| thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds | 54.230.111.17 | 301 Moved Permanently | 167 B |
URL HTTP/1.1thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds IP54.230.111.17:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hashf5d40b7259645010f9a248858ad14178 b3051d17a6ec8c9e166bf09a62b48261ab86957b 7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 21 Jan 2023 22:22:46 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds
X-Cache: Redirect from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: VrCQzl0O_7qXToQ0QYs5cg9tl3nwi9BFopVegjaFxBsWqIanaAOfRg==
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash8a5e416451617846248067d72b675125 995b0346adefaf5f2e167d1b81e60cc9afc4f19e c5fafb9127b71cbd4f7b1a44f755fc4aa0e2f47bbc50de4b15c870a22bf160d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5FAFB9127B71CBD4F7B1A44F755FC4AA0E2F47BBC50DE4B15C870A22BF160D9"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8479
Expires: Sun, 22 Jan 2023 00:44:05 GMT
Date: Sat, 21 Jan 2023 22:22:46 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash8997fa58a7262e8fd559d64b40511a1b 0aa1c4365c28f45e4d7a8a234fbcf51cd009e083 1580d1145f125c765e40e5983cb4bb4e2424010d2920a25ea7da992485da0dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1580D1145F125C765E40E5983CB4BB4E2424010D2920A25EA7DA992485DA0DEA"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7561
Expires: Sun, 22 Jan 2023 00:28:47 GMT
Date: Sat, 21 Jan 2023 22:22:46 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash38c102db4bcfb9c4fb19174986950fd3 51c2cc8a3aca4da5c9ab3438467c29203fc0b0c3 dad6b64bc9f4dd827471ccc2e5273fceee574685376083aaa80f9d2f918037f2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAD6B64BC9F4DD827471CCC2E5273FCEEE574685376083AAA80F9D2F918037F2"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17944
Expires: Sun, 22 Jan 2023 03:21:51 GMT
Date: Sat, 21 Jan 2023 22:22:47 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash14cd9a0afb6ba9a763651d5112760d1e 75d7b104ab9ab11fbb73c3f348b43b0119b5adfa 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 21 Jan 2023 21:49:40 GMT
content-type: application/json
age: 1987
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash7b922915ebf1fa3639b333f994c74f24 144a3f80b98fd0652d4614f24cf6cbbee40f8938 adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: DowCndvsOiCMixtyy9qFawthfqtDWmdnzhZXCvBN8hUeW783Cm/KD4uZ0y2DcFzhw8+cqSxIrY0=
x-amz-request-id: BNDD5GDPCPQCHB0R
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 21 Jan 2023 22:18:10 GMT
age: 277
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.sca1b.amazontrust.com/ | 143.204.42.88 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP143.204.42.88:0
Hash8797e49b03db234f83237a7a65998151 dd44e8852dc42ba70616d7679db9d214c8f392b3 95b87100d767403200a4a8356382010948d74e6dacd637146ccff8d5f37bdac3
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 21 Jan 2023 22:22:47 GMT
Server: ECS (dcb/7F15)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DwZB5eOHENYevAELzYrFtCrnw_JMpEutyjuEQAE0x53HUpYM1c5VGQ==
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 22:22:47 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/Hellspin.png | 54.230.111.17 | 200 OK | 6.7 kB |
URL HTTP/2thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/Hellspin.png IP54.230.111.17:0
File typePNG image data, 216 x 83, 8-bit colormap, non-interlaced\012- data Hash6e7d3b7f8eaf02613a497208cb29c22d 8936689dab7c2ee3e31f4bc400c8b6ceee686bcd 4ba35003b2f16fffb35bc8139c053fb8914aae988745646166d668647bbafa68
GET /Campaign/Casino/Australia-EN/Casino-14-TY-HS/Hellspin.png HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 6735
last-modified: Fri, 09 Sep 2022 12:42:48 GMT
server: AmazonS3
date: Sat, 21 Jan 2023 22:22:32 GMT
etag: "6e7d3b7f8eaf02613a497208cb29c22d"
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RGEAcnFDfsJO2qarnOnf5KX65Gg5Fl-j4tX7m6TXA70kO4Wxa3Rchw==
age: 1436
X-Firefox-Spdy: h2
|
|
| thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/562b1a8e5aab3041b04ffe62c956ca5f.static.png | 54.230.111.17 | 200 OK | 116 kB |
URL HTTP/2thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/562b1a8e5aab3041b04ffe62c956ca5f.static.png IP54.230.111.17:0
File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data Size116 kB (116407 bytes) Hash9a7b5e80e04aaf544bc7c3144b4bcb52 7a21c2fb8a22796ed73d7467d718a4732de7a487 d62769b899b12f7acd485ad0df29015c24b38c33953c9fcabe417faf77ab796f
GET /Campaign/Casino/Australia-EN/Casino-14-TY-HS/562b1a8e5aab3041b04ffe62c956ca5f.static.png HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 116407
date: Sat, 21 Jan 2023 21:58:52 GMT
last-modified: Fri, 09 Sep 2022 12:42:44 GMT
etag: "9a7b5e80e04aaf544bc7c3144b4bcb52"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4LC42aae0xtJcEnmfImxYnvCQzYyOoHRGf07v06y5sfESc4HgDb0DQ==
age: 1436
X-Firefox-Spdy: h2
|
|
| thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/d846b391ab89ca16fda20d187927d0a0.static.png | 54.230.111.17 | 200 OK | 2.2 kB |
URL HTTP/2thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/d846b391ab89ca16fda20d187927d0a0.static.png IP54.230.111.17:0
File typePNG image data, 265 x 133, 8-bit colormap, non-interlaced\012- data Hash46d3b5e50a1c32641e6a1d75edb1a0ee 7241d2bd02093af81f2bc5e47c3980d7530ebe6f 8ce56b652e2fbac94f83d2b6df6ee621e9c4f298eefe4a92c53dda2dbfe744d4
GET /Campaign/Casino/Australia-EN/Casino-14-TY-HS/d846b391ab89ca16fda20d187927d0a0.static.png HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 2249
last-modified: Fri, 09 Sep 2022 12:42:26 GMT
server: AmazonS3
date: Sat, 21 Jan 2023 19:41:06 GMT
etag: "46d3b5e50a1c32641e6a1d75edb1a0ee"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PyviZjO8uDcJtefP16DWeo-z5nxS-7GWKXhzYSdxnvJZux_mA6Oq0Q==
age: 9702
X-Firefox-Spdy: h2
|
|
| thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/4c0948bf4f4c9251986ffd7516631834.static.js | 54.230.111.17 | 200 OK | 645 B |
URL HTTP/2thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/4c0948bf4f4c9251986ffd7516631834.static.js IP54.230.111.17:0
Hashb69c81f466315efd07310c9111904a50 b9491fb91c122d1789aff2e2ec49a2dad6c8b484 8d5d90a832de7a84e10c676b8b6147de0c8f731daed04a4074d8316f0d9a4ed4
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /Campaign/Casino/Australia-EN/Casino-14-TY-HS/4c0948bf4f4c9251986ffd7516631834.static.js HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 645
last-modified: Fri, 09 Sep 2022 12:42:29 GMT
server: AmazonS3
date: Sat, 21 Jan 2023 19:41:06 GMT
etag: "b69c81f466315efd07310c9111904a50"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eYWLzvzuaRvu6iluWPFMgCIQm6wNzmfrU1Jk4LlGp9AzPVMu31yHBw==
age: 9702
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/froala-editor/2.8.5/css/froala_style.min.css | 104.17.24.14 | 200 OK | 1.4 kB |
URL HTTP/2cdnjs.cloudflare.com/ajax/libs/froala-editor/2.8.5/css/froala_style.min.css IP104.17.24.14:0
File typeASCII text, with very long lines (7048) Hashaa3b4ed7478b3a40f2409188a0c9fdab 1b4efc2536689dde7205f6eb81766b6ad54ada8f 80db261e2480e9541813923e022ea7d0dceece776b3aa606216545a1ba272d26
GET /ajax/libs/froala-editor/2.8.5/css/froala_style.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 21 Jan 2023 22:22:47 GMT
content-type: text/css; charset=utf-8
content-length: 1380
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e6a-1c28"
last-modified: Mon, 04 May 2020 16:10:18 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 19626631
expires: Thu, 11 Jan 2024 22:22:47 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MFjmh45%2BiivML2hot4ys2ij3OFM4U7piUgZJs6IiBJX5A6i5xeahCWHAv5oZE9BC75TJk%2FwT%2BiHUB7i1TL6M0%2BSgK4hnEvb4eD9NgR7qNRqKXhKcMxH%2FUW%2FG5vZpBfH3Bmv4dhdK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 78d373599a7db51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash032ea16a79a95a9f16a60674c5f3ad5c daea213df10fabce0cd857bcd4f3e64dd1293fad 4637cdfefc8df89f6f6cc042daa30247921cbd001bd16484b18c384f1e7b9781
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 22:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash48e257c8f2392f159921a40b7d3ffe56 f89f2ea262bd86780848257fb73bcb45019d2dbf 939e3a190c0d0cdc796a73a852b368415660f6bb8f00653af4f8c960ed797fba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "939E3A190C0D0CDC796A73A852B368415660F6BB8F00653AF4F8C960ED797FBA"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7912
Expires: Sun, 22 Jan 2023 00:34:39 GMT
Date: Sat, 21 Jan 2023 22:22:47 GMT
Connection: keep-alive
|
|
| thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=prerequest | 54.230.111.17 | 403 Forbidden | 1.1 kB |
URL HTTP/2thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=prerequest IP54.230.111.17:0
File typeHTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Hash294aa5e9b8aa786805403f95b9fab4da f70bea46210a57da9759c7cd047f97cb46a975ce 786feb8d39f01261ab824f270f4a8a1103a3da965612750024b49ff9ba8f8d66
POST /zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thebetterdealss.com
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 403 Forbidden
server: CloudFront
date: Sat, 21 Jan 2023 22:22:47 GMT
content-type: text/html
content-length: 1053
x-cache: Error from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TrwvL5ERrpoRTdtGIRYo6pPeozVau-NW6rdfJR-4p8odhbvpUn59cQ==
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js | 142.250.74.10 | 200 OK | 31 kB |
URL HTTP/2ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP142.250.74.10:0
File typeASCII text, with very long lines (65447) Hash7808e0e4b7a714230373852158500533 4a79d18722a68a2f38d52e2d3a11b550bdd30b3c 8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054
GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 16 Jan 2023 11:24:15 GMT
expires: Tue, 16 Jan 2024 11:24:15 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 471512
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8 | 139.45.195.8 | 200 OK | 697 B |
URL HTTP/2my.rtmark.net/p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8 IP139.45.195.8:0
Hashc9403da8f2e07b42a7abb2ca02510847 54707a8174b1e2539eb1170b78c548a832ea2867 8c4f1df9606db3187c5b0a76d0586cfa938845ab7cfbbe65805fb21c2032ec47
GET /p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 22:22:47 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/in_css_34d506b688dd263f9470dc2315529716.static.jpg | 54.230.111.17 | 200 OK | 56 kB |
URL HTTP/2thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/in_css_34d506b688dd263f9470dc2315529716.static.jpg IP54.230.111.17:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data Hashdaed3767de815d8c15505c86b978dfbf 2e238bd17a590a987f15c6762185b7e3e58e048e 2596ca41818504ef1d96465d290b129676e812d8b3b09e1b731a690d8d35af50
GET /Campaign/Casino/Australia-EN/Casino-14-TY-HS/in_css_34d506b688dd263f9470dc2315529716.static.jpg HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/03a2f250c19db9fd62bacac660640af3.static.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 56400
last-modified: Fri, 09 Sep 2022 12:41:50 GMT
server: AmazonS3
date: Sat, 21 Jan 2023 19:41:07 GMT
etag: "daed3767de815d8c15505c86b978dfbf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IWoin0UqFoPn7Dfb1VJlzhpfBHN7W86VQIspCsUeWZ4cr5HwOgL2bg==
age: 9701
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hashc0f67edfa92ff11474d17ad3160ed43e a43cc627d3c9258bdbe14ff3ceeed1c98496ff50 309dea4b94ceda4ec43c2f944cdfad61434c96eaafd172bc55c39545f3bf5a1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 22:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash032ea16a79a95a9f16a60674c5f3ad5c daea213df10fabce0cd857bcd4f3e64dd1293fad 4637cdfefc8df89f6f6cc042daa30247921cbd001bd16484b18c384f1e7b9781
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 22:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.googletagmanager.com/gtm.js?id=GTM-M7SJHXC | 142.250.74.168 | 200 OK | 39 kB |
URL HTTP/2www.googletagmanager.com/gtm.js?id=GTM-M7SJHXC IP142.250.74.168:0
File typeASCII text, with very long lines (1921) Hashe3285b518ba02c21e7e448d8e9101751 4a70eb1d4e4a69c723d576a1a2d5324b2a4a8722 f80b7e1d412a2506988b3a0d8dfa1ff9a5b7d175c837e015bd9136ba1c5540de
GET /gtm.js?id=GTM-M7SJHXC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 21 Jan 2023 22:22:47 GMT
expires: Sat, 21 Jan 2023 22:22:47 GMT
cache-control: private, max-age=900
last-modified: Sat, 21 Jan 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 39009
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?pub=0&userId=&zoneId=4495707&checkDuplicate=true&ymid=&var= | 139.45.195.8 | 200 OK | 65 B |
URL HTTP/2my.rtmark.net/gid.js?pub=0&userId=&zoneId=4495707&checkDuplicate=true&ymid=&var= IP139.45.195.8:0
File typeJSON data\012- , ASCII text Hash7f0398c79a02dd89b02aa3daef32df2c 46cdb072586c31ba41c94e4259350009d41579fd 07b3ab6b46184d1670b43566ba16b30e84c6c364287267d203fd31518556961f
GET /gid.js?pub=0&userId=&zoneId=4495707&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thebetterdealss.com/
Origin: https://thebetterdealss.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 22:22:47 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://thebetterdealss.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c713418fc8374443a1b73d3737cc93c4; expires=Sun, 21 Jan 2024 22:22:47 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hashc0f67edfa92ff11474d17ad3160ed43e a43cc627d3c9258bdbe14ff3ceeed1c98496ff50 309dea4b94ceda4ec43c2f944cdfad61434c96eaafd172bc55c39545f3bf5a1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 22:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash210ae2e7a3d0f650896f49d283764848 9ed940c45a48683eea6a57cfe14f53cb1dab13a5 ae60e54254b4ed017cd3af1f4926a315111f0142d0ec0929639410824dce3d03
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AE60E54254B4ED017CD3AF1F4926A315111F0142D0EC0929639410824DCE3D03"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3399
Expires: Sat, 21 Jan 2023 23:19:26 GMT
Date: Sat, 21 Jan 2023 22:22:47 GMT
Connection: keep-alive
|
|
| trk.thebetterdealz.com/d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FAustralia-EN%2FCasino-14-TY-HS%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520(RON)(CPA)(1)%26lander.name%3DCasino-14-TY-AU%26clickid%3Dwgur3p3vdpmscm2mi3r1i990%26source%3Dd18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9%26city%3DMountain%2520View%26brand%3DGeneric%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23&lpt=DAILY%20JACKPOTS!&t=1674339766542 | 18.184.38.55 | 200 OK | 1.2 kB |
URL HTTP/2trk.thebetterdealz.com/d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FAustralia-EN%2FCasino-14-TY-HS%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520(RON)(CPA)(1)%26lander.name%3DCasino-14-TY-AU%26clickid%3Dwgur3p3vdpmscm2mi3r1i990%26source%3Dd18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9%26city%3DMountain%2520View%26brand%3DGeneric%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23&lpt=DAILY%20JACKPOTS!&t=1674339766542 IP18.184.38.55:0
File typeASCII text, with very long lines (626) Hash8b32474d108c7f0add34842e790e8e62 4aea60396c329b65a77f919a57a7440ab2e0efb6 97f3dbf2eb49f0c43273ffbcdb1a4f317d9d182615c6e9ea341f475f94013d69
GET /d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FAustralia-EN%2FCasino-14-TY-HS%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520(RON)(CPA)(1)%26lander.name%3DCasino-14-TY-AU%26clickid%3Dwgur3p3vdpmscm2mi3r1i990%26source%3Dd18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9%26city%3DMountain%2520View%26brand%3DGeneric%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23&lpt=DAILY%20JACKPOTS!&t=1674339766542 HTTP/1.1
Host: trk.thebetterdealz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 22:22:47 GMT
content-type: application/javascript;charset=UTF-8
content-length: 1152
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
|
|
| thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/ae50ba77acae77ced1d303cb70026f9b.static.css | 54.230.111.17 | 200 OK | 19 kB |
URL HTTP/2thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/ae50ba77acae77ced1d303cb70026f9b.static.css IP54.230.111.17:0
File typeASCII text, with very long lines (65371) Hashf82b347d3d15e42ff26cf0ea1958439f 80c7cd1d49e0c2ec75909417bfa20e31528bfd0c bb6046a8c77434a4f971acf170bbc7d6c9885a974b734ac676df8e4cfd4533e1
GET /Campaign/Casino/Australia-EN/Casino-14-TY-HS/ae50ba77acae77ced1d303cb70026f9b.static.css HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Fri, 09 Sep 2022 12:42:42 GMT
server: AmazonS3
content-encoding: br
date: Sat, 21 Jan 2023 19:41:06 GMT
etag: W/"ec3bb52a00e176a7181d454dffaea219"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ebu0VxBeePghNAZcBVRaD3C61bHt3yMHpkb0eKu44pD6osrXH2wOBA==
age: 9702
X-Firefox-Spdy: h2
|
|
| thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/d2886ada8fd722e4d9460289f1b3e1f7.static.ico | 54.230.111.17 | 200 OK | 198 B |
URL HTTP/2thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/d2886ada8fd722e4d9460289f1b3e1f7.static.ico IP54.230.111.17:0
File typeMS Windows icon resource - 1 icon, 16x16, 2 colors\012- data Hashc6acedaff906029fc5455d9ec52c7f42 92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81 9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /Campaign/Casino/Australia-EN/Casino-14-TY-HS/d2886ada8fd722e4d9460289f1b3e1f7.static.ico HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 198
date: Sat, 21 Jan 2023 22:22:34 GMT
last-modified: Fri, 09 Sep 2022 12:42:34 GMT
etag: "c6acedaff906029fc5455d9ec52c7f42"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zgT3JTV76hrxAqrX-mG09yqyKRH2WSUWly1T9tzMC-UNfgGwGx7Iug==
age: 14
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 21 Jan 2023 22:17:29 GMT
age: 318
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashfc96297d0b59147e8f6052b16f1ca13f 23aeddfa143bb9be19b2ed06f2024a3a8aa120ce 034327c6ada560c662f451f3c95cd8531482d4ab51629e95875fab54c8f3e49a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3476
Cache-Control: max-age=128517
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 22:22:47 GMT
Etag: "63cbab28-1d7"
Expires: Mon, 23 Jan 2023 10:04:44 GMT
Last-Modified: Sat, 21 Jan 2023 09:06:48 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
|
|
| my.rtmark.net/img.gif?f=sync&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8&ttl=&rurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FAustralia-EN%2FCasino-14-TY-HS%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520(RON)(CPA)(1)%26lander.name%3DCasino-14-TY-AU%26clickid%3Dwgur3p3vdpmscm2mi3r1i990%26source%3Dd18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9%26city%3DMountain%2520View%26brand%3DGeneric%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23 | 139.45.195.8 | 200 OK | 43 B |
URL HTTP/2my.rtmark.net/img.gif?f=sync&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8&ttl=&rurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FAustralia-EN%2FCasino-14-TY-HS%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520(RON)(CPA)(1)%26lander.name%3DCasino-14-TY-AU%26clickid%3Dwgur3p3vdpmscm2mi3r1i990%26source%3Dd18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9%26city%3DMountain%2520View%26brand%3DGeneric%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23 IP139.45.195.8:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8&ttl=&rurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FAustralia-EN%2FCasino-14-TY-HS%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520(RON)(CPA)(1)%26lander.name%3DCasino-14-TY-AU%26clickid%3Dwgur3p3vdpmscm2mi3r1i990%26source%3Dd18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9%26city%3DMountain%2520View%26brand%3DGeneric%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Cookie: ID=c713418fc8374443a1b73d3737cc93c4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 22:22:48 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c713418fc8374443a1b73d3737cc93c4; expires=Sun, 21 Jan 2024 22:22:48 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 54.69.176.248 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP54.69.176.248:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RI3TWZXAKQgrPfi5yQ3ECg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hhChi3B8FZ5X3GopKToo7cXGNUo=
|
|
| region1.google-analytics.com/g/collect?v=2&tid=G-N55404SP04>m=2oe1i0&_p=1123334213&cid=1313727244.1674339767&ul=en-us&sr=1280x1024&_s=1&sid=1674339766&sct=1&seg=0&dl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FAustralia-EN%2FCasino-14-TY-HS%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520(RON)(CPA)(1)%26lander.name%3DCasino-14-TY-AU%26clickid%3Dwgur3p3vdpmscm2mi3r1i990%26source%3Dd18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9%26city%3DMountain%2520View%26brand%3DGeneric%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds&dt=DAILY%20JACKPOTS!&en=page_view&_fv=1&_nsi=1&_ss=1 | 216.239.32.36 | 204 No Content | 0 B |
URL HTTP/2region1.google-analytics.com/g/collect?v=2&tid=G-N55404SP04>m=2oe1i0&_p=1123334213&cid=1313727244.1674339767&ul=en-us&sr=1280x1024&_s=1&sid=1674339766&sct=1&seg=0&dl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FAustralia-EN%2FCasino-14-TY-HS%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520(RON)(CPA)(1)%26lander.name%3DCasino-14-TY-AU%26clickid%3Dwgur3p3vdpmscm2mi3r1i990%26source%3Dd18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9%26city%3DMountain%2520View%26brand%3DGeneric%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds&dt=DAILY%20JACKPOTS!&en=page_view&_fv=1&_nsi=1&_ss=1 IP216.239.32.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-N55404SP04>m=2oe1i0&_p=1123334213&cid=1313727244.1674339767&ul=en-us&sr=1280x1024&_s=1&sid=1674339766&sct=1&seg=0&dl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FAustralia-EN%2FCasino-14-TY-HS%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520(RON)(CPA)(1)%26lander.name%3DCasino-14-TY-AU%26clickid%3Dwgur3p3vdpmscm2mi3r1i990%26source%3Dd18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9%26city%3DMountain%2520View%26brand%3DGeneric%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds&dt=DAILY%20JACKPOTS!&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thebetterdealss.com
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://thebetterdealss.com
date: Sat, 21 Jan 2023 22:22:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash6033dad399355478c264e1c7c27e7f62 7d5546258015b8a834ee87b5a679be0545723e9d 5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8480
Expires: Sun, 22 Jan 2023 00:44:09 GMT
Date: Sat, 21 Jan 2023 22:22:49 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash6033dad399355478c264e1c7c27e7f62 7d5546258015b8a834ee87b5a679be0545723e9d 5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8480
Expires: Sun, 22 Jan 2023 00:44:09 GMT
Date: Sat, 21 Jan 2023 22:22:49 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash6033dad399355478c264e1c7c27e7f62 7d5546258015b8a834ee87b5a679be0545723e9d 5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8480
Expires: Sun, 22 Jan 2023 00:44:09 GMT
Date: Sat, 21 Jan 2023 22:22:49 GMT
Connection: keep-alive
|
|
| shaumtol.com/pfe/current/micro.tag.min.js?z=4492922&ymid=wgur3p3vdpmscm2mi3r1i990&var=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&sw=/sw-check-permissions-a7c35.js | 139.45.197.250 | 200 OK | 23 kB |
URL HTTP/2shaumtol.com/pfe/current/micro.tag.min.js?z=4492922&ymid=wgur3p3vdpmscm2mi3r1i990&var=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&sw=/sw-check-permissions-a7c35.js IP139.45.197.250:0
Hashc29b19a3e0739cffbb0d7cab280a390b 4be80ba2ff0dd5e27da71a2c53a2d15d86ae7483 7063dd2f6011ec92c6ac3c5d91efa6db9b7474e5937c0787630418af9fb0224a
GET /pfe/current/micro.tag.min.js?z=4492922&ymid=wgur3p3vdpmscm2mi3r1i990&var=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&sw=/sw-check-permissions-a7c35.js HTTP/1.1
Host: shaumtol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 22:22:47 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 12:58:18 GMT
etag: W/"63a302ea-9a87"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/b381167682fc24f7d21b80139356c31d.static.js | 54.230.111.17 | 200 OK | 42 kB |
URL HTTP/2thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/b381167682fc24f7d21b80139356c31d.static.js IP54.230.111.17:0
File typeASCII text, with very long lines (32058) Hash6e47126e4f6f692ffe7a77618aa3f315 175750a397b4d190f71ade13b0fae8562d7fa5af d133860e2ffdf2ebae877e24e9ad86ffad28b4f542922b894c0815120fc4a4b4
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /Campaign/Casino/Australia-EN/Casino-14-TY-HS/b381167682fc24f7d21b80139356c31d.static.js HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 09 Sep 2022 12:42:27 GMT
server: AmazonS3
content-encoding: br
date: Sat, 21 Jan 2023 19:41:06 GMT
etag: W/"c9f5aeeca3ad37bf2aa006139b935f0a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Joeb54bB6JpjZmpWYrc3WWy__-JYv5Man8lRYR3h-TNmtbS87Ye0dQ==
age: 9702
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88cefb6f-1c5c-4b01-a9b7-a36abdbbc20c.png | 34.120.237.76 | 200 OK | 10 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88cefb6f-1c5c-4b01-a9b7-a36abdbbc20c.png IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash884f5d7c3a0ee782d4f3fe9f16099891 1c80645a9b9879d1e4b57c546ba35131ba3c28fd a7b63d331e09518150e6d9eff0c1d80928185ed0734cf1992af7df0021b6886f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88cefb6f-1c5c-4b01-a9b7-a36abdbbc20c.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10497
x-amzn-requestid: 3bc349ba-7da8-48c8-aa90-2c48c93a023d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fnEG8mIAMFgMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c612f9-08e751fc7f0eacb43fc92712;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OklYfNWMWQdgf6QiC28Dq7wt5zr-FlQC-3NdIdsaA03HvhzwJlgGpQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 06:22:18 GMT
age: 57631
etag: "1c80645a9b9879d1e4b57c546ba35131ba3c28fd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70113ea7-c91e-43d6-831d-6e4d2bfdedd2.jpeg | 34.120.237.76 | 200 OK | 18 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70113ea7-c91e-43d6-831d-6e4d2bfdedd2.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash2e6e79a6d39c1a68916ba137d2a26bc8 008b963daf94069a9ad22e5f170e2f3569e73709 df945becb760ffae4d118bf4bd7f10e766003cf8a4134687969d0f6a47a39319
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70113ea7-c91e-43d6-831d-6e4d2bfdedd2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 18374
x-amzn-requestid: 7b64c39d-6328-4c21-884e-c35a72227396
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHN7fGzpoAMFj5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d16-78583c755c0a76b5268c879d;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:45:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jeBRrvGvpmegIpee7ux6WNGJJQ2XXXdLs91g8hX4HFr2gChsd_4GOg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:06 GMT
etag: "008b963daf94069a9ad22e5f170e2f3569e73709"
content-type: image/jpeg
age: 2083
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdc45398-1d4d-45ac-94a6-2cc6d910d8b8.jpeg | 34.120.237.76 | 200 OK | 5.2 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdc45398-1d4d-45ac-94a6-2cc6d910d8b8.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash375f2cf298e45122ca727fb63f0e5ea7 eb746e6842127741552c7dcc48e8a92193ca3075 8b5e5432f69dad1428c3a735f7a0d07823658e03befc7b6e15f6f5c3306fbaa8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdc45398-1d4d-45ac-94a6-2cc6d910d8b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5196
x-amzn-requestid: 24221211-6673-4d7b-88de-2ef8c9a62f1b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNWRFPUIAMFf-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c27-286d3bb84ad3362d615479ed;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:41:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uSVzx-rzZIDLp55bKb-12pKjPUzRGih9sIupyPYRuDQasYa7JRnWoA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:52:07 GMT
etag: "eb746e6842127741552c7dcc48e8a92193ca3075"
content-type: image/jpeg
age: 1842
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71b4fb2b-957e-4b2e-a736-8b37c06f7c95.jpeg | 34.120.237.76 | 200 OK | 14 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71b4fb2b-957e-4b2e-a736-8b37c06f7c95.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash03a13d74184595ec581932d00fc11945 656445fb81ad942ccb17044072dd7c1b4654b2c8 bed0c7c387b9e8ff3f1033f65544ce8527fa805d691ef805df01ca0dac938273
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F71b4fb2b-957e-4b2e-a736-8b37c06f7c95.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14414
x-amzn-requestid: 516b8fe5-60c2-43bd-94ad-c8f3a24476fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNWREIoIAMFxLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c27-1dba5be24b3bec7b0072e1af;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:41:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CEKO3c9DXyHiFKW1kRPjR1c7bO7WbdiD-o3EhHDRtaSZVN5dI9mVOQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:52:07 GMT
etag: "656445fb81ad942ccb17044072dd7c1b4654b2c8"
content-type: image/jpeg
age: 1842
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds | 54.230.111.17 | 200 OK | 0 B |
URL HTTP/2thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds IP54.230.111.17:0
GET /Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 18 Oct 2022 18:03:49 GMT
server: AmazonS3
content-encoding: gzip
date: Sat, 21 Jan 2023 20:24:44 GMT
etag: W/"3249ee0342db54e25486eef004b7d2b1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7byi20Bh1v1fSG-_GrXTFR8TaPUAlY-Z8es-xbtjXYoNL4g4v2fntA==
age: 7084
X-Firefox-Spdy: h2
|
|
| thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/03a2f250c19db9fd62bacac660640af3.static.css | 54.230.111.17 | 200 OK | 0 B |
URL HTTP/2thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/03a2f250c19db9fd62bacac660640af3.static.css IP54.230.111.17:0
GET /Campaign/Casino/Australia-EN/Casino-14-TY-HS/03a2f250c19db9fd62bacac660640af3.static.css HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Fri, 09 Sep 2022 12:42:47 GMT
server: AmazonS3
content-encoding: br
date: Sat, 21 Jan 2023 19:41:06 GMT
etag: W/"85f5243aa29794da8e981c44feae0346"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: s46iz04HAOjlJuPls2XGc1bNnwASMEFbe2pjTOBId-UnyTjWyw-8ag==
age: 9702
X-Firefox-Spdy: h2
|
|
| thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js | 54.230.111.17 | 200 OK | 0 B |
URL HTTP/2thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js IP54.230.111.17:0
GET /Campaign/Casino/Australia-EN/Casino-14-TY-HS/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Australia-EN/Casino-14-TY-HS/index.html?campaign.name=CPL%20-%20Phase%20I%20(RON)(CPA)(1)&lander.name=Casino-14-TY-AU&clickid=wgur3p3vdpmscm2mi3r1i990&source=d18a7026-9bf1-4f7a-a68e-d3cfd7b8c8c9&city=Mountain%20View&brand=Generic&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 09 Sep 2022 12:41:51 GMT
server: AmazonS3
content-encoding: br
date: Sat, 21 Jan 2023 19:41:06 GMT
etag: W/"221a4875f104c38145363ac8d0c34223"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: snowNKz7UTxt0OBYOl8C0aOGMpbXpP7FUoAd0wtFX8sG5PLM8yMBsg==
age: 9702
X-Firefox-Spdy: h2
|
|