trk.thebetterdealz.com/a4357edf-2fdd-4c0c-ae4b-fe2e188219c3
302 0 B URL HTTP/1.1 trk.thebetterdealz.com/a4357edf-2fdd-4c0c-ae4b-fe2e188219c3
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /a4357edf-2fdd-4c0c-ae4b-fe2e188219c3 HTTP/1.1
Host: trk.thebetterdealz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Server: nginx
Date: Sat, 28 Jan 2023 15:56:08 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Pragma: no-cache
Set-Cookie: a4357edf-2fdd-4c0c-ae4b-fe2e188219c3-v4=bZbTcG7il0U58bJyrZo0T3SBKDxs4vlQvHtzw7rOIUw; Max-Age=86400; Expires=Sun, 29-Jan-2023 15:56:08 GMT; Domain=trk.thebetterdealz.com; Path=/; HttpOnly
cc-v4=idrxj1x0ZQlHXK2yc33yMgknr0tyQheur24BJlpcxV6uK6A1pkaUDmMG2s3%2FuSqqUp7K60k%2FFIn4H%2BIe0PO5DGwoHNyD8y50KHdr6aQsx3CfcCqoxFxVY%2B1hAJ7Yl52z1yriwrGdEbiEFvq9Qf%2BFVQ%3D%3D; Max-Age=31536000; Expires=Sun, 28-Jan-2024 15:56:08 GMT; Domain=trk.thebetterdealz.com; Path=/; HttpOnly
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5962
Expires: Sat, 28 Jan 2023 17:35:30 GMT
Date: Sat, 28 Jan 2023 15:56:08 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5857
Expires: Sat, 28 Jan 2023 17:33:45 GMT
Date: Sat, 28 Jan 2023 15:56:08 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9407
Expires: Sat, 28 Jan 2023 18:32:55 GMT
Date: Sat, 28 Jan 2023 15:56:08 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 15:35:30 GMT
content-type: application/json
age: 1238
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 5J4W3rvwYybbfwmpsmgNAxl/Qgq6b77n6WA7UsXMp5INisiAWW8YAJuIsOzrcI/tI97NPV5V2v8=
x-amz-request-id: 08RGB6YWEKS4J9SC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 15:49:57 GMT
age: 371
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 15:56:08 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 8c138356c486327ac13f355ecf170032
e0eafd65508734d35275c615ced4a7b3e8a02e22
d2cf42e2c1b98e4aed5dd16cad5668dee9e9044db693855174a1738ba4d06e59
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=117672
Date: Sat, 28 Jan 2023 15:56:09 GMT
Etag: "63d46e41-1d7"
Expires: Mon, 30 Jan 2023 00:37:21 GMT
Last-Modified: Sat, 28 Jan 2023 00:37:21 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yy7nzs5A5nBEsuCvtstTynx_B1xP8K06weQ84UKedGUyPa50VZHFQw==
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 15:49:03 GMT
age: 426
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4264
Expires: Sat, 28 Jan 2023 17:07:13 GMT
Date: Sat, 28 Jan 2023 15:56:09 GMT
Connection: keep-alive
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js
200 OK 645 B URL HTTP/2 thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js
IP
Hash ba05dd08407d90513d7ea64622f94fab
e42b779a85d18f5df3ee6744ac719b1c92c8b26e
32810073d4833635f8add044979b297aa848543a22c3c5d24a3b07486ec21587
Analyzer Verdict Alert fortinet Phishing
GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/4c0948bf4f4c9251986ffd7516631834.static.js HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
content-length: 645
x-amz-meta-origin-date-iso8601: 2022-01-14T21:00:11.083Z
last-modified: Fri, 13 May 2022 18:57:22 GMT
server: AmazonS3
date: Sat, 28 Jan 2023 15:56:09 GMT
etag: "ba05dd08407d90513d7ea64622f94fab"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: l1vae-0p3liDK370697gpQ9CQdQ7Sfw85zCEpsTpvT2nTTecahiVxQ==
age: 6461
X-Firefox-Spdy: h2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/leovegas-casino.png
200 OK 25 kB URL HTTP/2 thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/leovegas-casino.png
IP
File type PNG image data, 394 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 6c70312463ee3dcd7b3ad7d71260f0f2
e3e9a5f85076a182b19474c10314abae656e187b
a855f233fbeba18164fdf39dfb454b29fa147af0de581a167691e081a7c8e9c1
GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/leovegas-casino.png HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 25160
x-amz-meta-origin-date-iso8601: 2021-10-12T07:24:34.244Z
last-modified: Fri, 13 May 2022 18:57:25 GMT
server: AmazonS3
date: Sat, 28 Jan 2023 15:56:09 GMT
etag: "6c70312463ee3dcd7b3ad7d71260f0f2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IPsnUqANqfNcwhTyVHbd3NgahgqpTQmSA9pvhZnj040iISqtH8fXHw==
age: 6461
X-Firefox-Spdy: h2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/562b1a8e5aab3041b04ffe62c956ca5f.static.png
200 OK 119 kB URL HTTP/2 thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/562b1a8e5aab3041b04ffe62c956ca5f.static.png
IP
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size 119 kB (118696 bytes)
Hash 5e81ef327f6ce63e76742ef5b890d99f
6ebcf6b775c0ef4b5aa157b53872cde5ef87be27
e76f6a31d1bac8cbdca494b6c27ea2c9b64dcd320d09c179c159378d55356aee
GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/562b1a8e5aab3041b04ffe62c956ca5f.static.png HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 118696
x-amz-meta-origin-date-iso8601: 2022-01-14T19:54:30.840Z
last-modified: Fri, 13 May 2022 18:57:31 GMT
server: AmazonS3
date: Sat, 28 Jan 2023 15:56:09 GMT
etag: "5e81ef327f6ce63e76742ef5b890d99f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UCcMjJn5fO07xA9P9cM34DhSxy91xK22HKcA6yzUQM9doI2G5fYiLw==
age: 6461
X-Firefox-Spdy: h2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d846b391ab89ca16fda20d187927d0a0.static.png
200 OK 2.2 kB URL HTTP/2 thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d846b391ab89ca16fda20d187927d0a0.static.png
IP
File type PNG image data, 265 x 133, 8-bit colormap, non-interlaced\012- data
Hash 46d3b5e50a1c32641e6a1d75edb1a0ee
7241d2bd02093af81f2bc5e47c3980d7530ebe6f
8ce56b652e2fbac94f83d2b6df6ee621e9c4f298eefe4a92c53dda2dbfe744d4
GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/d846b391ab89ca16fda20d187927d0a0.static.png HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 2249
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:36.000Z
last-modified: Fri, 13 May 2022 18:57:17 GMT
server: AmazonS3
date: Sat, 28 Jan 2023 15:56:09 GMT
etag: "46d3b5e50a1c32641e6a1d75edb1a0ee"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VkvPh_t8j-oDGt_YATByUM2Z_bYehi2C7YXd2jjP3DtlA5lS5QIOTw==
age: 6461
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/froala-editor/2.8.5/css/froala_style.min.css
200 OK 1.4 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/froala-editor/2.8.5/css/froala_style.min.css
IP
File type ASCII text, with very long lines (7048)
Hash aa3b4ed7478b3a40f2409188a0c9fdab
1b4efc2536689dde7205f6eb81766b6ad54ada8f
80db261e2480e9541813923e022ea7d0dceece776b3aa606216545a1ba272d26
GET /ajax/libs/froala-editor/2.8.5/css/froala_style.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 15:56:09 GMT
content-type: text/css; charset=utf-8
content-length: 1380
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e6a-1c28"
last-modified: Mon, 04 May 2020 16:10:18 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 20208233
expires: Thu, 18 Jan 2024 15:56:09 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=84CjXLrdC%2FAGC8TssdkdhVPiXtFKZPyuM2L%2BSHGJUqdU%2BoGYo84LVI1FH2lKEEs56Bia56o3W4w4L6hO50ACGh%2FmjoCzYBpuGm7l%2BvycX1%2Fkc7xHNefJcyq1VBGs9%2BKh4x8MIjc7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 790aea9fecb51c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2c4380697a101b67d9f8edb80bbe917c
d031ccb76ff8aeef9f80594b3ac3a7117e1ad05d
92fcb57afd01dbdc56cdd37ff2ebfb8807a286936093b1a863d334a3826aceb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92FCB57AFD01DBDC56CDD37FF2EBFB8807A286936093B1A863D334A3826ACEB3"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2717
Expires: Sat, 28 Jan 2023 16:41:26 GMT
Date: Sat, 28 Jan 2023 15:56:09 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash bab8a4c1e6bb2e6c9cc00222eef1235d
1a5dd108e9f9aaf33bc048b0097a9f510d295cad
fd182297a143655a9142e3ee5bbafefd76ca974094f43fb695611f6876f3ab63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 15:56:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js
200 OK 26 kB URL HTTP/2 thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash b3f442059fddb339c4265c876d2d7680
9f7fb3f92cc78913c805018e9fbec1227c4c792c
31bee507a3165ff72d255944e3362c6556e0d0f7d39e9fb98ac4ca4130402828
GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/f25504e7888a55c8f51cf4674240e55f.static.js?z=4495707&sw=/sw-check-permissions-3a841.js HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:36.000Z
last-modified: Fri, 13 May 2022 18:57:38 GMT
server: AmazonS3
content-encoding: br
date: Sat, 28 Jan 2023 15:56:09 GMT
etag: W/"221a4875f104c38145363ac8d0c34223"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lXLliZbmJPHfqlPR_KaIPPTR5DlH_ag0jsYwZr2nrHd57crmHZ0vYA==
age: 19821
X-Firefox-Spdy: h2
thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=prerequest
403 Forbidden 1.1 kB URL HTTP/2 thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=prerequest
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1ccc44750d863d370a06c027307e78c7
b380ef886525b7a122dc5d31d5f066e9ab763551
f4f097cbaab58ae71f11bacc821618bfda42b489f50227c654928157edbf6cba
POST /zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thebetterdealss.com
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 403 Forbidden
server: CloudFront
date: Sat, 28 Jan 2023 15:56:09 GMT
content-type: text/html
content-length: 1053
x-cache: Error from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Q1wyIKFFKHyVrnZe20wlLqtlMeqTtSfs_EcxmZlttawO2wvQp6ySTQ==
X-Firefox-Spdy: h2
my.rtmark.net/p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8
200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8
IP
Hash c9403da8f2e07b42a7abb2ca02510847
54707a8174b1e2539eb1170b78c548a832ea2867
8c4f1df9606db3187c5b0a76d0586cfa938845ab7cfbbe65805fb21c2032ec47
GET /p.js?f=sync&lr=1&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 15:56:09 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
File type ASCII text, with very long lines (65447)
Hash 7808e0e4b7a714230373852158500533
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054
GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 01:41:04 GMT
expires: Sat, 27 Jan 2024 01:41:04 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
age: 137705
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-M7SJHXC
200 OK 39 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-M7SJHXC
IP
File type ASCII text, with very long lines (1759)
Hash ea2c0293b391aba4cbf57019dbc22377
ea9f56768566935765c7b2485db11c7050fda215
6f0689e254686c785518f5bc51459f893395c4074b65941d6a63cc3575484e13
GET /gtm.js?id=GTM-M7SJHXC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Jan 2023 15:56:09 GMT
expires: Sat, 28 Jan 2023 15:56:09 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Jan 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 38988
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/in_css_34d506b688dd263f9470dc2315529716.static.jpg
200 OK 56 kB URL HTTP/2 thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/in_css_34d506b688dd263f9470dc2315529716.static.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Hash daed3767de815d8c15505c86b978dfbf
2e238bd17a590a987f15c6762185b7e3e58e048e
2596ca41818504ef1d96465d290b129676e812d8b3b09e1b731a690d8d35af50
GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/in_css_34d506b688dd263f9470dc2315529716.static.jpg HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/03a2f250c19db9fd62bacac660640af3.static.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 56400
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:38.000Z
last-modified: Fri, 13 May 2022 18:57:37 GMT
server: AmazonS3
date: Sat, 28 Jan 2023 15:56:09 GMT
etag: "daed3767de815d8c15505c86b978dfbf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CCzj49x8mGTTHHwOZd3eldRkEHczF-tW4S7evTz6c5rrMIhEQQyuvQ==
age: 6461
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 15:56:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 15:56:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
my.rtmark.net/gid.js?pub=0&userId=&zoneId=4495707&checkDuplicate=true&ymid=&var=
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=&zoneId=4495707&checkDuplicate=true&ymid=&var=
IP
File type JSON data\012- , ASCII text
Hash e577bb771e025651fabe1d30727b68f1
964427823a82b2e200f0690aec01b07d2ecaeb73
4ef4d91b443852ae17de8254d80aecf376c10404ad09d88b828d43e4d7b2e598
GET /gid.js?pub=0&userId=&zoneId=4495707&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thebetterdealss.com/
Origin: https://thebetterdealss.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 15:56:09 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://thebetterdealss.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=38c262e1c9e742f19ba11c944a4c596e; expires=Sun, 28 Jan 2024 15:56:09 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ye6MKvi5V122egfdvzyYMw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ROi50S0+f0/be7W+oaClFEOaydw=
trk.thebetterdealz.com/d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520%2528WL%2529%2528CPA%2529%25282%2529%26lander.name%3DCasino-14-TY-3%26clickid%3Dwn09duq7ldm1jn7m23d9ok3q%26source%3Da4357edf-2fdd-4c0c-ae4b-fe2e188219c3%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23&lpt=DAILY%20JACKPOTS!&t=1674921373201
200 OK 1.2 kB URL HTTP/2 trk.thebetterdealz.com/d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520%2528WL%2529%2528CPA%2529%25282%2529%26lander.name%3DCasino-14-TY-3%26clickid%3Dwn09duq7ldm1jn7m23d9ok3q%26source%3Da4357edf-2fdd-4c0c-ae4b-fe2e188219c3%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23&lpt=DAILY%20JACKPOTS!&t=1674921373201
IP
File type ASCII text, with very long lines (626)
Hash 4f936d073225193803fd7fe55b4f9c9f
e7123bc9b70b519a345649098d9b0ee7fba6cdb2
db8f9bc7736cca332f0b6b01259e5c081345866fca205e9813c574f43cb807f4
GET /d/.js?lpref=&lpurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520%2528WL%2529%2528CPA%2529%25282%2529%26lander.name%3DCasino-14-TY-3%26clickid%3Dwn09duq7ldm1jn7m23d9ok3q%26source%3Da4357edf-2fdd-4c0c-ae4b-fe2e188219c3%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23&lpt=DAILY%20JACKPOTS!&t=1674921373201 HTTP/1.1
Host: trk.thebetterdealz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 15:56:10 GMT
content-type: application/javascript;charset=UTF-8
content-length: 1152
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=settings
404 Not Found 809 B URL HTTP/2 thebetterdealss.com/zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=settings
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash a2d9253fb772384c3019e2ecc3e9e32f
4b8918f726ada95a50218b229ddfa2ad2b4e9288
f3bd8f754d9f8b808694ac7175a5001587bd0b5d73e1ef0792fe467831ad6bac
GET /zone?&pub=0&zone_id=4495707&is_mobile=false&domain=thebetterdealss.com&var=&ymid=&var_3=&dsig=&action=settings HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
content-length: 809
last-modified: Mon, 17 Oct 2022 17:21:55 GMT
etag: "a2d9253fb772384c3019e2ecc3e9e32f"
x-amz-error-code: NoSuchKey
x-amz-error-message: The specified key does not exist.
x-amz-error-detail-key: zone
date: Sat, 28 Jan 2023 15:56:09 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: N_Pf2xN6P8Ob2HpyY6ZL9s03aElqSNDLzoX2fnie61OcRPTV3pt9kA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d0c7629710cc3741f45789037ba415ee
46098c5c0fe44ef8f6de691763251807c8f5fa47
30f9a277ec679336c9017b68b40a733fcff1a96d0acd26f4787802d54d653f08
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "30F9A277EC679336C9017B68B40A733FCFF1A96D0ACD26F4787802D54D653F08"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7297
Expires: Sat, 28 Jan 2023 17:57:47 GMT
Date: Sat, 28 Jan 2023 15:56:10 GMT
Connection: keep-alive
shaumtol.com/zone?&pub=0&zone_id=4492922&is_mobile=false&domain=thebetterdealss.com&var=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&ymid=wn09duq7ldm1jn7m23d9ok3q&var_3=&dsig=&action=prerequest
200 OK 0 B URL HTTP/2 shaumtol.com/zone?&pub=0&zone_id=4492922&is_mobile=false&domain=thebetterdealss.com&var=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&ymid=wn09duq7ldm1jn7m23d9ok3q&var_3=&dsig=&action=prerequest
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /zone?&pub=0&zone_id=4492922&is_mobile=false&domain=thebetterdealss.com&var=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&ymid=wn09duq7ldm1jn7m23d9ok3q&var_3=&dsig=&action=prerequest HTTP/1.1
Host: shaumtol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thebetterdealss.com
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 15:56:10 GMT
content-length: 0
x-trace-id: 6e7f46e472cac3f172375e3b048e3d70
access-control-allow-origin: https://thebetterdealss.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=sync&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8&ttl=&rurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520%2528WL%2529%2528CPA%2529%25282%2529%26lander.name%3DCasino-14-TY-3%26clickid%3Dwn09duq7ldm1jn7m23d9ok3q%26source%3Da4357edf-2fdd-4c0c-ae4b-fe2e188219c3%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23
200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8&ttl=&rurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520%2528WL%2529%2528CPA%2529%25282%2529%26lander.name%3DCasino-14-TY-3%26clickid%3Dwn09duq7ldm1jn7m23d9ok3q%26source%3Da4357edf-2fdd-4c0c-ae4b-fe2e188219c3%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=567737222dc141f78a16cbadcf8efe9b0e8ae6469c9c147e48b2bbca746e3cd8&ttl=&rurl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520%2528WL%2529%2528CPA%2529%25282%2529%26lander.name%3DCasino-14-TY-3%26clickid%3Dwn09duq7ldm1jn7m23d9ok3q%26source%3Da4357edf-2fdd-4c0c-ae4b-fe2e188219c3%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds%23 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Cookie: ID=38c262e1c9e742f19ba11c944a4c596e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 15:56:10 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=38c262e1c9e742f19ba11c944a4c596e; expires=Sun, 28 Jan 2024 15:56:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d2886ada8fd722e4d9460289f1b3e1f7.static.ico
200 OK 198 B URL HTTP/2 thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/d2886ada8fd722e4d9460289f1b3e1f7.static.ico
IP
File type MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Hash c6acedaff906029fc5455d9ec52c7f42
92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b
Analyzer Verdict Alert fortinet Phishing
GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/d2886ada8fd722e4d9460289f1b3e1f7.static.ico HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Cookie: _ga_N55404SP04=GS1.1.1674921373.1.0.1674921373.0.0.0; _ga=GA1.1.69375977.1674921373
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 198
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:36.000Z
last-modified: Fri, 13 May 2022 18:57:27 GMT
server: AmazonS3
date: Sat, 28 Jan 2023 15:56:11 GMT
etag: "c6acedaff906029fc5455d9ec52c7f42"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zJcA4ioWm3xUC4L8mGyUQTWFk4m4KVE7So2eKPt94Xs7QGU6USM3qg==
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-N55404SP04>m=2oe1p0&_p=1077972761&cid=69375977.1674921373&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674921373&sct=1&seg=0&dl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520%2528WL%2529%2528CPA%2529%25282%2529%26lander.name%3DCasino-14-TY-3%26clickid%3Dwn09duq7ldm1jn7m23d9ok3q%26source%3Da4357edf-2fdd-4c0c-ae4b-fe2e188219c3%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds&dt=DAILY%20JACKPOTS!&en=page_view&_fv=1&_nsi=1&_ss=1
204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-N55404SP04>m=2oe1p0&_p=1077972761&cid=69375977.1674921373&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674921373&sct=1&seg=0&dl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520%2528WL%2529%2528CPA%2529%25282%2529%26lander.name%3DCasino-14-TY-3%26clickid%3Dwn09duq7ldm1jn7m23d9ok3q%26source%3Da4357edf-2fdd-4c0c-ae4b-fe2e188219c3%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds&dt=DAILY%20JACKPOTS!&en=page_view&_fv=1&_nsi=1&_ss=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-N55404SP04>m=2oe1p0&_p=1077972761&cid=69375977.1674921373&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674921373&sct=1&seg=0&dl=https%3A%2F%2Fthebetterdealss.com%2FCampaign%2FCasino%2FCanada-EN%2FCasino-14-TY-3%2Findex.html%3Fcampaign.name%3DCPL%2520-%2520Phase%2520I%2520%2528WL%2529%2528CPA%2529%25282%2529%26lander.name%3DCasino-14-TY-3%26clickid%3Dwn09duq7ldm1jn7m23d9ok3q%26source%3Da4357edf-2fdd-4c0c-ae4b-fe2e188219c3%26city%3DOslo%26brand%3DDesktop%26zoneid%3D%26bannerid%3D%26trafficsource.name%3DPropellerAds&dt=DAILY%20JACKPOTS!&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thebetterdealss.com
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://thebetterdealss.com
date: Sat, 28 Jan 2023 15:56:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9247
Expires: Sat, 28 Jan 2023 18:30:18 GMT
Date: Sat, 28 Jan 2023 15:56:11 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9247
Expires: Sat, 28 Jan 2023 18:30:18 GMT
Date: Sat, 28 Jan 2023 15:56:11 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9247
Expires: Sat, 28 Jan 2023 18:30:18 GMT
Date: Sat, 28 Jan 2023 15:56:11 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9247
Expires: Sat, 28 Jan 2023 18:30:18 GMT
Date: Sat, 28 Jan 2023 15:56:11 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cadb8fa-5527-46cd-92dd-6316ac84a7d5.jpeg
200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cadb8fa-5527-46cd-92dd-6316ac84a7d5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57b73886cbbb719eda5f733c018eedfb
b84ed40973f8a0d3c10529e34f9466746cfdaf0c
4ba11c23e0bbd2aed53b04ad0b3d22161af1971ddcfb75ae55734de9a49af207
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cadb8fa-5527-46cd-92dd-6316ac84a7d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7028
x-amzn-requestid: c1743fed-205a-431b-8648-474facde6d09
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CwFtboAMF9rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-5b94864c707c42fc36fbc63a;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7LUa_R8g8Rlv7JJA0_okht-vGe-xBSyZ5TPJTFakAHlncQPZKEdULQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 65233
etag: "b84ed40973f8a0d3c10529e34f9466746cfdaf0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 64765
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2033b2-0708-4731-82a4-5bbc9f000ae2.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2033b2-0708-4731-82a4-5bbc9f000ae2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a2881cea3ae511d3dfd2f6b7cd598a4e
105d8d675aaafce5602e4015aee2d1659553d1b1
0993ef71c2af9e07ed09e0e2ba40a4d9fdd01444154c2f39f8fc48a4dfef1730
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a2033b2-0708-4731-82a4-5bbc9f000ae2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10863
x-amzn-requestid: db873091-be76-4276-aa3e-f9bd44051508
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fbAMbHCMoAMFsYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4471c-57f14d6a3ebcc8a1788bae80;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:50:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: S8H9sSYtUyye2ex8ulTLy6SEyqTt3xUmjRkTWL0oCEDZIDA21dnudw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:38:29 GMT
etag: "105d8d675aaafce5602e4015aee2d1659553d1b1"
content-type: image/jpeg
age: 62262
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 195316042e7f798eeeb7993fecb3a383
4aeca24ad4702f87feaf9674ea0c1ff6d71826a3
b7e0a61060455241fce844d2c91eca500d409804361063ddb61053cbc9c7b1c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13376
x-amzn-requestid: 64d0092e-1f1a-4183-a4a6-805e0bf37d32
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-DvHIyoAMF6fA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b1-6387770232ddca74531bce91;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8cRGlncOQ6qYv7qbI1HxTz-qUYJkTVa5V2qJM1C8XM5dmyXFA8qRvA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 65233
etag: "4aeca24ad4702f87feaf9674ea0c1ff6d71826a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 61798
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:14:23 GMT
age: 63708
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
200 OK 0 B URL HTTP/2 thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
IP
GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 18 Oct 2022 18:00:27 GMT
server: AmazonS3
content-encoding: gzip
date: Sat, 28 Jan 2023 15:56:09 GMT
etag: W/"b9d3ed57df0497e021c8ad0c049aa136"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: gz8nmjcQeKPiqsgBuZByYzYXlHdq3mGGZ7JCYHcyVf8mxP9rumBKJw==
age: 32072
X-Firefox-Spdy: h2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/03a2f250c19db9fd62bacac660640af3.static.css
200 OK 0 B URL HTTP/2 thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/03a2f250c19db9fd62bacac660640af3.static.css
IP
GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/03a2f250c19db9fd62bacac660640af3.static.css HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:38.000Z
last-modified: Fri, 13 May 2022 18:57:34 GMT
server: AmazonS3
content-encoding: br
date: Sat, 28 Jan 2023 15:56:09 GMT
etag: W/"85f5243aa29794da8e981c44feae0346"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KMMn4j2CqyNV-DemHuTnrhLSGkm9lE7iuclY2bH3QmQcXRlLdYYFfw==
age: 19821
X-Firefox-Spdy: h2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js
200 OK 0 B URL HTTP/2 thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js
IP
Analyzer Verdict Alert fortinet Phishing
GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/b381167682fc24f7d21b80139356c31d.static.js HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:36.000Z
last-modified: Fri, 13 May 2022 18:57:20 GMT
server: AmazonS3
content-encoding: br
date: Fri, 27 Jan 2023 23:17:33 GMT
etag: W/"c9f5aeeca3ad37bf2aa006139b935f0a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: gqfN3KARf1d8YjY6W6VNID8DoW2gDLk1xw0o74C1oRBqC4JZU3p1Nw==
age: 59917
X-Firefox-Spdy: h2
shaumtol.com/pfe/current/micro.tag.min.js?z=4492922&ymid=wn09duq7ldm1jn7m23d9ok3q&var=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&sw=/sw-check-permissions-a7c35.js
200 OK 0 B URL HTTP/2 shaumtol.com/pfe/current/micro.tag.min.js?z=4492922&ymid=wn09duq7ldm1jn7m23d9ok3q&var=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&sw=/sw-check-permissions-a7c35.js
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /pfe/current/micro.tag.min.js?z=4492922&ymid=wn09duq7ldm1jn7m23d9ok3q&var=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&sw=/sw-check-permissions-a7c35.js HTTP/1.1
Host: shaumtol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 15:56:10 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-a083"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/ae50ba77acae77ced1d303cb70026f9b.static.css
200 OK 0 B URL HTTP/2 thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/ae50ba77acae77ced1d303cb70026f9b.static.css
IP
GET /Campaign/Casino/Canada-EN/Casino-14-TY-3/ae50ba77acae77ced1d303cb70026f9b.static.css HTTP/1.1
Host: thebetterdealss.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thebetterdealss.com/Campaign/Casino/Canada-EN/Casino-14-TY-3/index.html?campaign.name=CPL%20-%20Phase%20I%20%28WL%29%28CPA%29%282%29&lander.name=Casino-14-TY-3&clickid=wn09duq7ldm1jn7m23d9ok3q&source=a4357edf-2fdd-4c0c-ae4b-fe2e188219c3&city=Oslo&brand=Desktop&zoneid=&bannerid=&trafficsource.name=PropellerAds
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
x-amz-meta-origin-date-iso8601: 2021-10-10T13:09:38.000Z
last-modified: Fri, 13 May 2022 18:57:31 GMT
server: AmazonS3
content-encoding: br
date: Sat, 28 Jan 2023 15:56:09 GMT
etag: W/"ec3bb52a00e176a7181d454dffaea219"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RG9m_ikWSPW4VV0C-rBopFV4G8Y44wFCnEzayTSRxn2D796UAuAcug==
age: 19821
X-Firefox-Spdy: h2
18.184.38.55
35.241.9.150
139.45.195.8
23.36.76.226
104.17.25.14