Report - thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html

Report Overview

Submitted URL
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
IP
54.230.111.41
ASN
#16509 AMAZON-02
Submitted
2023-01-28 19:56:40
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
trk.thebetterdealz.com	unknown	2021-08-09T20:28:35Z	2023-03-13T01:09:27Z	517 B	414 B	18.184.38.55
region1.google-analytics.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:09:18Z	715 B	450 B	216.239.34.36
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	58 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.4 kB	8.9 kB	23.36.77.32
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350 B	865 B	54.230.245.118
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-13T05:09:21Z	428 B	2.5 kB	104.17.25.14
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	1.0 kB	2.1 kB	142.250.74.131
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	385 B	40 kB	142.250.74.168
thebetterdealss.com	unknown	2021-08-09T21:39:04Z	2023-03-13T09:13:03Z	7.4 kB	268 kB	54.230.111.17
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	395 B	32 kB	142.250.74.170
my.rtmark.net	9054	2015-02-04T10:54:57Z	2023-03-13T05:11:40Z	1.5 kB	2.7 kB	139.45.195.8
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	44.227.59.33
shaumtol.com	258042	2021-09-14T17:15:35Z	2023-03-13T06:00:36Z	985 B	16 kB	139.45.197.250

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-28 19:56:34	medium	Client IP	Internal IP	ET INFO DNS Query for Suspicious .icu Domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-28	medium	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	Phishing
2023-01-28	medium	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js	Phishing
2023-01-28	medium	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js	Phishing
2023-01-28	medium	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d2886ada8fd722e4d9460289f1b3e1f7.static.ico	Phishing
2023-01-28	medium	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-28	medium	shaumtol.com	Sinkholed
2023-01-28	medium	shaumtol.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (26)

	URL	Size	First Seen	Last Seen
	my.rtmark.net/p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8	697 B	2023-03-07	2024-02-12
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8 IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2024-02-12 05:28:00 Times Seen181 Hash c9403da8f2e07b42a7abb2ca02510847 54707a8174b1e2539eb1170b78c548a832ea2867 8c4f1df9606db3187c5b0a76d0586cfa938845ab7cfbbe65805fb21c2032ec47 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	88 B	2023-03-07	2024-04-18
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:40 Last Seen2024-04-18 08:55:45 Times Seen379 Hash ed6cf71315499a6827f20b3e13d312ad 71b272cdddcacc233e31d69df4ed7c38ba05a3d3 06bac6943b40cf25de3797e62a98c681ee26f658ef18871adb9c338d4f8c5e7c Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js	87 kB	2023-03-07	2024-04-19
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js IP 54.230.111.122 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-19 17:50:07 Times Seen61056 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	103 B	2023-03-13	2023-03-13
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:11:39 Last Seen2023-03-13 10:11:39 Times Seen1 Hash c284d1b2612d9e6116a43765b36e082c f917eb7ef4ca51b8996a59ccd01387c279eeb344 666524e9492a41b47b6e2000952f8ef58f03198cfe407cc83c31b3b48c162421 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-M7SJHXC	99 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-M7SJHXC IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:11:39 Last Seen2023-03-13 10:11:39 Times Seen1 Hash 3f41abefed14d67d88a7e5fe0559cc51 17e52813350f8db3266ac4d38d4280e603e9f638 932214bccf394a4a584df62fa9051190098143497a897ff870c4c202597252cc Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	1.0 kB	2023-03-08	2023-11-18
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:46:44 Last Seen2023-11-18 08:23:58 Times Seen9 Hash cd82efc7b3e8893c1352aebacf7f1e2d 49a1a9fd60026f0210c82ba60f2e298e44665795 56c69e31b4a5084999dc5012f3f28d7a8839a17c5925a3c407ce285ea5260b79 Loading...

	shaumtol.com/pfe/current/micro.tag.min.js?z=4492922&ymid=null&var=null&sw=/sw-check-permissions-a7c35.js	41 kB	2023-03-13	2023-03-13
Pretty URL shaumtol.com/pfe/current/micro.tag.min.js?z=4492922&ymid=null&var=null&sw=/sw-check-permissions-a7c35.js IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:25:20 Last Seen2023-03-13 18:55:01 Times Seen1 Hash 386a139211798e88764a8940c90f14b6 1c907137bc8a9f215fbc16f2a1889393bd444f57 80df95d65ab59bdffb81e65828d0fff10ed685bd8666f1666ccc1c88355e702b Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	103 B	2023-03-13	2023-03-13
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:11:39 Last Seen2023-03-13 10:11:39 Times Seen1 Hash 18c3973034e7f876483c320f462b2882 6b2f8fc014ad86c94d990c537efe807d349a2acc 207b79cacf22b4c0aba20571659a32ea9218b55d3abe36b66d77e30cd3f4a3aa Loading...

	www.googletagmanager.com/gtag/js?id=G-N55404SP04&l=dataLayer&cx=c	231 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-N55404SP04&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 10:11:39 Last Seen2023-03-13 10:11:39 Times Seen1 Hash c21d41467158ed1eeae2d067ed2024aa 865d3e32450226420c578ba8e9b73ea15abbc9dc 73c92e5df031771e83fe5f96618cd224b7da86240f26bd98f2e5ef216327c056 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	136 B	2023-03-07	2024-03-24
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:42 Last Seen2024-03-24 15:05:33 Times Seen533 Hash 96e82ebcc1bba26e17346488fdd431b1 24626aa3c03c14ff2fe20e52694acadbfca5ddba bb30099f988a6c87efcfbe186ff09863e87a3e1f5437e9ab9e224a7e934876cc Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js	81 kB	2023-03-07	2024-02-12
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js IP 54.230.111.122 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2024-02-12 05:28:00 Times Seen110 Hash 221a4875f104c38145363ac8d0c34223 9d0916090b6659bc573d3de77bcbdc6a04931824 56ef2b1864e916208271e0307629c14db9201bf91da62246dfeb9d9704b985df Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	103 B	2023-03-07	2024-02-12
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2024-02-12 05:28:00 Times Seen96 Hash c067efefe6c33d907b811d7f3ae64031 543ebbe364b0eb52d1b27e76033350e578f0514e 4d6632cfe46894c451c8b84df933ff9fc77f024b56701b814b2edb4af5799a13 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	81 B	2023-03-07	2024-04-18
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:40 Last Seen2024-04-18 08:55:45 Times Seen380 Hash c0211a10e5bdf9d68c40a31c758e1771 a1ba4ba2803ccf705fabf143a7422c5da5c67477 e1d462e0028d01b1829fdd49d99c692bcc9189772959390bb18054f14deda85e Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js	645 B	2023-03-08	2023-11-18
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js IP 54.230.111.122 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:46:44 Last Seen2023-11-18 08:23:58 Times Seen15 Hash ba05dd08407d90513d7ea64622f94fab e42b779a85d18f5df3ee6744ac719b1c92c8b26e 32810073d4833635f8add044979b297aa848543a22c3c5d24a3b07486ec21587 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	660 B	2023-03-07	2023-03-26
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2023-03-26 05:28:46 Times Seen8 Hash 8e0eb89cd27df62f894e9e00c381074c 4a5e50c2e907e58015692800833ef5c2fdaeb587 dad36e2c4afb45d8a95f3e03c3d9dec0f69c13f46bf3cfd5ed8770db70f13392 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	1.4 kB	2023-03-07	2023-03-26
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2023-03-26 05:28:46 Times Seen8 Hash 23084c6250077beda06d90124ce3b6d4 71d43ae7499905150a250e45f8be0005184ba3bf 78021c49ef94cc8d7444258ec056e679658fa4732eb85489c52b2f47024c404a Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	341 B	2023-03-09	2024-02-12
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:57:31 Last Seen2024-02-12 05:28:00 Times Seen94 Hash 236b49af207f999653913dc0551087f2 10156cf3ec139f25f5d22abc85c76a53d95acaab 8e1950892e059db14bf5b97b1b576aad84a370954b1bd1abd1090f7ecf0ec4a2 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-19 17:57:15 Times Seen259880 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	39 B	2023-03-07	2024-02-12
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2024-02-12 05:28:00 Times Seen96 Hash 1a45093d1f9187c67a3bf6d0afa34975 bfaa500c1998604b4ea205c697c548c0f253d3a5 e3e1d984b7f9536015f49da7efa7e18240be98e6c195fe71546e9bcf00c1ca93 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	40 B	2023-03-07	2024-03-03
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:14:12 Last Seen2024-03-03 01:26:32 Times Seen301 Hash c908e839697a159f578392b7120a32e6 3177107843b3eb502c5f1c3bc4bda8dd2c4fe2f6 36780db9d5ede0c49775774fd5654f46212440322b1dd8e7d6d83d5bb8547f52 Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	79 B	2023-03-07	2024-04-18
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:40 Last Seen2024-04-18 08:55:45 Times Seen378 Hash 330cb3e23d95121bd55d849997798301 ac065eea17a1fe8f68bf72a5645acdffab3105b5 02edff9349933e1f564c6cad886e0eed218cf96d3b43a390735e2e6084bbc22c Loading...

	thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html	822 B	2023-03-07	2024-02-12
Pretty URL thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html IP 54.230.111.17 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:54:04 Last Seen2024-02-12 05:28:00 Times Seen96 Hash b97d7f47f2911874af688e6e2ede8352 5a4b2280a41d2336f08429e8893c977e2b5a9ccf c3bd6903d4aec63ca04f85055acb71ad0305e4a01d104c1e3460afd6bd430c4a Loading...

		Size	First Seen	Last Seen
	#1 Eval - dae00eef1ea1a29c56b6461026df895b	80 B	2023-03-07	2024-02-12
Pretty Observations First Seen2023-03-07 14:54:04 Last Seen2024-02-12 05:28:00 Times Seen95 Hash dae00eef1ea1a29c56b6461026df895b c0a1942ef7294ad4a98720e1872929ec6995f2b8 6dab1be67891087e84cbef1e2970cbb2d460c9c676e41b2b03c2be0942d1ceb3 Loading...

	#2 Eval - 29b58cc8afdb9c87c2870c2e20f05ecd	80 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 10:11:39 Last Seen2023-03-13 10:11:39 Times Seen1 Hash 29b58cc8afdb9c87c2870c2e20f05ecd faf9e633552a940086f0cc21187989b415f509d7 cedbac8b896ad5b28d0c0135bf78a83d1f5897fba54a8a936d875d2c1e04de83 Loading...

	#3 Eval - fa1ea9cc40ea42c265ac3b0423c97738	80 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 10:11:39 Last Seen2023-03-13 10:11:39 Times Seen1 Hash fa1ea9cc40ea42c265ac3b0423c97738 55debb4137867004504a8c5eb16b5cfedf4f196c 88ef9928cee2af8d3b85a2e50d5affff45461e6f637de01ea2da487df22e86e4 Loading...

		Size	First Seen	Last Seen
	#1 Write - d41d8cd98f00b204e9800998ecf8427e	0 B	2023-03-07	2024-04-19
Pretty Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 18:02:36 Times Seen36965157 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (49)

URL IP Response Size

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html

54.230.111.17

301 Moved Permanently

167 B

URL HTTP/1.1
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
IP
54.230.111.17:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sat, 28 Jan 2023 19:56:29 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
X-Cache: Redirect from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: y-x3kMd1tCGyhf9xaBbf7evyHC8_PdKfWRV6tbGAZILsMfKUnHo0kg==

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10885
Expires: Sat, 28 Jan 2023 22:57:54 GMT
Date: Sat, 28 Jan 2023 19:56:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8427
Expires: Sat, 28 Jan 2023 22:16:56 GMT
Date: Sat, 28 Jan 2023 19:56:29 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 19:43:06 GMT
content-type: application/json
age: 803
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4976
Expires: Sat, 28 Jan 2023 21:19:25 GMT
Date: Sat, 28 Jan 2023 19:56:29 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 2wv2hrQJfmGMbdfRlqDvqhF3Hm7wjDMxZz3HK9w3HPYqpDwThdQN8hcKlWlxynxgXOvA21SH8T5B+lNfxd19CA==
x-amz-request-id: J4R32BVHMPZ7E61S
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 19:50:02 GMT
age: 387
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 19:56:29 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
8c138356c486327ac13f355ecf170032
e0eafd65508734d35275c615ced4a7b3e8a02e22
d2cf42e2c1b98e4aed5dd16cad5668dee9e9044db693855174a1738ba4d06e59

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 28 Jan 2023 19:56:29 GMT
Server: ECS (dcb/7ECA)
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: HUY8YLdtEp1f6_HdQrc8nSewP9mpai9V13VCZodYdlecGiRMOz0MNg==

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 19:49:03 GMT
age: 447
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9275
Expires: Sat, 28 Jan 2023 22:31:05 GMT
Date: Sat, 28 Jan 2023 19:56:30 GMT
Connection: keep-alive

cdnjs.cloudflare.com/ajax/libs/froala-editor/2.8.5/css/froala_style.min.css

104.17.25.14

200 OK

1.4 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/froala-editor/2.8.5/css/froala_style.min.css
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (7048)
Size
1.4 kB (1380 bytes)
Hash
aa3b4ed7478b3a40f2409188a0c9fdab
1b4efc2536689dde7205f6eb81766b6ad54ada8f
80db261e2480e9541813923e022ea7d0dceece776b3aa606216545a1ba272d26

HTTP Headers

GET /ajax/libs/froala-editor/2.8.5/css/froala_style.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 28 Jan 2023 19:56:30 GMT
content-type: text/css; charset=utf-8
content-length: 1380
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e6a-1c28"
last-modified: Mon, 04 May 2020 16:10:18 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 20222654
expires: Thu, 18 Jan 2024 19:56:30 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6mcx%2BSGM7AlUxpHmsHzcxo%2BQ06KDwMcz2n5Q0OBuoyh1rT88hS5nAUA%2F6sk75DIhNbvXdu6KSIkbQihDnf02AkCU0yrgi3Rki8VL1%2B8jdnNquPSeXnz9omXL%2BLa7LHqaEU2n4zAY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 790c4ab11d9db527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js

54.230.111.122

200 OK

645 B

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
645 B (645 bytes)
Hash
ba05dd08407d90513d7ea64622f94fab
e42b779a85d18f5df3ee6744ac719b1c92c8b26e
32810073d4833635f8add044979b297aa848543a22c3c5d24a3b07486ec21587

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
content-length: 645
x-amz-meta-origin-date-iso8601: 2022-01-14T21:00:11.083Z
last-modified: Fri, 13 May 2022 18:57:22 GMT
server: AmazonS3
date: Sat, 28 Jan 2023 14:08:29 GMT
etag: "ba05dd08407d90513d7ea64622f94fab"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5oHlA0QwM-pgeTKLk-3K1vOYymCMoNOXKK97xGI4dySOPCKR__KEPw==
age: 20882
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/leovegas-casino.png

54.230.111.122

200 OK

25 kB

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/leovegas-casino.png
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type
PNG image data, 394 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
25 kB (25160 bytes)
Hash
6c70312463ee3dcd7b3ad7d71260f0f2
e3e9a5f85076a182b19474c10314abae656e187b
a855f233fbeba18164fdf39dfb454b29fa147af0de581a167691e081a7c8e9c1

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/leovegas-casino.png HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 25160
x-amz-meta-origin-date-iso8601: 2021-10-12T07:24:34.244Z
last-modified: Fri, 13 May 2022 18:57:25 GMT
server: AmazonS3
date: Sat, 28 Jan 2023 14:08:29 GMT
etag: "6c70312463ee3dcd7b3ad7d71260f0f2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bt_KJ6XUBMfoCf7CdJMXCUwfn1jDdjCmqGvzmbTj0m6qLojG7CZHaA==
age: 20882
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d846b391ab89ca16fda20d187927d0a0.static.png

54.230.111.122

200 OK

2.2 kB

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d846b391ab89ca16fda20d187927d0a0.static.png
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type
PNG image data, 265 x 133, 8-bit colormap, non-interlaced\012- data
Size
2.2 kB (2249 bytes)
Hash
46d3b5e50a1c32641e6a1d75edb1a0ee
7241d2bd02093af81f2bc5e47c3980d7530ebe6f
8ce56b652e2fbac94f83d2b6df6ee621e9c4f298eefe4a92c53dda2dbfe744d4

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/d846b391ab89ca16fda20d187927d0a0.static.png HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 2249
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:36.000Z
last-modified: Fri, 13 May 2022 18:57:17 GMT
server: AmazonS3
date: Sat, 28 Jan 2023 14:08:29 GMT
etag: "46d3b5e50a1c32641e6a1d75edb1a0ee"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: l4xqazSf5subqncZ87siG-ZOXhme-nHMegq6K3YK653AFymixz4CVg==
age: 20882
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/562b1a8e5aab3041b04ffe62c956ca5f.static.png

54.230.111.122

200 OK

119 kB

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/562b1a8e5aab3041b04ffe62c956ca5f.static.png
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
119 kB (118696 bytes)
Hash
5e81ef327f6ce63e76742ef5b890d99f
6ebcf6b775c0ef4b5aa157b53872cde5ef87be27
e76f6a31d1bac8cbdca494b6c27ea2c9b64dcd320d09c179c159378d55356aee

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/562b1a8e5aab3041b04ffe62c956ca5f.static.png HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 118696
x-amz-meta-origin-date-iso8601: 2022-01-14T19:54:30.840Z
last-modified: Fri, 13 May 2022 18:57:31 GMT
server: AmazonS3
date: Sat, 28 Jan 2023 14:08:29 GMT
etag: "5e81ef327f6ce63e76742ef5b890d99f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rQcQm0TwlagHiqYbS6tz25JJnGLSbiZhYhiA_hzDpB-1_iMyYe_PpQ==
age: 20882
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bab8a4c1e6bb2e6c9cc00222eef1235d
1a5dd108e9f9aaf33bc048b0097a9f510d295cad
fd182297a143655a9142e3ee5bbafefd76ca974094f43fb695611f6876f3ab63

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 19:56:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js

54.230.111.122

200 OK

26 kB

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (25828 bytes)
Hash
faf7222a023c6cf98dc8500d841385ee
f1982e3f96009de81856dfc1e9f35ff7636d7208
4236671d990d1ce2b068d2d558c88cdc72b880357e2d5c4b7679e19bab9e8b5a

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:36.000Z
last-modified: Fri, 13 May 2022 18:57:38 GMT
server: AmazonS3
content-encoding: br
date: Sat, 28 Jan 2023 10:25:49 GMT
etag: W/"221a4875f104c38145363ac8d0c34223"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: knYOoiNbZFxb4GJxGGkOMuQm1BN91Tp8Q4A2eJxuhawlbISvo_j_6g==
age: 34242
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 19:56:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-M7SJHXC

142.250.74.168

200 OK

39 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-M7SJHXC
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1759)
Size
39 kB (38992 bytes)
Hash
2755d0c7ef9e0af7a06d53ee5ac6ca55
68b14a649c4752b41507cbf9dd962be630572110
c0bb87e894f4cc8030820e6fe1caca583dfc69d90ad232248c5fa5f9afb79025

HTTP Headers

GET /gtm.js?id=GTM-M7SJHXC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Jan 2023 19:56:30 GMT
expires: Sat, 28 Jan 2023 19:56:30 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Jan 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 38992
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=prerequest

54.230.111.122

403 Forbidden

1.1 kB

URL HTTP/2
thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=prerequest
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1053 bytes)
Hash
9041080bf58c4d659f578fb13dc247a6
2b48d0f48780b29ff1ea7c78e3b09b1c7ed54a92
f67edf3ba11eda4beef68911ca6ce5fcea27b1507975f635235e42a31796c3a7

HTTP Headers

POST /zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thebetterdealss.com
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 403 Forbidden
server: CloudFront
date: Sat, 28 Jan 2023 19:56:30 GMT
content-type: text/html
content-length: 1053
x-cache: Error from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: H8XU2yxgRRn5GirnO1AUdZp-EpAbBBrr66h4aDpPiaSom6ww3GpLEg==
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.170

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65447)
Size
31 kB (31017 bytes)
Hash
7808e0e4b7a714230373852158500533
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 01:41:04 GMT
expires: Sat, 27 Jan 2024 01:41:04 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
age: 152126
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

my.rtmark.net/p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8

139.45.195.8

200 OK

697 B

URL HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
ASCII text
Size
697 B (697 bytes)
Hash
c9403da8f2e07b42a7abb2ca02510847
54707a8174b1e2539eb1170b78c548a832ea2867
8c4f1df9606db3187c5b0a76d0586cfa938845ab7cfbbe65805fb21c2032ec47

HTTP Headers

GET /p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 19:56:30 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js

54.230.111.122

200 OK

30 kB

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (32058)
Size
30 kB (30233 bytes)
Hash
fcafa25702bb8ff627d7b8b9dcd1845d
cc3ef1a19b6ba497b9893dfcc120c3e89c138aa6
d4897ae4d269070e9f6c37f0f1d2b07a333df68121e6583ded535312fe9bc4c8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:36.000Z
last-modified: Fri, 13 May 2022 18:57:20 GMT
server: AmazonS3
content-encoding: br
date: Fri, 27 Jan 2023 23:17:33 GMT
etag: W/"c9f5aeeca3ad37bf2aa006139b935f0a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: AGSbuyRyPHF9DpBxd8T9ldTqOtVnLCtDCsvojQBeVbKF1EoGrykUag==
age: 74338
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8c630e9bbc930d1c367efa81b67be3f7
ec536695531d40a813d99a06271c7c2d698d51d3
39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 19:56:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/in_css_34d506b688dd263f9470dc2315529716.static.jpg

54.230.111.122

200 OK

56 kB

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/in_css_34d506b688dd263f9470dc2315529716.static.jpg
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size
56 kB (56400 bytes)
Hash
daed3767de815d8c15505c86b978dfbf
2e238bd17a590a987f15c6762185b7e3e58e048e
2596ca41818504ef1d96465d290b129676e812d8b3b09e1b731a690d8d35af50

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/in_css_34d506b688dd263f9470dc2315529716.static.jpg HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/03a2f250c19db9fd62bacac660640af3.static.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 56400
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:38.000Z
last-modified: Fri, 13 May 2022 18:57:37 GMT
server: AmazonS3
date: Sat, 28 Jan 2023 14:08:29 GMT
etag: "daed3767de815d8c15505c86b978dfbf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iGoToUna0srFowVO-hX5DY5vquACMDmArEgTZ0nOifIOEq0dxTqnmg==
age: 20882
X-Firefox-Spdy: h2

push.services.mozilla.com/

44.227.59.33

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.227.59.33:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: k1fW4PQM7XWXHXB89vWe+g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TbInZN+LTf6uaMmT9u6jdTbcpjU=

my.rtmark.net/gid.js?pub=0&userId=&zoneId=4495707&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4495707&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
0a0223441a55e45573185b933df14e4b
94b70874b1fdf18c4a38f2d0d8d64cc54efe1796
b1f55949385bf588fce1883091b246d0e44bd53f12c2ef1bc2feeb22f14d6460

HTTP Headers

GET /gid.js?pub=0&userId=&zoneId=4495707&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thebetterdealss.com/
Origin: https://thebetterdealss.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 19:56:30 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://thebetterdealss.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=983594cdd55643cd85524126802ba815; expires=Sun, 28 Jan 2024 19:56:30 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc677e0d0a71798f79e49395bb22f922
7d5cc0c49ebc9a31261b9e6659080c854ca19e30
2a5c740f71f7b735b629e38df966a84173fcf9afe635f004705eb32defaecd4b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A5C740F71F7B735B629E38DF966A84173FCF9AFE635F004705EB32DEFAECD4B"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11972
Expires: Sat, 28 Jan 2023 23:16:02 GMT
Date: Sat, 28 Jan 2023 19:56:30 GMT
Connection: keep-alive

thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=settings

54.230.111.122

404 Not Found

809 B

URL HTTP/2
thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=settings
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
809 B (809 bytes)
Hash
a2d9253fb772384c3019e2ecc3e9e32f
4b8918f726ada95a50218b229ddfa2ad2b4e9288
f3bd8f754d9f8b808694ac7175a5001587bd0b5d73e1ef0792fe467831ad6bac

HTTP Headers

GET /zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=settings HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html
content-length: 809
last-modified: Mon, 17 Oct 2022 17:21:55 GMT
etag: "a2d9253fb772384c3019e2ecc3e9e32f"
x-amz-error-code: NoSuchKey
x-amz-error-message: The specified key does not exist.
x-amz-error-detail-key: zone
date: Sat, 28 Jan 2023 19:56:30 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: td_WWJW3bc81Hh8I8_X37FiLHe8WW__9B8p8xAQutU02TiQyu8Q3zA==
X-Firefox-Spdy: h2

shaumtol.com/zone?&pub=0&zone_id=4492922&is_mobile=false&domain=thebetterdealss.com&var=null&ymid=null&var_3=&dsig=&action=prerequest

