.com%2Far%2Fspinwhel-iq2%2F%3Fuclick%3Dj2u3a0fy%26uclickhash%3Dj2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7%23

139.45.195.8

200 OK

43 B

URL GET HTTP/2
my.rtmark.net/img.gif?f=sync&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc&ttl=&rurl=https%3A%2F%2Fribhek.com%2Far%2Fspinwhel-iq2%2F%3Fuclick%3Dj2u3a0fy%26uclickhash%3Dj2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7%23
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=78c5ba6da14c996481201ddfa240d8b93591e970395d5413e95a0a3ef4b61fbc&ttl=&rurl=https%3A%2F%2Fribhek.com%2Far%2Fspinwhel-iq2%2F%3Fuclick%3Dj2u3a0fy%26uclickhash%3Dj2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7%23 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 May 2024 14:08:32 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=08805093362346b2f514a082c2edfb53; expires=Fri, 02 May 2025 14:08:31 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ribhek.com/ar/spinwhel-iq2/js/en_date.js

172.67.219.147

200 OK

6.7 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/js/en_date.js
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
ASCII text, with very long lines (7106), with no line terminators
Size
6.7 kB (6660 bytes)
Hash
ea133004ba2ee7bebc25767e49cb99ff
50c4bbb8423fe9d364798f28c8260cf66916b677
cda4a08060ba5f9871213274ab4f043f97f74311196eb4916fef50700178cff8

HTTP Headers

GET /ar/spinwhel-iq2/js/en_date.js HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: W/"3ffc4d8daf8a0279c657879a371a6eff-ssl-df"
vary: Accept-Encoding
x-nf-request-id: 01HWT905ARVPSAQ2GG3WY0D7JB
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=muRNfrdrIcYPxI5J09X0May%2FDFC7TKVtatkAT6yMiXmhAslPcPYDlY5BWYGrrxpKHXAalkO%2F170Cae2N8oxbJg88y85aRlWKBjrNPQa0UWsOVuyZgiwcu28KTEK9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d89572e81bb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/js/bioep.min.js

172.67.219.147

200 OK

5.3 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/js/bioep.min.js
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JavaScript source, ASCII text, with very long lines (5456), with no line terminators
Size
5.3 kB (5292 bytes)
Hash
fe234c9b352a64fd48af6671a6460c25
4ab82b1093465cbeba45d0dfd67ed3d8cd30deb2
97043aee10fc7179a85aea1e1e96bbd6a4564d733589548209ccc1358252eb9f

HTTP Headers

GET /ar/spinwhel-iq2/js/bioep.min.js HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: W/"16322b53a3ea039d744dc303d398d1dd-ssl-df"
vary: Accept-Encoding
x-nf-request-id: 01HWT905AX94CAGB98BFV3JCR0
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1x1mC%2BmN0QMBjct4IkBxGvMc9JeXfcYhwoAP8XBn%2FromEE4eAdUx4I1IPNvg%2B6EYKnyK%2B3s7bK0GQVy%2FT1fwvs0ftMApmYaupRISWseU6CoeY5j26NzdCbQFy0Qn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d89572f831b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/css/style_a.css

172.67.219.147

200 OK

6.5 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/css/style_a.css
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
ASCII text, with very long lines (6989), with no line terminators
Size
6.5 kB (6528 bytes)
Hash
a53a207a73db213f78c49078dbdde32a
4a5813b3d9a5237141104cd9ab2ef54c8151e168
b37503aacfbae5e87ea942f2a7b5291f4a271af060f01caf7dc1a02160633f8f

HTTP Headers

GET /ar/spinwhel-iq2/css/style_a.css HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: W/"1473adf58d9bbec22e785727559b8c51-ssl-df"
vary: Accept-Encoding
x-nf-request-id: 01HWT905AW1SRB94SVCR5NP1M1
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cgCHXYj2oJyEbTdYpkuemaeIitc9y7E7HXa6tZZJuOSt7A7IjkrWAalF7mJtHiPGIYq9ef2LD8V9hDOydFgXtudBk1XjkDB5qQBfZjtYDiYTNHzgl09trcKIeWd2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d89572e82bb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/js/jquery.min.js

172.67.219.147

200 OK

87 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/js/jquery.min.js
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
87 kB (86658 bytes)
Hash
24f2e59beae1680f19632d9c1b89d730
b3a77b35c4809324ab79e64d40c4ee391234e008
39646863a414e0a84920b3a8639c0f3e8c94535e8dc051b42b485a068dc2902f

HTTP Headers

GET /ar/spinwhel-iq2/js/jquery.min.js HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: W/"ddbc6702bc953f6dedfe3543150cf865-ssl-df"
vary: Accept-Encoding
x-nf-request-id: 01HWT905B328KDTHYS96QQZC21
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yHppkEDRZLmjKf8OJtb8epViTsu9LRDzVrqc6vE5dtRkGYV0tf8XfAZmRdr8lYA9GeRGB13AYKVHOKcMjCjBsEXr3JZ2tOV4F9XHBqvm%2FNOIo7Bh9WyIo5%2BEdwa5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d895730861b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7

172.67.219.147

200 OK

16 kB

URL User Request GET HTTP/2
ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type

Size
16 kB (15831 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7 HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 14:08:30 GMT
content-type: text/html; charset=UTF-8
age: 7414
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
vary: Accept-Encoding
x-nf-request-id: 01HWWT58KKY0JXDZZWBY4XJZQQ
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DudcgYpQhOBx1yEXB92Z%2BNY0HS%2FK06DuKAlNZgAEg1hNDruxTXXFCB1l1fPE1vQenY030%2BKlCPNQdTbcypNYCHdUBtbpbdo1KCFJK%2FgZlXJzmaOn7YVHHdkYwa9j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d89570796656a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ribhek.com/ar/spinwhel-iq2/img/7.jpg

172.67.219.147

200 OK

26 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/img/7.jpg
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 480x400, components 3
Size
26 kB (26430 bytes)
Hash
22cb80edd617362c5465bc2e8f8871d0
aa39c3c8c4dfb74089b63abef0e33e74e8fe5210
eaa4bd9a29ee64b0d8e79df7304706004eb6be85fc417f7ffaa0cc7eb6541635

HTTP Headers

GET /ar/spinwhel-iq2/img/7.jpg HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: image/jpeg
content-length: 26430
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: "5f713f6c2173d1bb8ea9cf3786e18e19-ssl"
x-nf-request-id: 01HWT905B6DVABHK1CQ0N1EW74
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LQ%2BouVRJLe435jA5dBboNu9NDGaG8aPsjVWvcYrVv8oAre0SNwSvKf84v83jBmrdKNYiV7FJZvDCEZiX1HYrdPLG8TbOJln071%2FjKafcF%2B9%2Fw%2F22GXB7%2BxBPD5ZN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d89572f858b515-OSL
alt-svc: h3=":443"; ma=86400

ribhek.com/ar/spinwhel-iq2/css/style__base.css

172.67.219.147

200 OK

19 kB

URL GET HTTP/3
ribhek.com/ar/spinwhel-iq2/css/style__base.css
IP
172.67.219.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectribhek.com
FingerprintFB:64:06:A8:A2:A9:45:39:1D:4E:95:94:5D:B6:C9:DE:A1:4F:AD:8E
ValidityFri, 26 Apr 2024 15:18:05 GMT - Thu, 25 Jul 2024 15:18:04 GMT

File type
ASCII text
Size
19 kB (18747 bytes)
Hash
5af9199e58d12f7d074412e74d9a3d3d
74c11cb489a368220c3144e4570ad5b34afa75c2
708ad2fb793e0817fdf6bd7b0401e172f9566033232f148439e6f42b2f3b0999

HTTP Headers

GET /ar/spinwhel-iq2/css/style__base.css HTTP/1.1
Host: ribhek.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=14400, must-revalidate
cache-status: "Netlify Edge"; hit
etag: W/"48cda9d2e1e4882f881c36734d6c0dbf-ssl-df"
vary: Accept-Encoding
x-nf-request-id: 01HWT905ARPM6BX17MHTFQHRDW
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mS8ep6wXW85sZE5fJ58xoP4GxPltTE1Knk8SHkUXJkhGW5PFMdTsvWciCze0Xe%2FZynkNQkDgGIHKX7ocsmcN7Uaujx%2FshhUKVWg4YHG%2BxdTlIkgJ9AGK3rFFSJ%2FN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d89572e822b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

backunder.com/script.js

172.67.169.6

200 OK

911 B

URL GET HTTP/2
backunder.com/script.js
IP
172.67.169.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ribhek.com/ar/spinwhel-iq2/?uclick=j2u3a0fy&uclickhash=j2u3a0fy-j2u3a0fy-17he-0-17yd-4kxi-irnt-991ce7
Certificate
IssuerGoogle Trust Services LLC
Subjectbackunder.com
FingerprintF0:95:C2:A7:B0:15:EB:8D:1E:CE:36:6A:FC:03:95:FA:C0:07:37:96
ValiditySat, 30 Mar 2024 17:02:34 GMT - Fri, 28 Jun 2024 17:02:33 GMT

File type
JavaScript source, ASCII text, with very long lines (920), with no line terminators
Size
911 B (911 bytes)
Hash
f60d3d95ba5d3857d3acb6730f06767d
454bf6bf84fc040a03287bf1096d2669804627c8
5c501b55106f7ffe03902742af81cad54e109fec08e9dd005b13ecaa6cbb748e

HTTP Headers

GET /script.js HTTP/1.1
Host: backunder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ribhek.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 14:08:31 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1228
etag: W/"4cc-5f2f3364b2fe4-gzip"
last-modified: Mon, 23 Jan 2023 19:14:45 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6580
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lqg19h8yXh%2FT4JCbQY0sEDdYrngT8990gnACIptmrQwqH1zfebFX9OjrzKZ32Kd7M%2BPOyMpl1AllSkbv0ar1S8XC6EoryrKRTQUMH6e4OPb%2BOPTELfwcoCEC5jXHzM%2BN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d895730ef3b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML