Report - netcdn.xyz/app/1330123889/pubg-2021-uc-redeem-code-game-hack

Report Overview

URL

netcdn.xyz/app/1330123889/pubg-2021-uc-redeem-code-game-hack
IP

91.223.82.61

ASN

#199968 Iws Networks LLC
Submitted

2022-12-11T14:00:16Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

52

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com (1)	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	402	746	142.250.74.106
r3.o.lencr.org (13)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4394	37870	23.36.76.226
img-getpocket.cdn.mozilla.net (5)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2705	32044	34.120.237.76
ocsp.pki.goog (5)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1715	3500	142.250.74.131
s4.histats.com (1)	12782	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	639	183	149.56.240.127
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	391	34.117.237.239
netcdn.xyz (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	489	564	91.223.82.61
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	44.228.207.167
i0.wp.com (1)	3021	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	392	1176	192.0.77.2
track.enigmacdn.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1147	20892	91.223.82.61
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2374	35.241.9.150
gaminghelper.co (36)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	36248	275710	91.223.82.61
is3-ssl.mzstatic.com (1)	1658	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	540	13305	184.24.44.26
translate.googleapis.com (1)	1005	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	415	4564	142.250.74.170
s10.histats.com (1)	15211	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	361	4699	46.105.201.240
downloadlocked.com (1)	127304	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1086	10923	23.22.126.183
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5843	34.160.144.191
ocsp.digicert.com (4)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1364	2802	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-10	medium	netcdn.xyz/app/1330123889/pubg-2021-uc-redeem-code-game-hack	Tencent
2022-12-10	medium	gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack	Tencent

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-11	medium	netcdn.xyz/app/1330123889/pubg-2021-uc-redeem-code-game-hack	Phishing
2022-12-11	medium	gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack	Phishing
2022-12-11	medium	gaminghelper.co/js/jquery.countTo.js	Phishing
2022-12-11	medium	gaminghelper.co/js/fancySelect.js	Phishing
2022-12-11	medium	gaminghelper.co/js/sweetalert2.min.js	Phishing
2022-12-11	medium	gaminghelper.co/js/validator.min.js	Phishing
2022-12-11	medium	gaminghelper.co/js/com.js	Phishing
2022-12-11	medium	gaminghelper.co/js/form-scripts.js	Phishing
2022-12-11	medium	gaminghelper.co/js/jquery.magnific-popup.min.js	Phishing
2022-12-11	medium	gaminghelper.co/js/sticky.js	Phishing
2022-12-11	medium	gaminghelper.co/js/main.js	Phishing
2022-12-11	medium	gaminghelper.co/fonts/bebasneue_bold-webfont.html	Phishing
2022-12-11	medium	gaminghelper.co/fonts/bebasneue_regular-webfont.html	Phishing
2022-12-11	medium	gaminghelper.co/fonts/et-line.woff	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed
2022-12-11	medium	gaminghelper.co	Sinkholed

HTTP Transactions (78)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

430f1651125c14bfa4924aa1f1a392e9

304141c5fe7ac8b370a67912b2592f9622de9600

315d77a9956f34b1615e38f5f1971dd05146980f8a36b35a8108d47ebba7e8e5

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "315D77A9956F34B1615E38F5F1971DD05146980F8A36B35A8108D47EBBA7E8E5"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13714
Expires: Sun, 11 Dec 2022 17:48:39 GMT
Date: Sun, 11 Dec 2022 14:00:05 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

43ad67f241ee3692a9c9c1da080dae58

6a024f7d71eeee257edc91ba9273416f634aaae5

636635b57f9e6d2ad9b1b949298ee7d3b5b7e251a63516ff68bfb1eceded5688

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "636635B57F9E6D2AD9B1B949298EE7D3B5B7E251A63516FF68BFB1ECEDED5688"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2638
Expires: Sun, 11 Dec 2022 14:44:03 GMT
Date: Sun, 11 Dec 2022 14:00:05 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

b44c4b5daa307a355e7bab1c83c1ca82

dbd14cd873f1dd4502f277b3f51cb7bc8da0c080

fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 11 Dec 2022 13:08:31 GMT
content-type: application/json
age: 3094
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

4ee537977be9c03702f8ffe0025bf1fe

21637881c4aa34c4add703f8bff4eff573159f45

4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5541
Expires: Sun, 11 Dec 2022 15:32:26 GMT
Date: Sun, 11 Dec 2022 14:00:05 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

53341dea33f4f3d9b4966f80589f429a

20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d

651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: uZ/7UQoy9IAc2cZqRNtFRaOaZqwXZ6wAxwhabet/Z/pKsy7kBtYgEA15oVwBfg8FcqEeWgvzdDU=
x-amz-request-id: WV0K0ZBGW4H74SVX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 11 Dec 2022 13:49:13 GMT
age: 652
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e7537e8fe1484b46239714c778c10897

b30e79f8f2e805606e9e210e66a7a8fd91f68ea9

281eadb057f541470156ae010bc1dd59525bfd4aa7897b86cfcdfb481a15d9c3

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "281EADB057F541470156AE010BC1DD59525BFD4AA7897B86CFCDFB481A15D9C3"
Last-Modified: Sat, 10 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21541
Expires: Sun, 11 Dec 2022 19:59:07 GMT
Date: Sun, 11 Dec 2022 14:00:06 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sun, 11 Dec 2022 14:00:05 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

netcdn.xyz/app/1330123889/pubg-2021-uc-redeem-code-game-hack

91.223.82.61

301 Moved Permanently

281

URL HTTP/1.1

netcdn.xyz/app/1330123889/pubg-2021-uc-redeem-code-game-hack
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

281
Hash

6585b39b0e09746abe4b05f273deae6a

c36136503ba5f2c7db7ef3032dcb93afa13999a5

85169a1552993370c30a75cffa82952cc015829b7bb0a9fd08623fdd93ace87b

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing

HTTP Headers

                                        GET /app/1330123889/pubg-2021-uc-redeem-code-game-hack HTTP/1.1
Host: netcdn.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 11 Dec 2022 14:00:05 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 281
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

483074d8959fb1bb143f028fc3096e2a

52df1b72f1ae5a89b72ae46ab64da98c58f24afb

1837dc72fbc35c634a1194c68668a7a3127f640fec56b7eb746b3d9c26fa9c97

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1837DC72FBC35C634A1194C68668A7A3127F640FEC56B7EB746B3D9C26FA9C97"
Last-Modified: Sat, 10 Dec 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18790
Expires: Sun, 11 Dec 2022 19:13:16 GMT
Date: Sun, 11 Dec 2022 14:00:06 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 11 Dec 2022 13:33:16 GMT
age: 1610
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack

91.223.82.61

200 OK

20224

URL HTTP/1.1

gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (14923)

Size

20224
Hash

522a22adb5a3da271f5349b3706c850c

7197afa445715299f2e645fe080c5e02b53cf643

d61f21e06c8a3e32e1e92451497b3381810032efc48598a0e8c5bcdd4aea5595

Detections

Analyzer	Verdict	Alert
openphish	Tencent
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /app/1330123889/pubg-2021-uc-redeem-code-game-hack HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
X-Powered-By: PHP/8.0.8RC1
Content-Encoding: gzip

gaminghelper.co/css/bootstrap.min.css

91.223.82.61

200 OK

19597

URL HTTP/1.1

gaminghelper.co/css/bootstrap.min.css
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (65371)

Size

19597
Hash

3f142cfc2d7123b31a1e696e0591f27a

834192dbadf2713cd2ff89f50d7ec2f1d4782e54

3421e2383a7c02f24509d2f1294d3099b658d0773f97706b87b832b0b770c0b6

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /css/bootstrap.min.css HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:05 GMT
Content-Type: text/css
Last-Modified: Fri, 03 Sep 2021 06:30:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c104-1d9bb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/css/magnific-popup.css

91.223.82.61

200 OK

1994

URL HTTP/1.1

gaminghelper.co/css/magnific-popup.css
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text

Size

1994
Hash

c0275239cb960b014d780d8105b44d72

8db83ac790988232549a3740ecf04fc199da1ce8

211b79363793093a7a2f1d342768844e938e88156b62293093185a6500ead1cf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /css/magnific-popup.css HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:05 GMT
Content-Type: text/css
Last-Modified: Fri, 03 Sep 2021 06:30:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c105-1f0a"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/css/animate.css