139.45.197.250

200 OK

0 B

URL HTTP/2
shaumtol.com/zone?&pub=0&zone_id=4492922&is_mobile=false&domain=thebetterdealss.com&var=null&ymid=null&var_3=&dsig=&action=prerequest
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=4492922&is_mobile=false&domain=thebetterdealss.com&var=null&ymid=null&var_3=&dsig=&action=prerequest HTTP/1.1
Host: shaumtol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thebetterdealss.com
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 19:56:30 GMT
content-length: 0
x-trace-id: 10c173e094b1868a639ffbd2ca541954
access-control-allow-origin: https://thebetterdealss.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

shaumtol.com/pfe/current/micro.tag.min.js?z=4492922&ymid=null&var=null&sw=/sw-check-permissions-a7c35.js

139.45.197.250

200 OK

15 kB

URL HTTP/2
shaumtol.com/pfe/current/micro.tag.min.js?z=4492922&ymid=null&var=null&sw=/sw-check-permissions-a7c35.js
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
data
Size
15 kB (14999 bytes)
Hash
0388c37350b348de734b5fa6257422fc
76203a41541b5654340d7d1771eae8690fb368d3
aebbe764b7eb376fcfbc07b0edfe8e0c9851b247fb30a53f9b057df551dd861c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=4492922&ymid=null&var=null&sw=/sw-check-permissions-a7c35.js HTTP/1.1
Host: shaumtol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 19:56:30 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-a083"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

trk.thebetterdealz.com/d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%23&lpt=DAILY%20JACKPOTS!&t=1674935794629

18.184.38.55

400 Bad Request

152 B

URL HTTP/2
trk.thebetterdealz.com/d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%23&lpt=DAILY%20JACKPOTS!&t=1674935794629
IP
18.184.38.55:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Size
152 B (152 bytes)
Hash
d9bacc468aa23334526933389545e120
e26288b4bada404ce340ca72989f9f1193dc649c
0605685efb44dd3decd77517436c575731b61f807247587de67080c579ffa2d4

HTTP Headers

GET /d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%23&lpt=DAILY%20JACKPOTS!&t=1674935794629 HTTP/1.1
Host: trk.thebetterdealz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 400 Bad Request
server: nginx
date: Sat, 28 Jan 2023 19:56:30 GMT
content-type: text/html
content-length: 152
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d2886ada8fd722e4d9460289f1b3e1f7.static.ico

54.230.111.122

200 OK

198 B

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d2886ada8fd722e4d9460289f1b3e1f7.static.ico
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type
MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Size
198 B (198 bytes)
Hash
c6acedaff906029fc5455d9ec52c7f42
92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/d2886ada8fd722e4d9460289f1b3e1f7.static.ico HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
Cookie: _ga_N55404SP04=GS1.1.1674935794.1.0.1674935794.0.0.0; _ga=GA1.1.90130232.1674935795
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/x-icon
content-length: 198
date: Sat, 28 Jan 2023 19:56:31 GMT
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:36.000Z
last-modified: Fri, 13 May 2022 18:57:27 GMT
etag: "c6acedaff906029fc5455d9ec52c7f42"
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: oQIfEqV5tfQ2zKST0rhdkig27GwTVx_hGNbq6df1Dp0njh5KIgR2IA==
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=sync&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8&ttl=&rurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%23

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=sync&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8&ttl=&rurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%23
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8&ttl=&rurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%23 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Cookie: ID=983594cdd55643cd85524126802ba815
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 19:56:31 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=983594cdd55643cd85524126802ba815; expires=Sun, 28 Jan 2024 19:56:31 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-N55404SP04&gtm=2oe1p0&_p=1332964966&cid=90130232.1674935795&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674935794&sct=1&seg=0&dl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html&dt=DAILY%20JACKPOTS!&en=page_view&_fv=1&_nsi=1&_ss=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-N55404SP04&gtm=2oe1p0&_p=1332964966&cid=90130232.1674935795&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674935794&sct=1&seg=0&dl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html&dt=DAILY%20JACKPOTS!&en=page_view&_fv=1&_nsi=1&_ss=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-N55404SP04&gtm=2oe1p0&_p=1332964966&cid=90130232.1674935795&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674935794&sct=1&seg=0&dl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html&dt=DAILY%20JACKPOTS!&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thebetterdealss.com
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://thebetterdealss.com
date: Sat, 28 Jan 2023 19:56:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5080
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 19:56:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5080
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 19:56:32 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2999
Expires: Sat, 28 Jan 2023 20:46:31 GMT
Date: Sat, 28 Jan 2023 19:56:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5080
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 19:56:32 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4475 bytes)
Hash
4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 79186
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5080
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 19:56:32 GMT
Connection: keep-alive

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13375 bytes)
Hash
b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: otEuPlfCL7DeVwGZiGJuMjxjVyGdMwxPWeCz5T_mpXboi-oRujKhBw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 79654
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7585 bytes)
Hash
ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 76219
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (4975 bytes)
Hash
c982569d070f24dba1259603091c22e3
0f93acb5bee53670cc4ef486922f7333d96a2f4e
9a5a2d8a181a763ee6f60c27b396a0e3d7b1527e5177b2aff8d511db250753ed

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4975
x-amzn-requestid: 633350b7-4686-40d5-8c9d-3c097f8e2d34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EBGuaoAMFbSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b3-4201212c1a0eb2a65d3f494c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: M4VR-I89SGD0-FLzHhZ88PJJJmdWTEi0UrBnAmCBCQAdjRsssqnSzw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:49:06 GMT
age: 79646
etag: "0f93acb5bee53670cc4ef486922f7333d96a2f4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8b9b454-0728-4fe3-a661-33c8205e00c2.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9758 bytes)
Hash
3516e6446944e35557bee1c66fcb46ba
a2930481e12b2faf871267a0ee1166ee05b1a168
c19bf7db6637169a0def1e7ba1f1cc675cec38f190a1d41a4b970f2f31a75549

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8b9b454-0728-4fe3-a661-33c8205e00c2.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9758
x-amzn-requestid: e80bf4a2-5fb6-4b21-8570-9d8bf72bc65f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T5EgAoAMFSsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-106eca49521af490104019bb;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: wmGlLHXvIs6iskEqfrqN09vwMpRlMKF-mukahEyeYRWC8WbnOmk4Hw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:37 GMT
etag: "a2930481e12b2faf871267a0ee1166ee05b1a168"
content-type: image/jpeg
age: 79195
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11568 bytes)
Hash
b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 23:03:41 GMT
age: 75171
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/03a2f250c19db9fd62bacac660640af3.static.css

54.230.111.122

200 OK

0 B

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/03a2f250c19db9fd62bacac660640af3.static.css
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/03a2f250c19db9fd62bacac660640af3.static.css HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:38.000Z
last-modified: Fri, 13 May 2022 18:57:34 GMT
server: AmazonS3
content-encoding: br
date: Sat, 28 Jan 2023 10:25:49 GMT
etag: W/"85f5243aa29794da8e981c44feae0346"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mVDOzrDxkBRW2V-4Rd2_x-KRqYjOEEUkrij6wFUIIUvMw41zqLmanw==
age: 34242
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/ae50ba77acae77ced1d303cb70026f9b.static.css

54.230.111.122

200 OK

0 B

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/ae50ba77acae77ced1d303cb70026f9b.static.css
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/ae50ba77acae77ced1d303cb70026f9b.static.css HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:38.000Z
last-modified: Fri, 13 May 2022 18:57:31 GMT
server: AmazonS3
content-encoding: br
date: Sat, 28 Jan 2023 10:25:49 GMT
etag: W/"ec3bb52a00e176a7181d454dffaea219"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2udLDGV-a4katzNJLWIZ1Sm2NRlNcUNId7h4LTAW_dQkDDJaCtP1Lw==
age: 34242
X-Firefox-Spdy: h2

thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html

54.230.111.122

200 OK

0 B

URL HTTP/2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 18 Oct 2022 18:00:27 GMT
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 07:01:38 GMT
etag: W/"b9d3ed57df0497e021c8ad0c049aa136"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tySWAVfP0skBe093SKBnd2ZE8ByT5tfuc_p5auZgJwq9O6NYJexL6w==
age: 46493
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML