urlscan.io logo urlscan.io
SecurityTrails logo

get.bestlifeoffers2023.com Open in urlscan Pro
67.212.184.150  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.ownedcore.com/forums/redirect-to/?redirect=http://[0000:0000:0000:0000:0000:ffff:3272:b702]/TuAJKJxRMJAB.jspf?...
Effective URL: https://get.bestlifeoffers2023.com/?utm_term=7252521878152020069
Submission: On July 06 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 10 domains to perform 14 HTTP transactions. The main IP is 67.212.184.150, located in United States and belongs to SINGLEHOP-LLC, US. The main domain is get.bestlifeoffers2023.com.
TLS certificate: Issued by R3 on May 15th 2023. Valid for: 3 months.
This is the only time get.bestlifeoffers2023.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 1 ::ffff:3272:b702 ()
1 209.236.123.242 30277 (DFW-DATAC...)
1 4 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
3 67.212.184.146 32475 (SINGLEHOP...)
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 185.155.184.98 5398 (AS5398)
1 2 104.248.199.138 14061 (DIGITALOC...)
1 2 45.77.230.212 20473 (AS-CHOOPA)
2 67.212.184.150 32475 (SINGLEHOP...)
14 8
1    2606:4700:20::681a:4e8 (United States)

ASN13335 (CLOUDFLARENET, US)
www.ownedcore.com
1    ::ffff:3272:b702 (Guayaquil, Ecuador)

ASN- ()
::ffff:3272:b702
1    209.236.123.242 (United States)

ASN30277 (DFW-DATACENTER, US)
PTR: 209.236.123.242
peepshowdrifter.com
4    2606:4700:3031::ac43:92ee (United States)

ASN13335 (CLOUDFLARENET, US)
lynku.jukminung.com
1    2606:4700:3035::ac43:9efb (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.addlnk.com
3    67.212.184.146 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
rezi.turetou.com
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
gadbet.homes
2    185.155.184.98 (Switzerland)

ASN5398 (AS5398, CH)
thebestprizes.life
2    104.248.199.138 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: binax-cloud-aodlp9mtvv0x3wcc1yl2.cloud
68.dutynotedot.live
2    45.77.230.212 (Whitechapel, United Kingdom)

ASN20473 (AS-CHOOPA, US)
PTR: 45.77.230.212.vultrusercontent.com
appcloudlink.com
2    67.212.184.150 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
get.bestlifeoffers2023.com
Apex Domain
Subdomains		 Transfer
4 jukminung.com
lynku.jukminung.com
7 KB
3 turetou.com
rezi.turetou.com — Cisco Umbrella Rank: 911551
5 KB
2 bestlifeoffers2023.com
get.bestlifeoffers2023.com
3 KB
2 appcloudlink.com
appcloudlink.com
903 B
2 dutynotedot.live
68.dutynotedot.live
2 KB
2 thebestprizes.life
thebestprizes.life
89 KB
1 gadbet.homes
gadbet.homes
722 B
1 addlnk.com
cdn.addlnk.com — Cisco Umbrella Rank: 373647
1 KB
1 peepshowdrifter.com
peepshowdrifter.com
450 B
1 ownedcore.com
www.ownedcore.com — Cisco Umbrella Rank: 401647
516 B
14 10
Domain Requested by
4 lynku.jukminung.com 1 redirects peepshowdrifter.com
lynku.jukminung.com
3 rezi.turetou.com lynku.jukminung.com
rezi.turetou.com
2 get.bestlifeoffers2023.com appcloudlink.com
get.bestlifeoffers2023.com
2 appcloudlink.com 1 redirects 68.dutynotedot.live
2 68.dutynotedot.live 1 redirects thebestprizes.life
2 thebestprizes.life rezi.turetou.com
thebestprizes.life
1 gadbet.homes 1 redirects
1 cdn.addlnk.com lynku.jukminung.com
1 peepshowdrifter.com
1 www.ownedcore.com 1 redirects
14 10

This site contains no links.

Subject Issuer Validity Valid
peepshowdrifter.com
Sectigo RSA Domain Validation Secure Server CA		 2022-09-29 -
2023-10-29		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-03-20 -
2024-03-18		 a year crt.sh
addlnk.com
GTS CA 1P5		 2023-06-13 -
2023-09-11		 3 months crt.sh
rezi.turetou.com
R3		 2023-07-03 -
2023-10-01		 3 months crt.sh
thebestprizes.life
R3		 2023-07-01 -
2023-09-29		 3 months crt.sh
*.dutynotedot.live
R3		 2023-07-04 -
2023-10-02		 3 months crt.sh
appcloudlink.com
R3		 2023-06-10 -
2023-09-08		 3 months crt.sh
get.bestlifeoffers2023.com
R3		 2023-05-15 -
2023-08-13		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://get.bestlifeoffers2023.com/?utm_term=7252521878152020069
Frame ID: 26D43BCABEF453382BA75753961D049C
Requests: 11 HTTP requests in this frame

Frame: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
Frame ID: 94B47DF2AA4369343B44B1910015EFCB
Requests: 2 HTTP requests in this frame