91.223.82.61

200 OK

4026

URL HTTP/1.1

gaminghelper.co/css/animate.css
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text

Size

4026
Hash

48bc9b81bca18c06ba937cbb880b4cb3

697313edfad185bcca5c7bde18da4a98f93e3adb

b30b4d8565f9af6c8d2cb3839aa09dbccd60ca1a766465d542debade38f45741

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /css/animate.css HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:05 GMT
Content-Type: text/css
Last-Modified: Fri, 03 Sep 2021 06:30:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c104-10cbc"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/js/jquery.countTo.js

91.223.82.61

200 OK

1125

URL HTTP/1.1

gaminghelper.co/js/jquery.countTo.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text

Size

1125
Hash

547f5246e091d19af521dee35588e468

4772f3c1e62865ccbbab04abd39e69510c8f5843

67880d8532d95db3e74b7da985ca2fe7c9d9660e3dd125202cebcda96a2007e2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/jquery.countTo.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:05 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b3-eb1"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/css/sweetalert2.min.css

91.223.82.61

200 OK

2737

URL HTTP/1.1

gaminghelper.co/css/sweetalert2.min.css
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (13987), with no line terminators

Size

2737
Hash

1cfac88a4a8e1bc20b811757fb028b40

10427c064f703342d031411a3310e2a5ef2083bc

53976df2ad3ce0c0f2632bb620bbb02d930a5eb943298170e97189f029a0d70d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /css/sweetalert2.min.css HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:05 GMT
Content-Type: text/css
Last-Modified: Fri, 03 Sep 2021 06:30:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c106-36a3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/css/style.css

91.223.82.61

200 OK

8520

URL HTTP/1.1

gaminghelper.co/css/style.css
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (1512)

Size

8520
Hash

4d36bdeba8bb00f4ee280771fddfa689

8dfbed7251f5bb010d5fe8f64e0d60abc3e9fd54

08bb84420272831b8755bc5bd2858bf8a486006a9367b670d826ee516262a2c8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /css/style.css HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:05 GMT
Content-Type: text/css
Last-Modified: Fri, 03 Sep 2021 06:30:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c106-bd7b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/js/fancySelect.js

91.223.82.61

200 OK

1661

URL HTTP/1.1

gaminghelper.co/js/fancySelect.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text

Size

1661
Hash

a60791b5b353371813114e815d946494

69d1f371b0ed899641e640b2649c0914302812bd

5d19375a0386f8ea11115e3145c61105cfa1daca00d15ad54b49c84967f518d0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/fancySelect.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:05 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b2-1a7a"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/css/fancySelect.css

91.223.82.61

200 OK

1023

URL HTTP/1.1

gaminghelper.co/css/fancySelect.css
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text

Size

1023
Hash

458a1a06f282aa4c457a8b613d6a38e6

b524e1cb32722230e18bc85f414b9a10e43a7e2d

3f41176d4616a36f4325865bb3c0ea652f3616dec60b31bd923df91f600506b2

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /css/fancySelect.css HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:05 GMT
Content-Type: text/css
Last-Modified: Fri, 03 Sep 2021 06:30:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c105-109d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

278

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

278
Hash

2cae2070bb9150b3133d0096cbc0d2ad

f213a505828354b57cc5334d8b9063045f1dc4f9

6194f5b1d16f6746bce736b1b4b37d35d7005751c73112569794cbd92f9d68e7

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1215
Cache-Control: max-age=148893
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 14:00:06 GMT
Etag: "63958044-116"
Expires: Tue, 13 Dec 2022 07:21:39 GMT
Last-Modified: Sun, 11 Dec 2022 07:01:24 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 278

gaminghelper.co/js/sweetalert2.min.js

91.223.82.61

200 OK

6538

URL HTTP/1.1

gaminghelper.co/js/sweetalert2.min.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (20305), with no line terminators

Size

6538
Hash

b238ef007e57c4c8f9447cba68fdb3a2

2d4ca455aca3fcd8ee7ac2e2883cfa89c87bd532

aeafa1e7bb6a973eac2b4f5462844b1c2d64d53eb2e09e75f265e646320f7080

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/sweetalert2.min.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:06 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b9-4f51"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/js/validator.min.js

91.223.82.61

200 OK

2094

URL HTTP/1.1

gaminghelper.co/js/validator.min.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (5862)

Size

2094
Hash

1ab13fa2eeca5d16de99a1cad839416c

0d0a95bd88d04b02d89e1162dd3ebb20b5543dd8

56b8d7fb44f86809b49d416022455ac170fb0b79d1ab4b6e5192a046e660f667

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/validator.min.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:06 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b9-17a7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/js/com.js

91.223.82.61

200 OK

3265

URL HTTP/1.1

gaminghelper.co/js/com.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

C source, Unicode text, UTF-8 text, with very long lines (2456)

Size

3265
Hash

ecf323c878106fa274f5e9f3b3a82437

86b15826e8a83c81da7ef264dd8e3ff59ef5c1bf

28babf5e232e3dc0985bab21a28eea25b17bc078bafc92a6ba049eefb1e45720

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/com.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:06 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b2-461a"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/js/form-scripts.js

91.223.82.61

200 OK

609

URL HTTP/1.1

gaminghelper.co/js/form-scripts.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text

Size

609
Hash

4fb85eb3b2f0dd8b8f5953c58236da3e

1c9f6c7a15a3248147e056672ffbf4fdbaed6718

3dd0f5e5567c73519dc3eeb98ba6fef9d2b2982af24544ba3d7bbc684d6bae6c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/form-scripts.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:06 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b2-5bd"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/js/jquery.magnific-popup.min.js

91.223.82.61

200 OK

7685

URL HTTP/1.1

gaminghelper.co/js/jquery.magnific-popup.min.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (21014)

Size

7685
Hash

12a9a563724e70a895de0fbd5f7b4ee5

a14c616f532deb9ca2d5fa0de6124d47ea60ab57

f2e1cd5f2953925591288bd1cc3f167bbd392497476119083458e33e9ab87079

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/jquery.magnific-popup.min.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:06 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b6-5297"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

gaminghelper.co/js/sticky.js

91.223.82.61

200 OK

URL HTTP/1.1

gaminghelper.co/js/sticky.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/sticky.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:06 GMT
Content-Type: application/javascript
Content-Length: 0
Last-Modified: Fri, 03 Sep 2021 06:33:28 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "6131c1b8-0"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

74d82b5960e5e12af402b01fa10b0829

4b80baad99eaafa43a8a78dbcd8e0df4141b3dd7

328abed4a3d2ea1d745c64c5c40925ae5efca25846d2e1c8457a030347473b51

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 14:00:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

74d82b5960e5e12af402b01fa10b0829

4b80baad99eaafa43a8a78dbcd8e0df4141b3dd7

328abed4a3d2ea1d745c64c5c40925ae5efca25846d2e1c8457a030347473b51

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 14:00:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

7064f6619ec94ac742915441ddf9be63

07864ef6316dfb3bfd38d602d2c38d237da8e61e

501f0b2261360de41668fde33f0518321c9335d5e1eab0f4a1014f75e061cca1

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 14:00:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

e12bb655426d080117693ba116f398cf

8fe1f7f8d0b191baed2decba3523656da97077f5

2c25ba0d1c806de98d5489934acd8e2f17487e4f7e40c7f0d39094ce49f91b8d

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1657
Cache-Control: max-age=156867
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 14:00:06 GMT
Etag: "63959db0-1d7"
Expires: Tue, 13 Dec 2022 09:34:33 GMT
Last-Modified: Sun, 11 Dec 2022 09:06:56 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

278

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

278
Hash

2cae2070bb9150b3133d0096cbc0d2ad

f213a505828354b57cc5334d8b9063045f1dc4f9

6194f5b1d16f6746bce736b1b4b37d35d7005751c73112569794cbd92f9d68e7

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1215
Cache-Control: max-age=148893
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 14:00:06 GMT
Etag: "63958044-116"
Expires: Tue, 13 Dec 2022 07:21:39 GMT
Last-Modified: Sun, 11 Dec 2022 07:01:24 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 278

gaminghelper.co/js/main.js

91.223.82.61

200 OK

15195

URL HTTP/1.1

gaminghelper.co/js/main.js
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

ASCII text, with very long lines (16162)

Size

15195
Hash

562dc83f2f14b713905fe69a0994e11d

43cd616f9ea8c8c1eb0edccd54a29e2490fcf90a

745ecf708bc71ba73f7071b8a35c3f639ec7f3e05ceb826458a1b6a8fb4fe782

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

                                        GET /js/main.js HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:06 GMT
Content-Type: application/javascript
Last-Modified: Fri, 03 Sep 2021 06:33:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"6131c1b7-a08b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

7064f6619ec94ac742915441ddf9be63

07864ef6316dfb3bfd38d602d2c38d237da8e61e

501f0b2261360de41668fde33f0518321c9335d5e1eab0f4a1014f75e061cca1

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 14:00:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

26851

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

gzip compressed data, max compression\012- data

Size

26851
Hash

30b6a625d187acbe2b3a6cbd6c63ac6a

d81ae98aa6cec84df6c9e05b3f3e18785fdc191f

aebdfd71bbd3b17969a9158c8b9ee7b4b96055042b61876ee951a7815baa825a

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DD03D4E49EEA1C1FEFD81854AC0251E9B2ED2BB07F411C58BD4FFF07ACF7EB2"
Last-Modified: Sat, 10 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6385
Expires: Sun, 11 Dec 2022 15:46:31 GMT
Date: Sun, 11 Dec 2022 14:00:06 GMT
Connection: keep-alive

gaminghelper.co/img/coins2.png

91.223.82.61

200 OK

2061

URL HTTP/1.1

gaminghelper.co/img/coins2.png
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

PNG image data, 31 x 30, 8-bit/color RGBA, non-interlaced\012- data

Size

2061
Hash

de49d679ea1686fa64881f10c0062904

b807f2d9ebb16f59714747732cdcd6944f43c8fe

be338b834d7a7c5b29dbe49c41f50dd84c58f29f651834f46cce86c0fb74ef40

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /img/coins2.png HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:06 GMT
Content-Type: image/png
Content-Length: 2061
Last-Modified: Fri, 03 Sep 2021 06:31:16 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "6131c134-80d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

push.services.mozilla.com/

44.228.207.167

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

44.228.207.167:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jgetqklqZLoMXxKVDxnGeA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CcuX/EVarzNxpxnjg6sTyzfg/xU=

gaminghelper.co/img/nbacash2.png

91.223.82.61

200 OK

2338

URL HTTP/1.1

gaminghelper.co/img/nbacash2.png
IP

91.223.82.61:0
ASN

#199968 Iws Networks LLC

Magic

PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced\012- data

Size

2338
Hash

65716506074de00f1059977305013999

6cfae93ba1f8691d07a629a76d12c78173155b46

55fd8d4b5137df77e5c67c4d83ec123a8db2887cf3b58229e07b45568e091829

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /img/nbacash2.png HTTP/1.1
Host: gaminghelper.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/app/1330123889/pubg-2021-uc-redeem-code-game-hack
Cookie: username1Cookie=Abelardo; username2Cookie=Eliano Fallaci; username3Cookie=Jonathan; comment1Cookie=This trick is amazing  Perfect! this is what i am looking for!  1000000  Cash.. c=; comment2Cookie=this is legit website ! thank you.. :D; comment3Cookie=This trick is amazing; _pk_id.1.166e=327bee40d5aa48b4.1670767169.; _pk_ses.1.166e=1; HstCfa4515739=1670767169479; HstCla4515739=1670767169479; HstCmu4515739=1670767169479; HstPn4515739=1; HstPt4515739=1; HstCnv4515739=1; HstCns4515739=1; timePosted11Cookie=151848; timePosted22Cookie=148829; timePosted33Cookie=124610
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sun, 11 Dec 2022 14:00:06 GMT
Content-Type: image/png
Content-Length: 2338
Last-Modified: Fri, 03 Sep 2021 06:31:34 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "6131c146-922"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

ed7907a166fd6c7a92dccb86a3c9a139

dc441721ffda9224db17cdbdc1c262d21adb93fb

32d16e08caf65d54d2f9aa01191ef9d4b2c56a8f3ab3a9b9d42c3691d5b6a1f1

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4730
Cache-Control: max-age=100939
Content-Type: application/ocsp-response
Date: Sun, 11 Dec 2022 14:00:06 GMT
Etag: "6394b737-1d7"
Expires: Mon, 12 Dec 2022 18:02:25 GMT
Last-Modified: Sat, 10 Dec 2022 16:43:35 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

is3-ssl.mzstatic.com/image/thumb/Purple122/v4/fe/f4/d9/fef4d9cb-8982-7df3-5e32-8e739cd9bb9d/AppIcon-1x_U007emarketing-0-0-GLES2_U002c0-512MB-sRGB-0-0-0-85-220-0-0-0-8.png/150x150bb.jpg

184.24.44.26

200 OK

12072

URL HTTP/2

is3-ssl.mzstatic.com/image/thumb/Purple122/v4/fe/f4/d9/fef4d9cb-8982-7df3-5e32-8e739cd9bb9d/AppIcon-1x_U007emarketing-0-0-GLES2_U002c0-512MB-sRGB-0-0-0-85-220-0-0-0-8.png/150x150bb.jpg
IP

184.24.44.26:0
ASN

#16625 AKAMAI-AS

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 150x150, components 3\012- data

Size

12072
Hash

d04e1a439a4c608e95c7c7abbef2d2d9

696197deeceb113114269ca683f61c4112af3656

8ec6e2a4f85bd90fc1262f28db4c81378afe66d2209987f3f2e42654e88e94bd

HTTP Headers

                                        GET /image/thumb/Purple122/v4/fe/f4/d9/fef4d9cb-8982-7df3-5e32-8e739cd9bb9d/AppIcon-1x_U007emarketing-0-0-GLES2_U002c0-512MB-sRGB-0-0-0-85-220-0-0-0-8.png/150x150bb.jpg HTTP/1.1
Host: is3-ssl.mzstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaminghelper.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: daiquiri/3.0.0
content-type: image/jpeg
content-length: 12072
x-apple-jingle-correlation-key: BJQQ6546FAR5DTAKRUS33NWOPA
x-apple-request-uuid: 0a610f77-9e28-23d1-cc0a-8d25bdb6ce78
b3: 0a610f779e2823d1cc0a8d25bdb6ce78-f21dfc07c65d9cf4
x-b3-spanid: f21dfc07c65d9cf4
x-b3-parentspanid: 1dfa0c1cbc2b69a8
apple-seq: 0.0
apple-tk: false
apple-originating-system: UnknownOriginatingSystem
last-modified: Thu, 17 Nov 2022 01:47:12 GMT
etag: "MSwxLjI4LTIySCxWZXJzaW9uIDEyLjEgKEJ1aWxkIDIxQzUyKSwxNjY4NjQ5NjMyNDA2LGlzQnVpbGRWZXJzaW9uTm90U2V0LDc2YWFjMGYwLG5vRWZmZWN0"
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
timing-allow-origin: *
x-b3-traceid: 81236f67caff38d6
strict-transport-security: max-age=31536000; includeSubDomains
x-daiquiri-instance: daiquiri:33624002:pv50p00it-hyhk12033901:7987:22RELEASE148:daiquiri-amp-processing-shared-int-001-pv
cdnuuid: 554c5fe5-493d-428f-a3fb-c9289cbb2515-4532806631
cache-control: no-transform, max-age=13257455
date: Sun, 11 Dec 2022 14:00:06 GMT
x-cache: TCP_HIT from a95-101-11-174.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
X-Firefox-Spdy: h2

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (21)

#1 JS:Script (size: 0)

#2 JS:Script (size: 6778)

#3 JS:Script (size: 6055)

#4 JS:Script (size: 17946)

#5 JS:Script (size: 76760)

#6 JS:Script (size: 2799)

#7 JS:Script (size: 1469)

#8 JS:Script (size: 20305)

#9 JS:Script (size: 21143)

#10 JS:Script (size: 134)

#11 JS:Script (size: 211667)

#12 JS:Script (size: 84380)

#13 JS:Script (size: 11440)

#14 JS:Script (size: 51)

#15 JS:Script (size: 62256)

#16 JS:Script (size: 41099)

#17 JS:Script (size: 200104)

#18 JS:Script (size: 3761)

#19 JS:Script (size: 22419)

#20 JS:Script (size: 424)

#21 JS:Script (size: 536)

HTTP Transactions (78)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers