Overview

URLcontinuetosite.com/go/79f13ba6-6690-46ad-b3be-7f436030d49d
IP 3.70.16.242 (Germany)
ASN#16509 AMAZON-02
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-08 22:21:37 UTC
StatusLoading report..
IDS alerts0
Blocklist alert6
urlquery alerts No alerts detected
Tags None

Domain Summary (11)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
img-getpocket.cdn.mozilla.net (1) 1631 2017-09-01 03:40:57 UTC 2022-12-08 15:50:00 UTC 34.120.237.76
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-12-08 17:21:04 UTC 34.160.144.191
ocsp.r2m02.amazontrust.com (1) 0 2022-10-12 14:01:39 UTC 2022-12-08 16:56:37 UTC 54.230.80.227 Domain (amazontrust.com) ranked at: 581
officialwinner.xyz (20) 0 2022-10-26 10:16:17 UTC 2022-12-08 06:05:27 UTC 54.230.111.99 Unknown ranking
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-12-08 17:20:00 UTC 44.237.93.5
ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-12-08 17:15:52 UTC 93.184.220.29
desekansr.com (2) 0 2022-05-12 08:00:20 UTC 2022-12-08 00:03:51 UTC 139.45.197.250 Unknown ranking
continuetosite.com (1) 0 2015-12-31 07:14:09 UTC 2022-12-08 06:05:26 UTC 3.70.16.242 Unknown ranking
r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-12-08 17:12:06 UTC 23.36.77.32
firefox.settings.services.mozilla.com (2) 867 2020-05-25 20:06:39 UTC 2022-12-08 17:12:32 UTC 35.241.9.150
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-08 17:14:01 UTC 34.117.237.239

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-08 2 continuetosite.com/go/79f13ba6-6690-46ad-b3be-7f436030d49d Phishing
2022-12-08 2 officialwinner.xyz/1/prizewheel/iphone13/ar-tn/js/app%EF%B9%96id=15b1bae461 (...) Phishing
2022-12-08 2 officialwinner.xyz/1/prizewheel/iphone13/ar-tn/js/landers/prizewheel-fb/app (...) Phishing
2022-12-08 2 officialwinner.xyz/1/prizewheel/iphone13/ar-tn/img/fb-like.svg Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-12-08 2 desekansr.com Sinkholed
2022-12-08 2 desekansr.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 3.70.16.242
Date UQ / IDS / BL URL IP
2023-02-09 03:44:36 +0000 0 - 0 - 12 hdlgi.bemobtrcks.com/go/497d30cd-bd73-4086-af (...) 3.70.16.242
2023-02-08 23:27:03 +0000 0 - 0 - 7 rezuke.gooredirect.xyz/go/ab47911e-a1b8-4981- (...) 3.70.16.242
2023-02-08 23:20:06 +0000 0 - 1 - 5 3gpoq.bemobtrcks.com/go/ff3035df-f12f-4e6d-85 (...) 3.70.16.242
2023-02-08 23:14:00 +0000 1 - 0 - 7 continuetosite.com/go/ea61948c-60da-4b74-9c68 (...) 3.70.16.242
2023-02-08 22:42:23 +0000 0 - 0 - 17 www.mediacdnc.com/go/76e6479b-fa1e-46b9-97fb- (...) 3.70.16.242


Last 5 reports on ASN: AMAZON-02
Date UQ / IDS / BL URL IP
2023-02-09 03:45:15 +0000 0 - 2 - 0 www.eduhubspot.com/course-details/pmp 52.41.106.117
2023-02-09 03:45:15 +0000 0 - 6 - 0 eduhubspot.com/landing/pmp-most-important-test 52.41.106.117
2023-02-09 03:45:00 +0000 0 - 1 - 0 isbn.cloud/9786074503722/estadistica-aplicada (...) 54.230.111.111
2023-02-09 03:44:56 +0000 0 - 2 - 0 cdn-usw002.manage.trellix.com/Software/Curren (...) 54.230.111.107
2023-02-09 03:44:36 +0000 0 - 0 - 12 hdlgi.bemobtrcks.com/go/497d30cd-bd73-4086-af (...) 3.70.16.242


Last 5 reports on domain: continuetosite.com
Date UQ / IDS / BL URL IP
2023-02-08 23:14:00 +0000 1 - 0 - 7 continuetosite.com/go/ea61948c-60da-4b74-9c68 (...) 3.70.16.242
2023-02-08 10:06:15 +0000 0 - 0 - 6 continuetosite.com/go/700d09ea-2016-43ad-bc73 (...) 3.70.16.242
2023-02-06 08:19:29 +0000 0 - 0 - 6 continuetosite.com/go/a16600a5-f5f1-4495-bda2 (...) 3.70.16.242
2023-02-05 16:11:43 +0000 0 - 0 - 1 continuetosite.com/go/629238ce-944c-4dbb-ae32 (...) 3.70.16.242
2023-02-04 12:05:47 +0000 0 - 0 - 7 continuetosite.com/go/0b293498-a69b-4e7b-98e7 (...) 3.70.16.242


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-08 22:21:54 +0000 0 - 0 - 4 officialwinner.xyz/1/prizewheel/iphone13/ar-t (...) 54.230.111.9
2022-10-07 07:34:01 +0000 6 - 0 - 14 continuetosite.com/go/79f13ba6-6690-46ad-b3be (...) 3.70.16.242
2022-09-05 11:57:21 +0000 6 - 0 - 4 continuetosite.com/go/0bcf1e69-a729-40ac-aaed (...) 3.70.16.242
2022-09-04 21:12:31 +0000 7 - 0 - 4 continuetosite.com/go/ec7f0919-ffd0-4cc6-83b3 (...) 3.70.16.242
2022-09-03 21:06:50 +0000 7 - 0 - 4 continuetosite.com/go/f59e1f67-bea7-4aa5-b441 (...) 3.70.16.242

JavaScript

Executed Scripts (11)

Executed Evals (1)
#1 JavaScript::Eval (size: 79) - SHA256: 9c75068cadfb178e648b96e373c472f5cb67a50752364b46684bfd5a6ceb25c5
(() => {
    const a = async
    function name() {};
    window['utdrhvvbpb'] = true;
})()

Executed Writes (2)
#1 JavaScript::Write (size: 0) - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
#2 JavaScript::Write (size: 79) - SHA256: 5c0f4cc1e7ed997c71e2382e10aaaf35e614105d8549cf1b9591f2dd2f9624cc
< a href = "https://continuetosite.com/click"
class = "step__button" > '7D( ,' & 2 * C < /a>


HTTP Transactions (38)


Request Response
                                        
                                            GET /go/79f13ba6-6690-46ad-b3be-7f436030d49d HTTP/1.1 
Host: continuetosite.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         3.70.16.242
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: openresty
Date: Thu, 08 Dec 2022 22:21:26 GMT
Content-Length: 470
Connection: keep-alive
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced
Access-Control-Allow-Origin: *
Location: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Set-Cookie: bemob-uniq-visit:79f13ba6-6690-46ad-b3be-7f436030d49d=1; Domain=continuetosite.com; Path=/; Expires=Fri, 09 Dec 2022 22:21:26 GMT; HttpOnly bemob-rotation:79f13ba6-6690-46ad-b3be-7f436030d49d:random:ca5cbbbd92dd6713911d4fca3b88c62f=0-0-0; Domain=continuetosite.com; Path=/; Expires=Fri, 09 Dec 2022 22:21:26 GMT; HttpOnly bemob-track-url=https%3A%2F%2Fofficialwinner.xyz%2F1%2Fprizewheel%2Fiphone13%2Far-tn%2Findex.html%3Fdomain%3Dcontinuetosite.com%26brand%3D%26bemobdata%3Dc%253D79f13ba6-6690-46ad-b3be-7f436030d49d..l%253Db382e87f-e469-4514-a3d5-af16039eb6e2..a%253D0..b%253D0; Domain=continuetosite.com; Path=/; Expires=Fri, 09 Dec 2022 22:21:26 GMT; HttpOnly
Vary: Accept
X-Response-Time: 8.838ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (470), with no line terminators
Size:   470
Md5:    2e4c641769f5d65449db791d91005a2a
Sha1:   efd4b7e5dd6cd45688ba6a050b74dfaea4b23ecd
Sha256: 789c919cc3f20ec464aa05102e6103712dab07fee6c59ee7a2bd098736100208

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12986
Expires: Fri, 09 Dec 2022 01:57:53 GMT
Date: Thu, 08 Dec 2022 22:21:27 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11060
Expires: Fri, 09 Dec 2022 01:25:47 GMT
Date: Thu, 08 Dec 2022 22:21:27 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 22:08:14 GMT
age: 793
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    bf0c602d32b3c14606f22a86183b5e3c
Sha1:   6eabd8d83475eba731968abe1a05a8bfd272f160
Sha256: 6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F542579E3A3577A646BABDE862282C2AFDA6ED784360A915143216100F7A3D91"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5226
Expires: Thu, 08 Dec 2022 23:48:33 GMT
Date: Thu, 08 Dec 2022 22:21:27 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 4g6IQCWliryShscOpVG02UEqMzF6H0azP4OnuoAM+HdkHImrx8ZWOraLlLA7KVxSYDAv3x2kQCI=
x-amz-request-id: TTPJCVP4HQTZFY4P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 21:48:04 GMT
age: 2003
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 08 Dec 2022 22:21:27 GMT
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 22:07:58 GMT
age: 809
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3549
Cache-Control: 'max-age=158059'
Date: Thu, 08 Dec 2022 22:21:27 GMT
Last-Modified: Thu, 08 Dec 2022 21:22:18 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.r2m02.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.80.227
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=110734
Date: Thu, 08 Dec 2022 22:21:27 GMT
Etag: "639170f5-1d7"
Expires: Sat, 10 Dec 2022 05:07:01 GMT
Last-Modified: Thu, 08 Dec 2022 05:07:01 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UQsR0rEjZCDtxnegcCVdRh2BNJ4BtrqmqDS4NaP4oISe_lt1sXj1Mg==

                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/landers/prizewheel-fb/loader.gif HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 5083
date: Thu, 08 Dec 2022 09:29:43 GMT
last-modified: Wed, 16 Nov 2022 08:56:14 GMT
etag: "ed786659a534e0d183c09a90c50abc9d"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hgmZwCggz_MegxZ2kW7HfcKq1uPf0g_koUmxG-AP-aDCgH8b2Fynsw==
age: 46306
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 50 x 50\012- data
Size:   5083
Md5:    ed786659a534e0d183c09a90c50abc9d
Sha1:   a6c3d90bfaa86a7cda490bc5d04c8939c31a414e
Sha256: cbaeb154dcb93bff5f6e382cede5d51a11175a2295e56bb2790611910280ba97
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/landers/prizewheel-fb/prizewheel_spinner.jpg HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 32496
last-modified: Wed, 16 Nov 2022 08:56:15 GMT
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Dec 2022 15:18:46 GMT
etag: "d4655cba21d806e849eed4e4119fbe1a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GSkyorHHXeh-QhoMedcimYr5rUtXnvn0pzwmCe8y92dxZY65BWzdjg==
age: 25362
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1002x1002, components 3\012- data
Size:   32496
Md5:    d4655cba21d806e849eed4e4119fbe1a
Sha1:   6453039d85005643e9d65074ca022f63b5d47cdd
Sha256: 90f2363aaebaf03f06fb20c6c02fb2e97497d7cd54b611281303ce7e10335ee7
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/js/app%EF%B9%96id=15b1bae461854d516179.js HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 977
last-modified: Wed, 16 Nov 2022 08:56:15 GMT
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Dec 2022 14:35:29 GMT
etag: "15b1bae461854d516179a34a8c9b5f08"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xGpf2J3KjQy0C0rNtJVpzP3QzuJdTsxV2gNxQDmcpw08MXxN-sJRgw==
age: 27960
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (977), with no line terminators
Size:   977
Md5:    15b1bae461854d516179a34a8c9b5f08
Sha1:   330c1d191253fe07c5fe6b5af37872408f2e5904
Sha256: 1bd25e467ea078265aee433e0cf9732a7e127514304634590a2de17fb2330896

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/css/app%EF%B9%96id=c588c17324f2be0e0ec9.css HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 200 OK
content-type: text/css
                                        
content-length: 33
last-modified: Wed, 16 Nov 2022 08:56:14 GMT
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Dec 2022 15:18:39 GMT
etag: "c588c17324f2be0e0ec90a18f39e7d7c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Yspy7C4194zGZmNPkVLpawH0Wnbj77DbItN7Mmx6ht58CwgPuaYUYQ==
age: 25370
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   33
Md5:    c588c17324f2be0e0ec90a18f39e7d7c
Sha1:   69d360eddd15f527aac7f7e610346517732b7770
Sha256: b83e8830b6b2f1253a78f90191cf1087e8fd7638831fd4c1376a7a6029297240
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/prizes/iphone-12-pro-max/default@0.5x.png HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 32266
last-modified: Wed, 16 Nov 2022 08:56:15 GMT
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Dec 2022 15:18:41 GMT
etag: "c562f63263ffff2688791c38014b36bc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jUTTTICnB5hGFESgzfRq7OSpN_4K3-6_ZltfSveF7mwvQSikB8Sb0Q==
age: 25368
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size:   32266
Md5:    c562f63263ffff2688791c38014b36bc
Sha1:   59fe19592cb3f6a2709c418026f0a1ddb12c1314
Sha256: c331ce815fcd0ed99bc592c082eed6e51efd0f107d2ae967021d0273def59ae8
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/landers/prizewheel-fb/notification.png HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 449
last-modified: Wed, 16 Nov 2022 08:56:14 GMT
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Dec 2022 15:18:41 GMT
etag: "bd5203f2cc9e7a9125e4575e029541b0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RS-TLIxcXGii-JelC-mPLT2tFHOflmKbOvy_eONWatVsyVuiDqdwBw==
age: 25368
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 30 x 28, 8-bit colormap, non-interlaced\012- data
Size:   449
Md5:    bd5203f2cc9e7a9125e4575e029541b0
Sha1:   9fa565ab2f4b55da4735b79e529562252b3c9afe
Sha256: db94c8ae725f947f20e12df29e6b6c8ade5ffcd5a7dc9ffd9be0351d963f826f
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ELbGz0I6OjaWN/Cj1NfRqw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         44.237.93.5
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jDpuehTN+ccTp9lTT0XOv6Mxpgw=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "51742B7CBEDC79E5F46198EB3CC0F7865946FDE2A7D8C7D665B2FDDCF96B41C3"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7973
Expires: Fri, 09 Dec 2022 00:34:21 GMT
Date: Thu, 08 Dec 2022 22:21:28 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9330
Expires: Fri, 09 Dec 2022 00:56:59 GMT
Date: Thu, 08 Dec 2022 22:21:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9330
Expires: Fri, 09 Dec 2022 00:56:59 GMT
Date: Thu, 08 Dec 2022 22:21:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9330
Expires: Fri, 09 Dec 2022 00:56:59 GMT
Date: Thu, 08 Dec 2022 22:21:29 GMT
Connection: keep-alive

                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/profiles/mena/female/5@0.25x.jpg HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 403 Forbidden
content-type: application/xml
                                        
date: Thu, 08 Dec 2022 22:21:28 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WxDz6Bh64vV9iFnlF4Wa6NXUjbRYcj0UYoh4i8D3Bka_35uVbSIGfg==
X-Firefox-Spdy: h2

                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/profiles/mena/female/1@0.25x.jpg HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 403 Forbidden
content-type: application/xml
                                        
date: Thu, 08 Dec 2022 22:21:28 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: apWhW0rWHcQ3PqlnQmDYcvOSrY0y2N9jtxJmT1rvGccZyuQklidVNQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   4292
Md5:    4dc3de40c6acd0a0205c0ec8fd8de437
Sha1:   b2105620a6c8f9119d74c75d0610c9265ea7f1aa
Sha256: 10d56208889390278e78fa0f4bad1a17ef7b036b35c97acf58300a3e4b254069
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/profiles/mena/male/2@0.25x.jpg HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 403 Forbidden
content-type: application/xml
                                        
date: Thu, 08 Dec 2022 22:21:27 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Ody1Y6Wo2YvVkTu2Y1rFOAQtPs6hUPCAbiWj-Rc0gPil4k9KYvEZDQ==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   3273
Md5:    318411187e4acb1abaf5aef42ea1f937
Sha1:   19180669cab185f8ee8ec3dd1e233ad29ed88d65
Sha256: 6ce6d77b9822a927e3b45168df8725bf7342db32c15c3b6704c1efd633a599da
                                        
                                            GET /pfe/current/micro.tag.min.js?z=5378963&sw=/sw-check-permissions-f40a4.js HTTP/1.1 
Host: desekansr.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 08 Dec 2022 22:21:28 GMT
last-modified: Thu, 01 Dec 2022 15:42:46 GMT
etag: W/"6388cb76-9a87"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   21886
Md5:    54e781ede8777ec2f45e61772c586fec
Sha1:   30c1b4605c107c10ea83f552d8abb3d44ce546b7
Sha256: 40ed7179ed37649a8990a0d8d6b4f2ea8cc2c1285aa361f5bf4509c8136ff617

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f3c5738-c186-4a1f-a431-33143797bcd5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8345
x-amzn-requestid: b1cf2094-2cf5-4e19-9ed7-4d7e220c93cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czUoREPoIAMF4hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391349b-1b78fe0a155179643ae2aeed;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 00:49:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: YMFI6I2o0A4rGZTluooPsDLGNRRY9kSAfDAFrwzXhIG4HC_W-hFIoQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 11:31:33 GMT
age: 38996
etag: "4792b0893827924e84cc51450012407717da4d2b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8345
Md5:    659b6eb1f1c430e2780758c7787b9a23
Sha1:   4792b0893827924e84cc51450012407717da4d2b
Sha256: f14393b6bcc036fa9ed61114944ebb25192adfec72c09807eb7948a88c790d69
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/profiles/mena/male/10@0.25x.jpg HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 403 Forbidden
content-type: application/xml
                                        
date: Thu, 08 Dec 2022 22:21:28 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Ht5qD_PhkdnY_WSAafYIgzfwEjml802ZARgn6KryuT8reZQJNzMrzA==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   8174
Md5:    f5637544096cc2eb0880536ff8cb36c3
Sha1:   9c9ee44928986529c77881ad3598d4a87b568e39
Sha256: e9fc9c49d44e6f38e8a36b15e5d9a8b0124ab740961ce34db5f7dfe18a3b446e
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/profiles/mena/male/9@0.25x.jpg HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 403 Forbidden
content-type: application/xml
                                        
date: Thu, 08 Dec 2022 22:21:28 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RJ6-Nz1GSW80G6aUfBUWqlE5lLhgN4v2J64FvPxxNGjTbpECETj8Bw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   5431
Md5:    a108e3d7bb972eb4fe0ba55248dc5670
Sha1:   af8055472f2e86e3f864bdae38ea0fcbb6187a2d
Sha256: 92524529fb8e07e3f6b777847f5588ec19cd4612cdf50bf089253de7d011add6
                                        
                                            POST /zone?&pub=0&zone_id=5378963&is_mobile=false&domain=officialwinner.xyz&var=&ymid=&var_3=&dsig=&action=prerequest HTTP/1.1 
Host: desekansr.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://officialwinner.xyz
Connection: keep-alive
Referer: https://officialwinner.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         139.45.197.250
HTTP/2 200 OK
                                        
server: nginx
date: Thu, 08 Dec 2022 22:21:36 GMT
content-length: 0
x-trace-id: c42a06956f50674fce58e9572b292a11
access-control-allow-origin: https://officialwinner.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/prizes/iphone-12-pro-max/proof.jpg HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 403 Forbidden
content-type: application/xml
                                        
date: Thu, 08 Dec 2022 22:21:27 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mnaqIfcxJyYuDRFaHS9jEIGvDQ_ID_oSMyawd8ycorwGL9zKwPWw1w==
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/profiles/mena/male/3@0.25x.jpg HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 403 Forbidden
content-type: application/xml
                                        
date: Thu, 08 Dec 2022 22:21:28 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _IlDy8ckyv9UmRZdVO4029fLFpebAM7QDGN9Htgkw9aKPGKruTNINg==
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0 HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         54.230.111.99
HTTP/2 200 OK
content-type: text/html
                                        
date: Thu, 08 Dec 2022 15:37:52 GMT
last-modified: Wed, 16 Nov 2022 08:56:15 GMT
etag: W/"0336ab3981a87eb98b31eecf78d6195f"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: n6I6K2cOl5Yn4f8nBVSKtURWzky6wcKjekHyzATYYjq0N1CpEty-GQ==
age: 24216
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/css/landers/prizewheel-fb/app%EF%B9%96id=cd41123a11e97e0f2444.css HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Wed, 16 Nov 2022 08:56:14 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 08 Dec 2022 19:41:40 GMT
etag: W/"cd41123a11e97e0f2444b57d180631a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1FORMCegrWjV8Kdl2zNkYlCsGRBNClBxfCAG5W8qzVRhhGWIGweNOw==
age: 9589
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/profiles/mena/female/3@0.25x.jpg HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 403 Forbidden
content-type: application/xml
                                        
date: Thu, 08 Dec 2022 22:21:28 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wS6XX1ISuVYqNvLGVFTc2tw7rnvc3sbtTebwidedOHSzYTzCs_MIeQ==
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/js/landers/prizewheel-fb/app%EF%B9%96id=c3c399d8b44b50eee3e6.js HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Wed, 16 Nov 2022 08:56:15 GMT
server: AmazonS3
content-encoding: br
date: Thu, 08 Dec 2022 03:35:52 GMT
etag: W/"cdf97653c213f02233f50a1ec975633c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zWgmd588MWvLCLs-xW2-HUXb0Gl08_fmowArAcvf4HQnWBHv9ZpbUw==
age: 67537
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/profiles/mena/female/6@0.25x.jpg HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 403 Forbidden
content-type: application/xml
                                        
date: Thu, 08 Dec 2022 22:21:28 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VV8SjrJarXlKQLBPl70TKnlBfpOyCLhhMqOD5Saw8mPBV90IDw2uCA==
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/fb-like.svg HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 403 Forbidden
content-type: application/xml
                                        
date: Thu, 08 Dec 2022 22:21:28 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PFAzG30E708gdHSQTLxEvOttVcwd1IB1J2Qi6IYWyBL9MMrzRSjMTQ==
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /1/prizewheel/iphone13/ar-tn/img/landers/prizewheel-fb/prizewheel_static.png HTTP/1.1 
Host: officialwinner.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://officialwinner.xyz/1/prizewheel/iphone13/ar-tn/index.html?domain=continuetosite.com&brand=&bemobdata=c%3D79f13ba6-6690-46ad-b3be-7f436030d49d..l%3Db382e87f-e469-4514-a3d5-af16039eb6e2..a%3D0..b%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         54.230.111.99
HTTP/2 403 Forbidden
content-type: application/xml
                                        
date: Thu, 08 Dec 2022 22:21:28 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kzqWiX6dBc3d3a_0V5QO-IEqXh9YOJ4cEU6ljaTz8ZDDE_bQSLnVlA==
X-Firefox-Spdy: h2


--- Additional Info ---