Frame: https://thebestprizes.life/media/mainstream/frame.html
Frame ID: E31B3849C35C6B10E48354A351E13C21
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.ownedcore.com/forums/redirect-to/?redirect=http://[0000:0000:0000:0000:0000:ffff:3272:b702... HTTP 302
    http://[::ffff:3272:b702]/TuAJKJxRMJAB.jspf?a7xvg7.nmmmm96s36p.n.tvp2l.qlf4l.pr.q6v.p1.rd54g.jssj.nmmn0g HTTP 302
    https://peepshowdrifter.com/1761256005b41e9f800/35_809345_2765323/2487_4828528_3502406_44/617999479_178-... Page URL
  2. https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356617611&pubid=690040 Page URL
  3. https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream... Page URL
  4. https://rezi.turetou.com/?utm_term=7252521856677183564 Page URL
  5. https://rezi.turetou.com/proc.php?754070f32a4a0ca6adec609e8d2c0603be465dc8 Page URL
  6. https://gadbet.homes/help/Rm2VzY?sub_id_1=M7252521856677183564&sub_id_2=13260 HTTP 302
    https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee Page URL
  7. https://68.dutynotedot.live/iryunplw/article68.doc?u=bt1k60t&o=xqt63qn&m=1&t=deee&f=1&sid=t2~ikgp3olaq4x... Page URL
  8. https://68.dutynotedot.live/web/?sid=t2~ikgp3olaq4xl2fwfsy1sirk2 HTTP 302
    https://appcloudlink.com/?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8... HTTP 302
    https://appcloudlink.com/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%... Page URL
  9. https://get.bestlifeoffers2023.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=3ff0... Page URL
  10. https://get.bestlifeoffers2023.com/?utm_term=7252521878152020069 Page URL

Page Statistics

14
Requests

93 %
HTTPS

45 %
IPv6

10
Domains

10
Subdomains

8
IPs

5
Countries

107 kB
Transfer

118 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.ownedcore.com/forums/redirect-to/?redirect=http://[0000:0000:0000:0000:0000:ffff:3272:b702]/TuAJKJxRMJAB.jspf?a7xvg7.nmmmm96s36p.n.tvp2l.qlf4l.pr.q6v.p1.rd54g.jssj.nmmn0g HTTP 302
    http://[::ffff:3272:b702]/TuAJKJxRMJAB.jspf?a7xvg7.nmmmm96s36p.n.tvp2l.qlf4l.pr.q6v.p1.rd54g.jssj.nmmn0g HTTP 302
    https://peepshowdrifter.com/1761256005b41e9f800/35_809345_2765323/2487_4828528_3502406_44/617999479_178-162-209-137 Page URL
  2. https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356617611&pubid=690040 Page URL
  3. https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=caf2c4c2&cid=pub8fd4095473644e8394a01267dfe8da8f&2=690040 Page URL
  4. https://rezi.turetou.com/?utm_term=7252521856677183564 Page URL
  5. https://rezi.turetou.com/proc.php?754070f32a4a0ca6adec609e8d2c0603be465dc8 Page URL
  6. https://gadbet.homes/help/Rm2VzY?sub_id_1=M7252521856677183564&sub_id_2=13260 HTTP 302
    https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee Page URL
  7. https://68.dutynotedot.live/iryunplw/article68.doc?u=bt1k60t&o=xqt63qn&m=1&t=deee&f=1&sid=t2~ikgp3olaq4xl2fwfsy1sirk2&fp=%2Ffjcj8lMM4zUdhFSyd15%2FnDxbeYaiJJzGELdU9BKa4ke0pfKsZtUn8Z3BiOc39rpT%2FJYG%2Fl5rS8SaBJIAnEwVaNrVCM%2F41Hhimv%2FRYJsIZPT9Yo5Yo7P2QPVAp0ujSecgcfOI121l9R%2FxarvfjCjCAHQhJln0x9QfXuuhX%2FWSVrDViwAama0RQBO6x0tNpzcOz4GpvKjTLAKR32KGy%2BR2IF30IsJoS%2FaCPyLc7G8HaGH0oA2XVWa25OA6KlAvyuuEeaqqqvG6J6IV8%2FfIgiOBhIYZ7aSAREQwWypWvbgnOqEdwsbaf3pWaJFWq2hoYeMt1u7oO2tNumpeEraUshQTJofBRKDYT4GPcCPNSrDpH2u3C6Dx%2BI3b3HOP3oEjK2goC%2F3wq02clPBEhqRJKJQnip1AaTtk%2Fm%2FBQpcDTvb7cVYB%2FQIYklCA2vabIl9kuiwN%2F%2BdeA7CWSdFIJ7HiiqhL8HPDKpJnJnMDQUyhwsZcmHI64ltMTQ422%2BqnPyJ2qEfNKYuuDg4eFhezKnsCOy8Y2GgiZmZkG3SzDHOfxYl659MS8Tx017BE1VfAxFovjrpI73Arc8rmZtWSPFFGoXkbNjEyuOA8yW6N08Kx6oOwQ%2B9uxIhIG0Fi%2FjXLcnHMsKd697GUtT3jOVuT57xisUTgRKEl3mZ6aq57nUbpQKGrEi9T2hB3TgA3qecnfmjH0rOfR5j6JTE57yOMwWclKSPODkKMdrKravcgyw1cN1siviEMxmmrWv6DKUULUpFrhzfmx3BKjUg3IW1kOiaIMzHWyVnmjvQUQpFtwDlxQZolrCvnrhcW%2F%2FIA1KxFsgh%2FK1XAjdNAJdpXol6h3l5EbO6kGEZAu35brYQ3bNL8S2q5kcS5xFzc0YzQnmG5udn1nccc9k5Pu3PqqJOrS6quR75G%2BuW204P0VNDGRgduMkthwmXA3eR%2Bg5Env4aAXUo3AF71Mv8mDfD0T%2BwnFqXCu71J8kjsG8y65JnkCbWXNkrEAEe8qMqHR4WjtOez5tdjUUv9DB%2BoNt%2B2O776vNCNUtHGMFZqPiIf8qRFNC%2F%2BJwY20eZMwvJpRzjGlC53v439a%2FEGHoWJmzqeJLBNVwxUN8o%2FE8lFJJj9%2FR8hmm8HASpzQz90VDI2PNh86swu2Ufavxp1fGhRaxyMYsBm3B7EU14p0evVbmyQ%2F3iSG249O8BmPrMP6LeDFTv6AbMVydRBaPMQNzDp902y5r%2Bi5TuZ95PIiWjVP3Llq3byh7A8Fz%2BkSccFHJxbHGAEWYUb8wRbhi6AlT%2F0VkD0FdUUDWwriml3grF9xurG5CZ%2BXQL%2BoGAEPk8ophteFvENGiSOmWLTSeerUL0P5J1ZW6dnRur6Kd2nXQzzjfQrglG8MKsy88hBKHec%2B1uyyrrwPPsAwEEIwsCXDqW2dzLIuOD5qYjGESPxmwY6JbO4HS7uxLbPcaG36D0bqpj0%2FuSkyAjOwuLIMkPwnZOQXi97mH%2FyZJWvqGFa4cpbEkxna9yJy1j1LOWCij2XO6jpCpkchi0BCRo7rs%2BA%2FOHsU9eSW1T5GRgBc2UYKTBRrZ4VCD1T0L9GVA1N2BjJqyNbUarmHKmJVR0GcH3Detnblg5z27Bzu7W%2Fe1mypmLPmqdP%2ByGiUZ145CGdKNl7ujumqKcOY95cc0u5AWhnfDDCZZ6pWJ0rcoW97dQzr8KEghE71MT1%2BmYq%2FzZ%2FVwAySivVLsJR4ZUobIsTJddKYlxf%2FqAzl7X4hy9dNgacFDwCH2RF2KYOCS0a1XVXHcP5ZF52Oz4QRQKNBW%2FqFvfBIyWGUP0KhE0kCvnSZMp1A1i%2Bx5gpx87v3Ys5NwoQ9RgAxwSUmRElbI4ewf%2FyKaqVG3wfeB8E1psndJzQjy2HsAMyU7Ig5Ku0yj50aV3OErwYAz8T9EWfVDs1fjU162mRnfl%2FiUHQ3O2UBMXwyZ7hBShh95%2F2hCfXt0zDEm8Xhw3UGo9ktPcqwwarT9ZrLeeNIUpz9ZJZeKuhzPDzS45P1PRbC4Qsdt9YoXsyfsUb0U%3D Page URL
  8. https://68.dutynotedot.live/web/?sid=t2~ikgp3olaq4xl2fwfsy1sirk2 HTTP 302
    https://appcloudlink.com/?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11T8xr3Oy7tQWtVUY%2BJFqgsdyBIyoae%2F6tdxKrJhJhPKt72qNdeSB63bm11tLJGgYM%3D HTTP 302
    https://appcloudlink.com/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11T8xr3Oy7tQWtVUY%2BJFqgsdyBIyoae%2F6tdxKrJhJhPKt72qNdeSB63bm11tLJGgYM%3D Page URL
  9. https://get.bestlifeoffers2023.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=3ff0e1e4-1ac5-4eff-9820-b109b40c2d9a&np=1 Page URL
  10. https://get.bestlifeoffers2023.com/?utm_term=7252521878152020069 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://www.ownedcore.com/forums/redirect-to/?redirect=http://[0000:0000:0000:0000:0000:ffff:3272:b702]/TuAJKJxRMJAB.jspf?a7xvg7.nmmmm96s36p.n.tvp2l.qlf4l.pr.q6v.p1.rd54g.jssj.nmmn0g HTTP 302
  • http://[::ffff:3272:b702]/TuAJKJxRMJAB.jspf?a7xvg7.nmmmm96s36p.n.tvp2l.qlf4l.pr.q6v.p1.rd54g.jssj.nmmn0g HTTP 302
  • https://peepshowdrifter.com/1761256005b41e9f800/35_809345_2765323/2487_4828528_3502406_44/617999479_178-162-209-137
Request Chain 3
  • https://lynku.jukminung.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
  • https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
Request Chain 8
  • https://gadbet.homes/help/Rm2VzY?sub_id_1=M7252521856677183564&sub_id_2=13260 HTTP 302
  • https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
Request Chain 11
  • https://68.dutynotedot.live/web/?sid=t2~ikgp3olaq4xl2fwfsy1sirk2 HTTP 302
  • https://appcloudlink.com/?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11T8xr3Oy7tQWtVUY%2BJFqgsdyBIyoae%2F6tdxKrJhJhPKt72qNdeSB63bm11tLJGgYM%3D HTTP 302
  • https://appcloudlink.com/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11T8xr3Oy7tQWtVUY%2BJFqgsdyBIyoae%2F6tdxKrJhJhPKt72qNdeSB63bm11tLJGgYM%3D

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
617999479_178-162-209-137
peepshowdrifter.com/1761256005b41e9f800/35_809345_2765323/2487_4828528_3502406_44/
Redirect Chain
  • https://www.ownedcore.com/forums/redirect-to/?redirect=http://[0000:0000:0000:0000:0000:ffff:3272:b702]/TuAJKJxRMJAB.jspf?a7xvg7.nmmmm96s36p.n.tvp2l.qlf4l.pr.q6v.p1.rd54g.jssj.nmmn0g
  • http://[::ffff:3272:b702]/TuAJKJxRMJAB.jspf?a7xvg7.nmmmm96s36p.n.tvp2l.qlf4l.pr.q6v.p1.rd54g.jssj.nmmn0g
  • https://peepshowdrifter.com/1761256005b41e9f800/35_809345_2765323/2487_4828528_3502406_44/617999479_178-162-209-137
137 B
450 B 		Document
General
Check archive.org
Download Go to
Full URL
https://peepshowdrifter.com/1761256005b41e9f800/35_809345_2765323/2487_4828528_3502406_44/617999479_178-162-209-137
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
209.236.123.242 , United States, ASN30277 (DFW-DATACENTER, US),
Reverse DNS
209.236.123.242
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Length
137
Content-Type
text/html; charset=UTF-8
Date
Thu, 06 Jul 2023 02:08:50 GMT
Server
Apache

Redirect headers

Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Thu, 06 Jul 2023 02:08:47 GMT
Location
https://peepshowdrifter.com/1761256005b41e9f800/35_809345_2765323/2487_4828528_3502406_44/617999479_178-162-209-137
Server
Apache
9e8aef8068
lynku.jukminung.com/rc/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356617611&pubid=690040
Requested by
Host: peepshowdrifter.com
URL: https://peepshowdrifter.com/1761256005b41e9f800/35_809345_2765323/2487_4828528_3502406_44/617999479_178-162-209-137
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4bcce880aeda19af39c977300e3c83813785c7c7ad97bf4347427af04cba3a80

Request headers

Referer
https://peepshowdrifter.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7e244d660f812c7a-FRA
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Thu, 06 Jul 2023 02:08:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Khiuy09dfjZ5kpAxILoRqVclffG9uXj%2BfwhxJWRJZapkdYkiqxECXO7zQJB69jaifMTcCtnAWnXeCZLZBkbaf0YcbTOdw5f9OYyiQuqhxfDhE9d9B0IEuVlU7RXdN3a0R1mYk3YHAyiAxeoa5i3KFza"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie
redirect.css
cdn.addlnk.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356617611&pubid=690040
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:9efb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 02:08:52 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
72BQ43Z832DMHS8A
age
6796
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400
x-amz-id-2
9dqjw3QmoT8lhROeWaK3mEcRPoUKNfvQLfCVyCvCyDnxCOQ1ZkKTnjHgPbqYhL93T/SckF1I+RU=
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2B24Fw7zg7eGTEnnm79ike2ZaXjbgBgV6RRU4dlp5Lrst2h847wEllAWQRlAq01Kusb1k0NpTUlRtsisj2qCM0qgmEPv89khH2Disqukfx7VQawV%2BzzqbrguBrAmQyPsDwH0aTor%2Fo3252DlEA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
7e244d66faa6bbf1-FRA
invisible.js
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/ Frame 94B4
Redirect Chain
  • https://lynku.jukminung.com/cdn-cgi/challenge-platform/scripts/invisible.js
  • https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
Protocol
H3
Server
2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
851fe25d22789a0b3edbb22fa0775e27d530e5fba912c6566f81688bfc014108
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 02:08:52 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pxQu8mrCB8xZkI%2F%2FCBcWxp4wEHey9MlVTVD%2FsemupEhPBdVhq8DsdDMlrF%2Fze2HbZOvO%2FwjbXEq9ZR3TqKOk2EJFp46%2Bi74wGUE%2BZZs%2B9nmuuRqOs8wj5w4WE6ypbvI9z1QO9zRf3IqSLwzj%2BL1hpt5%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
7e244d674f36903d-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Thu, 06 Jul 2023 02:08:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wUwZ4q6OikZkwUaXYg%2BnE8ojZ1uw2clvAHEcox6BdFSDDTn5j8A7%2BAaD8cZ0lE8sR3Qifyebu7ypOeB3xmWk%2BGWW54BtlwADG5ASteg8n2G%2FPHjJ3SShU6PRFMydDpgRqKsvAvznl3d%2F5tYJGX2uUGdt"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
7e244d67285c2c7a-FRA
alt-svc
h3=":443"; ma=86400
7e244d660f812c7a
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 94B4 		0
583 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/7e244d660f812c7a
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 06 Jul 2023 02:08:52 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VnUfdmhIvnZ7E9jhZZ44MlLWaOljEw2Mu4VDeu4IEdDV3togmTkMcHXshthCWHj1FnLZKJtPTOwhTsTSPaAumNFVSwnPVsL51f%2FElT5%2FzpFRPQyhgFu2y9mAW76tgeyhXBLgRZS%2FbahrDCySsSWCf%2Buj"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
7e244d68cfd9903d-FRA
alt-svc
h3=":443"; ma=86400
/
rezi.turetou.com/ 		1 KB
919 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=caf2c4c2&cid=pub8fd4095473644e8394a01267dfe8da8f&2=690040
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356617611&pubid=690040
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 06 Jul 2023 02:08:52 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://rezi.turetou.com/?utm_term=7252521856677183564
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
/
rezi.turetou.com/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rezi.turetou.com/?utm_term=7252521856677183564
Requested by
Host: rezi.turetou.com
URL: https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=caf2c4c2&cid=pub8fd4095473644e8394a01267dfe8da8f&2=690040
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
e3ae784c92e31988c9725afdae7fbbf0ff555d1b2789fdbd284809505cb769e1

Request headers

Referer
https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=caf2c4c2&cid=pub8fd4095473644e8394a01267dfe8da8f&2=690040
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 06 Jul 2023 02:08:53 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
proc.php
rezi.turetou.com/ 		1 KB
969 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rezi.turetou.com/proc.php?754070f32a4a0ca6adec609e8d2c0603be465dc8
Requested by
Host: rezi.turetou.com
URL: https://rezi.turetou.com/?utm_term=7252521856677183564
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash

Request headers

Referer
https://rezi.turetou.com/?utm_term=7252521856677183564
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 06 Jul 2023 02:08:53 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://gadbet.homes/help/Rm2VzY?sub_id_1=M7252521856677183564&sub_id_2=13260
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
/
thebestprizes.life/
Redirect Chain
  • https://gadbet.homes/help/Rm2VzY?sub_id_1=M7252521856677183564&sub_id_2=13260
  • https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
88 KB
88 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
Requested by
Host: rezi.turetou.com
URL: https://rezi.turetou.com/proc.php?754070f32a4a0ca6adec609e8d2c0603be465dc8
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.155.184.98 , Switzerland, ASN5398 (AS5398, CH),
Reverse DNS
Software
nginx /
Resource Hash
9167803acbd73b041680b10a6c042dcad11de7597dc8aadb5504883afc012a9c

Request headers

Referer
https://rezi.turetou.com/proc.php?754070f32a4a0ca6adec609e8d2c0603be465dc8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-transform
Connection
keep-alive
Content-Length
89782
Content-Type
text/html
Date
Thu, 06 Jul 2023 02:08:54 GMT
Server
nginx
cache-control
private

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=0
cf-cache-status
DYNAMIC
cf-ray
7e244d6dba432c71-FRA
content-type
text/html; charset=utf-8
date
Thu, 06 Jul 2023 02:08:54 GMT
expires
Thu, 21 Jul 1977 07:30:00 GMT
last-modified
Thu, 06 Jul 2023 02:08:53 GMT
location
https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wQ5m6eRp32%2BoCuEXCRlmH84kvUxgdIHK%2FRd7%2Ff0aRdEbezRHL5SvTkoMkieaFZ0B%2Bsh7II4UWQkWovF90%2B3ZB9L5GmPs%2BnWliH7IPDEnaIINO43LUpl2hL%2Fvqq020xS6LnnBxWM4i3Eho4g%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.0.33
frame.html
thebestprizes.life/media/mainstream/ Frame E31B 		39 B
825 B 		Document
General
Check archive.org
Download Go to
Full URL
https://thebestprizes.life/media/mainstream/frame.html
Requested by
Host: thebestprizes.life
URL: https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.155.184.98 , Switzerland, ASN5398 (AS5398, CH),
Reverse DNS
Software
nginx /
Resource Hash
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=31536000 no-transform
Connection
keep-alive
Content-Length
39
Content-Security-Policy
block-all-mixed-content
Content-Type
text/html
Date
Thu, 06 Jul 2023 02:08:54 GMT
ETag
"086707e4369f60afedcafb16050a7618"
Expires
Fri, 05 Jul 2024 02:08:54 GMT
Last-Modified
Mon, 20 Feb 2023 09:34:05 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Origin Accept-Encoding
X-Amz-Request-Id
176F24A1912D0475
X-Content-Type-Options
nosniff
X-Xss-Protection
1; mode=block
x-amz-meta-mc-attrs
atime:1676843338#351669788/gid:0/gname:root/mode:33279/mtime:1655387452#842583333/uid:0/uname:root
x-amz-meta-mm-source-mtime
2022-06-16T13:50:52.842583333Z
article68.doc
68.dutynotedot.live/iryunplw/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://68.dutynotedot.live/iryunplw/article68.doc?u=bt1k60t&o=xqt63qn&m=1&t=deee&f=1&sid=t2~ikgp3olaq4xl2fwfsy1sirk2&fp=%2Ffjcj8lMM4zUdhFSyd15%2FnDxbeYaiJJzGELdU9BKa4ke0pfKsZtUn8Z3BiOc39rpT%2FJYG%2Fl5rS8SaBJIAnEwVaNrVCM%2F41Hhimv%2FRYJsIZPT9Yo5Yo7P2QPVAp0ujSecgcfOI121l9R%2FxarvfjCjCAHQhJln0x9QfXuuhX%2FWSVrDViwAama0RQBO6x0tNpzcOz4GpvKjTLAKR32KGy%2BR2IF30IsJoS%2FaCPyLc7G8HaGH0oA2XVWa25OA6KlAvyuuEeaqqqvG6J6IV8%2FfIgiOBhIYZ7aSAREQwWypWvbgnOqEdwsbaf3pWaJFWq2hoYeMt1u7oO2tNumpeEraUshQTJofBRKDYT4GPcCPNSrDpH2u3C6Dx%2BI3b3HOP3oEjK2goC%2F3wq02clPBEhqRJKJQnip1AaTtk%2Fm%2FBQpcDTvb7cVYB%2FQIYklCA2vabIl9kuiwN%2F%2BdeA7CWSdFIJ7HiiqhL8HPDKpJnJnMDQUyhwsZcmHI64ltMTQ422%2BqnPyJ2qEfNKYuuDg4eFhezKnsCOy8Y2GgiZmZkG3SzDHOfxYl659MS8Tx017BE1VfAxFovjrpI73Arc8rmZtWSPFFGoXkbNjEyuOA8yW6N08Kx6oOwQ%2B9uxIhIG0Fi%2FjXLcnHMsKd697GUtT3jOVuT57xisUTgRKEl3mZ6aq57nUbpQKGrEi9T2hB3TgA3qecnfmjH0rOfR5j6JTE57yOMwWclKSPODkKMdrKravcgyw1cN1siviEMxmmrWv6DKUULUpFrhzfmx3BKjUg3IW1kOiaIMzHWyVnmjvQUQpFtwDlxQZolrCvnrhcW%2F%2FIA1KxFsgh%2FK1XAjdNAJdpXol6h3l5EbO6kGEZAu35brYQ3bNL8S2q5kcS5xFzc0YzQnmG5udn1nccc9k5Pu3PqqJOrS6quR75G%2BuW204P0VNDGRgduMkthwmXA3eR%2Bg5Env4aAXUo3AF71Mv8mDfD0T%2BwnFqXCu71J8kjsG8y65JnkCbWXNkrEAEe8qMqHR4WjtOez5tdjUUv9DB%2BoNt%2B2O776vNCNUtHGMFZqPiIf8qRFNC%2F%2BJwY20eZMwvJpRzjGlC53v439a%2FEGHoWJmzqeJLBNVwxUN8o%2FE8lFJJj9%2FR8hmm8HASpzQz90VDI2PNh86swu2Ufavxp1fGhRaxyMYsBm3B7EU14p0evVbmyQ%2F3iSG249O8BmPrMP6LeDFTv6AbMVydRBaPMQNzDp902y5r%2Bi5TuZ95PIiWjVP3Llq3byh7A8Fz%2BkSccFHJxbHGAEWYUb8wRbhi6AlT%2F0VkD0FdUUDWwriml3grF9xurG5CZ%2BXQL%2BoGAEPk8ophteFvENGiSOmWLTSeerUL0P5J1ZW6dnRur6Kd2nXQzzjfQrglG8MKsy88hBKHec%2B1uyyrrwPPsAwEEIwsCXDqW2dzLIuOD5qYjGESPxmwY6JbO4HS7uxLbPcaG36D0bqpj0%2FuSkyAjOwuLIMkPwnZOQXi97mH%2FyZJWvqGFa4cpbEkxna9yJy1j1LOWCij2XO6jpCpkchi0BCRo7rs%2BA%2FOHsU9eSW1T5GRgBc2UYKTBRrZ4VCD1T0L9GVA1N2BjJqyNbUarmHKmJVR0GcH3Detnblg5z27Bzu7W%2Fe1mypmLPmqdP%2ByGiUZ145CGdKNl7ujumqKcOY95cc0u5AWhnfDDCZZ6pWJ0rcoW97dQzr8KEghE71MT1%2BmYq%2FzZ%2FVwAySivVLsJR4ZUobIsTJddKYlxf%2FqAzl7X4hy9dNgacFDwCH2RF2KYOCS0a1XVXHcP5ZF52Oz4QRQKNBW%2FqFvfBIyWGUP0KhE0kCvnSZMp1A1i%2Bx5gpx87v3Ys5NwoQ9RgAxwSUmRElbI4ewf%2FyKaqVG3wfeB8E1psndJzQjy2HsAMyU7Ig5Ku0yj50aV3OErwYAz8T9EWfVDs1fjU162mRnfl%2FiUHQ3O2UBMXwyZ7hBShh95%2F2hCfXt0zDEm8Xhw3UGo9ktPcqwwarT9ZrLeeNIUpz9ZJZeKuhzPDzS45P1PRbC4Qsdt9YoXsyfsUb0U%3D
Requested by
Host: thebestprizes.life
URL: https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.199.138 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
binax-cloud-aodlp9mtvv0x3wcc1yl2.cloud
Software
nginx /
Resource Hash

Request headers

Referer
https://thebestprizes.life/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-transform
Connection
keep-alive
Content-Length
1644
Content-Type
text/html
Date
Thu, 06 Jul 2023 02:08:57 GMT
Server
nginx
cache-control
private
away.php
appcloudlink.com/
Redirect Chain
  • https://68.dutynotedot.live/web/?sid=t2~ikgp3olaq4xl2fwfsy1sirk2
  • https://appcloudlink.com/?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11T8xr3Oy7tQWtVUY%2BJF...
  • https://appcloudlink.com/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11T8xr3Oy7tQWt...
349 B
489 B 		Document
General
Check archive.org
Download Go to
Full URL
https://appcloudlink.com/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11T8xr3Oy7tQWtVUY%2BJFqgsdyBIyoae%2F6tdxKrJhJhPKt72qNdeSB63bm11tLJGgYM%3D
Requested by
Host: 68.dutynotedot.live
URL: https://68.dutynotedot.live/iryunplw/article68.doc?u=bt1k60t&o=xqt63qn&m=1&t=deee&f=1&sid=t2~ikgp3olaq4xl2fwfsy1sirk2&fp=%2Ffjcj8lMM4zUdhFSyd15%2FnDxbeYaiJJzGELdU9BKa4ke0pfKsZtUn8Z3BiOc39rpT%2FJYG%2Fl5rS8SaBJIAnEwVaNrVCM%2F41Hhimv%2FRYJsIZPT9Yo5Yo7P2QPVAp0ujSecgcfOI121l9R%2FxarvfjCjCAHQhJln0x9QfXuuhX%2FWSVrDViwAama0RQBO6x0tNpzcOz4GpvKjTLAKR32KGy%2BR2IF30IsJoS%2FaCPyLc7G8HaGH0oA2XVWa25OA6KlAvyuuEeaqqqvG6J6IV8%2FfIgiOBhIYZ7aSAREQwWypWvbgnOqEdwsbaf3pWaJFWq2hoYeMt1u7oO2tNumpeEraUshQTJofBRKDYT4GPcCPNSrDpH2u3C6Dx%2BI3b3HOP3oEjK2goC%2F3wq02clPBEhqRJKJQnip1AaTtk%2Fm%2FBQpcDTvb7cVYB%2FQIYklCA2vabIl9kuiwN%2F%2BdeA7CWSdFIJ7HiiqhL8HPDKpJnJnMDQUyhwsZcmHI64ltMTQ422%2BqnPyJ2qEfNKYuuDg4eFhezKnsCOy8Y2GgiZmZkG3SzDHOfxYl659MS8Tx017BE1VfAxFovjrpI73Arc8rmZtWSPFFGoXkbNjEyuOA8yW6N08Kx6oOwQ%2B9uxIhIG0Fi%2FjXLcnHMsKd697GUtT3jOVuT57xisUTgRKEl3mZ6aq57nUbpQKGrEi9T2hB3TgA3qecnfmjH0rOfR5j6JTE57yOMwWclKSPODkKMdrKravcgyw1cN1siviEMxmmrWv6DKUULUpFrhzfmx3BKjUg3IW1kOiaIMzHWyVnmjvQUQpFtwDlxQZolrCvnrhcW%2F%2FIA1KxFsgh%2FK1XAjdNAJdpXol6h3l5EbO6kGEZAu35brYQ3bNL8S2q5kcS5xFzc0YzQnmG5udn1nccc9k5Pu3PqqJOrS6quR75G%2BuW204P0VNDGRgduMkthwmXA3eR%2Bg5Env4aAXUo3AF71Mv8mDfD0T%2BwnFqXCu71J8kjsG8y65JnkCbWXNkrEAEe8qMqHR4WjtOez5tdjUUv9DB%2BoNt%2B2O776vNCNUtHGMFZqPiIf8qRFNC%2F%2BJwY20eZMwvJpRzjGlC53v439a%2FEGHoWJmzqeJLBNVwxUN8o%2FE8lFJJj9%2FR8hmm8HASpzQz90VDI2PNh86swu2Ufavxp1fGhRaxyMYsBm3B7EU14p0evVbmyQ%2F3iSG249O8BmPrMP6LeDFTv6AbMVydRBaPMQNzDp902y5r%2Bi5TuZ95PIiWjVP3Llq3byh7A8Fz%2BkSccFHJxbHGAEWYUb8wRbhi6AlT%2F0VkD0FdUUDWwriml3grF9xurG5CZ%2BXQL%2BoGAEPk8ophteFvENGiSOmWLTSeerUL0P5J1ZW6dnRur6Kd2nXQzzjfQrglG8MKsy88hBKHec%2B1uyyrrwPPsAwEEIwsCXDqW2dzLIuOD5qYjGESPxmwY6JbO4HS7uxLbPcaG36D0bqpj0%2FuSkyAjOwuLIMkPwnZOQXi97mH%2FyZJWvqGFa4cpbEkxna9yJy1j1LOWCij2XO6jpCpkchi0BCRo7rs%2BA%2FOHsU9eSW1T5GRgBc2UYKTBRrZ4VCD1T0L9GVA1N2BjJqyNbUarmHKmJVR0GcH3Detnblg5z27Bzu7W%2Fe1mypmLPmqdP%2ByGiUZ145CGdKNl7ujumqKcOY95cc0u5AWhnfDDCZZ6pWJ0rcoW97dQzr8KEghE71MT1%2BmYq%2FzZ%2FVwAySivVLsJR4ZUobIsTJddKYlxf%2FqAzl7X4hy9dNgacFDwCH2RF2KYOCS0a1XVXHcP5ZF52Oz4QRQKNBW%2FqFvfBIyWGUP0KhE0kCvnSZMp1A1i%2Bx5gpx87v3Ys5NwoQ9RgAxwSUmRElbI4ewf%2FyKaqVG3wfeB8E1psndJzQjy2HsAMyU7Ig5Ku0yj50aV3OErwYAz8T9EWfVDs1fjU162mRnfl%2FiUHQ3O2UBMXwyZ7hBShh95%2F2hCfXt0zDEm8Xhw3UGo9ktPcqwwarT9ZrLeeNIUpz9ZJZeKuhzPDzS45P1PRbC4Qsdt9YoXsyfsUb0U%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.77.230.212 Whitechapel, United Kingdom, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.230.212.vultrusercontent.com
Software
openresty /
Resource Hash

Request headers

Referer
https://68.dutynotedot.live/iryunplw/article68.doc?u=bt1k60t&o=xqt63qn&m=1&t=deee&f=1&sid=t2~ikgp3olaq4xl2fwfsy1sirk2&fp=%2Ffjcj8lMM4zUdhFSyd15%2FnDxbeYaiJJzGELdU9BKa4ke0pfKsZtUn8Z3BiOc39rpT%2FJYG%2Fl5rS8SaBJIAnEwVaNrVCM%2F41Hhimv%2FRYJsIZPT9Yo5Yo7P2QPVAp0ujSecgcfOI121l9R%2FxarvfjCjCAHQhJln0x9QfXuuhX%2FWSVrDViwAama0RQBO6x0tNpzcOz4GpvKjTLAKR32KGy%2BR2IF30IsJoS%2FaCPyLc7G8HaGH0oA2XVWa25OA6KlAvyuuEeaqqqvG6J6IV8%2FfIgiOBhIYZ7aSAREQwWypWvbgnOqEdwsbaf3pWaJFWq2hoYeMt1u7oO2tNumpeEraUshQTJofBRKDYT4GPcCPNSrDpH2u3C6Dx%2BI3b3HOP3oEjK2goC%2F3wq02clPBEhqRJKJQnip1AaTtk%2Fm%2FBQpcDTvb7cVYB%2FQIYklCA2vabIl9kuiwN%2F%2BdeA7CWSdFIJ7HiiqhL8HPDKpJnJnMDQUyhwsZcmHI64ltMTQ422%2BqnPyJ2qEfNKYuuDg4eFhezKnsCOy8Y2GgiZmZkG3SzDHOfxYl659MS8Tx017BE1VfAxFovjrpI73Arc8rmZtWSPFFGoXkbNjEyuOA8yW6N08Kx6oOwQ%2B9uxIhIG0Fi%2FjXLcnHMsKd697GUtT3jOVuT57xisUTgRKEl3mZ6aq57nUbpQKGrEi9T2hB3TgA3qecnfmjH0rOfR5j6JTE57yOMwWclKSPODkKMdrKravcgyw1cN1siviEMxmmrWv6DKUULUpFrhzfmx3BKjUg3IW1kOiaIMzHWyVnmjvQUQpFtwDlxQZolrCvnrhcW%2F%2FIA1KxFsgh%2FK1XAjdNAJdpXol6h3l5EbO6kGEZAu35brYQ3bNL8S2q5kcS5xFzc0YzQnmG5udn1nccc9k5Pu3PqqJOrS6quR75G%2BuW204P0VNDGRgduMkthwmXA3eR%2Bg5Env4aAXUo3AF71Mv8mDfD0T%2BwnFqXCu71J8kjsG8y65JnkCbWXNkrEAEe8qMqHR4WjtOez5tdjUUv9DB%2BoNt%2B2O776vNCNUtHGMFZqPiIf8qRFNC%2F%2BJwY20eZMwvJpRzjGlC53v439a%2FEGHoWJmzqeJLBNVwxUN8o%2FE8lFJJj9%2FR8hmm8HASpzQz90VDI2PNh86swu2Ufavxp1fGhRaxyMYsBm3B7EU14p0evVbmyQ%2F3iSG249O8BmPrMP6LeDFTv6AbMVydRBaPMQNzDp902y5r%2Bi5TuZ95PIiWjVP3Llq3byh7A8Fz%2BkSccFHJxbHGAEWYUb8wRbhi6AlT%2F0VkD0FdUUDWwriml3grF9xurG5CZ%2BXQL%2BoGAEPk8ophteFvENGiSOmWLTSeerUL0P5J1ZW6dnRur6Kd2nXQzzjfQrglG8MKsy88hBKHec%2B1uyyrrwPPsAwEEIwsCXDqW2dzLIuOD5qYjGESPxmwY6JbO4HS7uxLbPcaG36D0bqpj0%2FuSkyAjOwuLIMkPwnZOQXi97mH%2FyZJWvqGFa4cpbEkxna9yJy1j1LOWCij2XO6jpCpkchi0BCRo7rs%2BA%2FOHsU9eSW1T5GRgBc2UYKTBRrZ4VCD1T0L9GVA1N2BjJqyNbUarmHKmJVR0GcH3Detnblg5z27Bzu7W%2Fe1mypmLPmqdP%2ByGiUZ145CGdKNl7ujumqKcOY95cc0u5AWhnfDDCZZ6pWJ0rcoW97dQzr8KEghE71MT1%2BmYq%2FzZ%2FVwAySivVLsJR4ZUobIsTJddKYlxf%2FqAzl7X4hy9dNgacFDwCH2RF2KYOCS0a1XVXHcP5ZF52Oz4QRQKNBW%2FqFvfBIyWGUP0KhE0kCvnSZMp1A1i%2Bx5gpx87v3Ys5NwoQ9RgAxwSUmRElbI4ewf%2FyKaqVG3wfeB8E1psndJzQjy2HsAMyU7Ig5Ku0yj50aV3OErwYAz8T9EWfVDs1fjU162mRnfl%2FiUHQ3O2UBMXwyZ7hBShh95%2F2hCfXt0zDEm8Xhw3UGo9ktPcqwwarT9ZrLeeNIUpz9ZJZeKuhzPDzS45P1PRbC4Qsdt9YoXsyfsUb0U%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 06 Jul 2023 02:08:57 GMT
Server
openresty
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Thu, 06 Jul 2023 02:08:57 GMT
Location
/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11T8xr3Oy7tQWtVUY%2BJFqgsdyBIyoae%2F6tdxKrJhJhPKt72qNdeSB63bm11tLJGgYM%3D
Server
openresty
Transfer-Encoding
chunked
/
get.bestlifeoffers2023.com/ 		1 KB
937 B 		Document
General
Check archive.org
Download Go to
Full URL
https://get.bestlifeoffers2023.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=3ff0e1e4-1ac5-4eff-9820-b109b40c2d9a&np=1
Requested by
Host: appcloudlink.com
URL: https://appcloudlink.com/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11T8xr3Oy7tQWtVUY%2BJFqgsdyBIyoae%2F6tdxKrJhJhPKt72qNdeSB63bm11tLJGgYM%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.212.184.150 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 06 Jul 2023 02:08:57 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://get.bestlifeoffers2023.com/?utm_term=7252521878152020069
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
Primary Request /
get.bestlifeoffers2023.com/ 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://get.bestlifeoffers2023.com/?utm_term=7252521878152020069
Requested by
Host: get.bestlifeoffers2023.com
URL: https://get.bestlifeoffers2023.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=3ff0e1e4-1ac5-4eff-9820-b109b40c2d9a&np=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.212.184.150 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
cf8333d809bdee6c7c0cb3335390746c44705c69f6c99d1e3df777473a780137

Request headers

Referer
https://get.bestlifeoffers2023.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=3ff0e1e4-1ac5-4eff-9820-b109b40c2d9a&np=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 06 Jul 2023 02:08:58 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

7 Cookies

Domain/Path Name / Value
peepshowdrifter.com/ Name: uid15295
Value: 1356617611-20230705220850-b60a0f07993a53b4eaf67afbd2af9e77-
lynku.jukminung.com/ Name: AWSALB
Value: pkR5CF1aBkp8aHwpBFwjpgyIbqOV543Aqv8N3chausgUy95Bd1QYZWOeFYJPH0/gHjrZmbJwUWOC7RKkeq5L5N2CGyGukWcag9ZTH1EgwLDMigOuUkAyVeIa1Rzw
.jukminung.com/ Name: __cf_bm
Value: yKUnwn4Wql6IETjo1TrwyvY.evtSa8eNazWl4PEYok4-1688609332-0-Ab3OfXTMdpwORo7uz6+IFqFgdUI2likL9MAnE4/mje5y9pKRCqeA4g+xMNDK4MztUg==
.gadbet.homes/ Name: 00831
Value: %7B%22streams%22%3A%7B%2213160%22%3A1688609333%7D%2C%22campaigns%22%3A%7B%2210166%22%3A1688609333%7D%2C%22time%22%3A1688609333%7D
thebestprizes.life/ Name: sid
Value: t2~ikgp3olaq4xl2fwfsy1sirk2
thebestprizes.life/ Name: p1
Value: https://dutynotedot.live/iryunplw/
thebestprizes.life/ Name: s1
Value: dmerknveksfazbop