urlscan.io logo urlscan.io
SecurityTrails logo

promo.botolaquizinwi.ma Open in urlscan Pro
18.239.94.18  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://botolaquizinwi.ma/
Effective URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Submission: On May 21 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 6 domains to perform 24 HTTP transactions. The main IP is 18.239.94.18, located in United States and belongs to AMAZON-02, US. The main domain is promo.botolaquizinwi.ma.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 21st 2024. Valid for: a year.
This is the only time promo.botolaquizinwi.ma was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 52.30.116.180 16509 (AMAZON-02)
4 4 18.239.18.16 16509 (AMAZON-02)
1 1 76.223.90.41 16509 (AMAZON-02)
20 18.239.94.18 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:238... 16509 (AMAZON-02)
1 104.18.3.124 13335 (CLOUDFLAR...)
1 18.239.69.11 16509 (AMAZON-02)
24 5
1    52.30.116.180 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-116-180.eu-west-1.compute.amazonaws.com
botolaquizinwi.ma
4    18.239.18.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-18-16.ams58.r.cloudfront.net
www.botolaquizinwi.ma
1    76.223.90.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: a41a619e45b492cee.awsglobalaccelerator.com
gateway.dvpass.io
20    18.239.94.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-94-18.ams1.r.cloudfront.net
promo.botolaquizinwi.ma
1    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2600:9000:238d:1400:1e:303e:e780:93a1 (United States)

ASN16509 (AMAZON-02, US)
ipv.p-secure.net
1    104.18.3.124 (None, )

ASN13335 (CLOUDFLARENET, US)
notify.clfldcbprotect.com
1    18.239.69.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-69-11.ams58.r.cloudfront.net
promo.quizbotolainwi.ma
Domain Requested by
20 promo.botolaquizinwi.ma promo.botolaquizinwi.ma
4 www.botolaquizinwi.ma 4 redirects
1 promo.quizbotolainwi.ma
1 notify.clfldcbprotect.com promo.botolaquizinwi.ma
1 ipv.p-secure.net promo.botolaquizinwi.ma
1 www.googletagmanager.com promo.botolaquizinwi.ma
1 gateway.dvpass.io 1 redirects
1 botolaquizinwi.ma 1 redirects
24 8

This site contains links to these domains. Also see Links.

Domain
www.quizbotolainwi.ma
drive.google.com
www.mes-abonnements.ma
Subject Issuer Validity Valid
promo.botolaquizinwi.ma
Amazon RSA 2048 M02		 2024-02-21 -
2025-03-22		 a year crt.sh
*.google-analytics.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
ipv.p-secure.net
Amazon RSA 2048 M03		 2023-10-20 -
2024-11-17		 a year crt.sh
clfldcbprotect.com
E1		 2024-05-07 -
2024-08-05		 3 months crt.sh
promo.quizbotolainwi.ma
Amazon RSA 2048 M03		 2023-09-18 -
2024-10-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://promo.botolaquizinwi.ma/lp_quiz_botola
Frame ID: 884A9EE64E735B7DC5547827AA2A43CF
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Quiz Botola by Inwi

Page URL History Show full URLs

  1. http://botolaquizinwi.ma/ HTTP 307
    https://botolaquizinwi.ma/ HTTP 301
    https://www.botolaquizinwi.ma/ HTTP 302
    http://gateway.dvpass.io/enrichment.php?service=enrichment&rid=3474927e-bd3a-438b-995d-8e8d761480dd&m... HTTP 307
    https://gateway.dvpass.io/enrichment.php?service=enrichment&rid=3474927e-bd3a-438b-995d-8e8d761480dd&m... HTTP 307
    http://gateway.dvpass.io/enrichment.php?service=enrichment&rid=3474927e-bd3a-438b-995d-8e8d761480dd&m... HTTP 302
    http://www.botolaquizinwi.ma/?remident_process=ident&remident=1&error_code=80&error_desc=Enrichment+failed HTTP 307
    https://www.botolaquizinwi.ma/?remident_process=ident&remident=1&error_code=80&error_desc=Enrichment+failed HTTP 302
    https://promo.botolaquizinwi.ma/lp_quiz_botola HTTP 307
    http://www.botolaquizinwi.ma/?remident_process=ident&remident=1&error_code=80&error_desc=Enrichment+failed HTTP 301
    https://www.botolaquizinwi.ma/?remident_process=ident&remident=1&error_code=80&error_desc=Enrichment+failed HTTP 302
    https://promo.botolaquizinwi.ma/lp_quiz_botola Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Page Statistics

24
Requests

100 %
HTTPS

25 %
IPv6

6
Domains

8
Subdomains

5
IPs

4
Countries

670 kB
Transfer

1054 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://botolaquizinwi.ma/ HTTP 307
    https://botolaquizinwi.ma/ HTTP 301
    https://www.botolaquizinwi.ma/ HTTP 302
    http://gateway.dvpass.io/enrichment.php?service=enrichment&rid=3474927e-bd3a-438b-995d-8e8d761480dd&mno=35 HTTP 307
    https://gateway.dvpass.io/enrichment.php?service=enrichment&rid=3474927e-bd3a-438b-995d-8e8d761480dd&mno=35 HTTP 307
    http://gateway.dvpass.io/enrichment.php?service=enrichment&rid=3474927e-bd3a-438b-995d-8e8d761480dd&mno=35 HTTP 302
    http://www.botolaquizinwi.ma/?remident_process=ident&remident=1&error_code=80&error_desc=Enrichment+failed HTTP 307
    https://www.botolaquizinwi.ma/?remident_process=ident&remident=1&error_code=80&error_desc=Enrichment+failed HTTP 302
    https://promo.botolaquizinwi.ma/lp_quiz_botola HTTP 307
    http://www.botolaquizinwi.ma/?remident_process=ident&remident=1&error_code=80&error_desc=Enrichment+failed HTTP 301
    https://www.botolaquizinwi.ma/?remident_process=ident&remident=1&error_code=80&error_desc=Enrichment+failed HTTP 302
    https://promo.botolaquizinwi.ma/lp_quiz_botola Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request lp_quiz_botola
promo.botolaquizinwi.ma/
Redirect Chain
  • http://botolaquizinwi.ma/
  • https://botolaquizinwi.ma/
  • https://www.botolaquizinwi.ma/
  • http://gateway.dvpass.io/enrichment.php?service=enrichment&rid=3474927e-bd3a-438b-995d-8e8d761480dd&mno=35
  • https://gateway.dvpass.io/enrichment.php?service=enrichment&rid=3474927e-bd3a-438b-995d-8e8d761480dd&mno=35
  • http://gateway.dvpass.io/enrichment.php?service=enrichment&rid=3474927e-bd3a-438b-995d-8e8d761480dd&mno=35
  • http://www.botolaquizinwi.ma/?remident_process=ident&remident=1&error_code=80&error_desc=Enrichment+failed
  • https://www.botolaquizinwi.ma/?remident_process=ident&remident=1&error_code=80&error_desc=Enrichment+failed
  • https://promo.botolaquizinwi.ma/lp_quiz_botola
  • http://www.botolaquizinwi.ma/?remident_process=ident&remident=1&error_code=80&error_desc=Enrichment+failed
  • https://www.botolaquizinwi.ma/?remident_process=ident&remident=1&error_code=80&error_desc=Enrichment+failed
  • https://promo.botolaquizinwi.ma/lp_quiz_botola
196 KB
59 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
Apache / Nautilus
Resource Hash
703f015990cb20808a683b25ab9ff8bb249153618d675dd16045a226f90cb6cb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; report-uri https://promo.botolaquizinwi.ma/il_reporturi.php?from=csp; report-to csp_endpoint
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-methods
POST, GET
access-control-allow-origin
https://promo.botolaquizinwi.ma
alt-svc
h3=":443"; ma=86400
cache-control
private, no-transform, no-cache, no-store, must-revalidate, max-age=0
content-encoding
br
content-length
58209
content-security-policy
frame-ancestors 'self'; report-uri https://promo.botolaquizinwi.ma/il_reporturi.php?from=csp; report-to csp_endpoint
content-type
text/html;charset=UTF-8
date
Tue, 21 May 2024 01:42:34 GMT
expect-ct
max-age=0, report-uri="https://promo.botolaquizinwi.ma/il_reporturi.php?from=expect_ct"
expires
Tue, 01 Jan 1980 1:00:00 GMT
p3p
CP="CAO PSA OUR"
permissions-policy
document-domain=()
pragma
no-cache
referrer-policy
origin-when-cross-origin
report-to
{"group":"csp_endpoint","max_age":0,"endpoints":[{"url":"https:\/\/promo.botolaquizinwi.ma\/il_reporturi.php?from=csp"}]}
server
Apache
strict-transport-security
max-age=0
vary
Accept-Encoding
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-id
qNeTiAAjaRIVcvLRJ13QufNgMFuh3NPxpK94NFZSAioDrMBTM8Mf-A==
x-amz-cf-pop
AMS1-P3
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
x-powered-by
Nautilus
x-robots-tag
noindex, follow
x-signature
Stay hungry, stay foolish
x-ua-compatible
IE=edge
x-xss-protection
0

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 21 May 2024 01:42:34 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://promo.botolaquizinwi.ma/lp_quiz_botola
pragma
no-cache
server
Apache
vary
User-Agent
via
1.1 435254ceec69c136096ca9b455fd3534.cloudfront.net (CloudFront)
x-amz-cf-id
R32-5C-7LsamrvuHJspt6yUzQHoB-NdEbVXNXS7SOkj2cKZ2IxbD9g==
x-amz-cf-pop
AMS58-P6
x-cache
Miss from cloudfront
gh7rnghq.js
promo.botolaquizinwi.ma/snp_s/3.15.0/ 		75 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promo.botolaquizinwi.ma/snp_s/3.15.0/gh7rnghq.js
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f8e43900ad689a93a0e049c66b7fce5882b244730f4b199d2f3ee99b87aecf31

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 20 May 2024 13:04:47 GMT
content-encoding
gzip
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
last-modified
Wed, 13 Sep 2023 07:50:02 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P3
age
45469
etag
W/"30f85e9a8c7f22b4f059cbb2c3d11d3e"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
AthgwpDoQpIhGb0yqbceXlCuB5upjt_8b9nviTSLBHDBaXRv3YJzqQ==
gtm.js
www.googletagmanager.com/ 		306 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M7S4GZX
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e463cba8457dc5f11ac6bd776c67d87d1fc3e07eb3e9a56b313f35e0da28f052
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 01:42:35 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100335
x-xss-protection
0
last-modified
Tue, 21 May 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 21 May 2024 01:42:35 GMT
logo.png
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/ 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/logo.png
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
49221f819839550d733b06c41bcb57bd8cf1f7234172705f6fd9d8b336430886

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
UeZP79jHoJ34vMODBKPsIPYiKdK_H1zQ
date
Tue, 21 May 2024 01:23:46 GMT
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
age
1130
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
23999
last-modified
Tue, 16 Nov 2021 16:48:06 GMT
server
AmazonS3
etag
"502b1f69be9f4dd56a8ca363bb28ea95"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
x-amz-cf-id
kqfG0PIoZnWVFwnc5st2R92ukxCf1Mvu6u_Y_6D1OPs89rwK2tHthQ==
botola_inwi.png
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/botola_inwi.png
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1f0a00a6c01c716dc9c854c5248e443e5865cc962b556e6605cdb3ad0587eee9

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
9m2QOUco6QvuP1wP.OgPd8.BhqzgN.Z1
date
Tue, 21 May 2024 01:42:36 GMT
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
14245
last-modified
Tue, 16 Nov 2021 16:48:04 GMT
server
AmazonS3
etag
"ab5ce337cede14d21911c287ece1783d"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
x-amz-cf-id
0Dkz4HHAToKnTl57RGY14Ea9lXxwd0TOG4ynR0icQJo6g4WN3whubg==
foot_federation.png
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/foot_federation.png
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f90ca0846f50f796347ff88a79575d19634f2c576aea04831f0b0fbbef4e6d76

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
nionluA_AVX6txY2SuAOk9BeMti.kFw6
date
Tue, 21 May 2024 01:42:36 GMT
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
16623
last-modified
Tue, 16 Nov 2021 16:48:05 GMT
server
AmazonS3
etag
"d385c7997c498bf17583abdd6ed8cc5c"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
x-amz-cf-id
9j95pW6eCobB6aeT2OXlWmOkUbVCSrr27bCGqEtGzTTMuVrIqt04bQ==
playersi20.png
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/lp_CAN/ 		129 KB
130 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/lp_CAN/playersi20.png
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d64f2906bd87faddb11fd9a7d28e602536c79f3050bd736bf8d3b0af1854b846

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
WCY7.gVbzu5sgFzHHIpVUqhRU7pnYLOD
date
Tue, 21 May 2024 01:42:36 GMT
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
132121
last-modified
Tue, 28 Jun 2022 10:16:10 GMT
server
AmazonS3
etag
"0cf1e5872ac6eadee854b03ac11381c0"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
x-amz-cf-id
i_5Z0fQL17DXRTKsTf6EyUlMx52C0cjO3F6xA9dc4Jy-Bs5663UjnQ==
car.png
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/icons/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/icons/car.png
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
37cd99978b6a7e8e2042a062bc8fa1e9ca82f7e8e373604f678954cd1af35fae

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
fo17plVkx9wKPrQg0iGL9j.uM6H9wVzv
date
Tue, 21 May 2024 01:42:36 GMT
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
3963
last-modified
Tue, 16 Nov 2021 16:48:05 GMT
server
AmazonS3
etag
"dc1a0fd03d8e8f0a36480b940f80d033"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
x-amz-cf-id
TbJuN6BPqQBggtcX6XNbU36NKKpHLgqVqatv46LPUKITsD1O735RtQ==
gift-card.png
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/icons/ 		688 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/icons/gift-card.png
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4cd2cae2024379e893635ea253b0c5925ea4753bb2e15da2e78d9715b34dccb2

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
gUBCd9.cvNiNon8M7wQiPQKNY8O7Vq1R
date
Tue, 21 May 2024 01:42:36 GMT
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
688
last-modified
Tue, 16 Nov 2021 16:48:05 GMT
server
AmazonS3
etag
"42f6033e5ac43add7f7410d9a03395a2"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
x-amz-cf-id
I3KVG-YFNIlsrLlwIq5xps5Rhsgg7nDNA2WWRmzl6zk4mbj_5WRGYw==
priz.png
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/icons/ 		828 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/icons/priz.png
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ad512b33a68e45416ad52088348189715a3a33adb7d931f839f8807191393163

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
ivq7Q929Bnf7Uttu71LGqGxFjOtw7Oi7
date
Tue, 21 May 2024 01:42:36 GMT
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
828
last-modified
Tue, 16 Nov 2021 16:48:06 GMT
server
AmazonS3
etag
"059f9382ba2b2c3f3d26f9cfd87cef86"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
x-amz-cf-id
GO_DuFBOYLXYGyN8DH39_wLDXMwKjl6H8afN66Fq6cmckeVmgN1veQ==
logo_BOTOLA-inwi.png
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/botola/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/botola/img/logo_BOTOLA-inwi.png
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
df494d8181c112cdad7bfbae7bdb8b8725b6150e8c4b125971c5ac926d5b10ba

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
YCkH.E1_zMAirRg..PtqV3WpQTEqwJOA
date
Tue, 21 May 2024 01:23:47 GMT
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
age
1129
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
3317
last-modified
Fri, 12 Nov 2021 10:33:05 GMT
server
AmazonS3
etag
"d182141206458c8428d5c5193485cfd7"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
x-amz-cf-id
SKIG81AsaEPU6kzkERapoDi7Dg9ZofHwN_DpqvBbqRMG5h6zzTbBMA==
logo_TOMBOLA-BOTOLA-by-inwi.png
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/botola/img/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/botola/img/logo_TOMBOLA-BOTOLA-by-inwi.png
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ad873e25470ad006459307fca9874f4e384a8c6ed881caa84aba4f49d2803903

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
wb4PY4IY7DFPz8itaHd0bPHCgKxPhIRh
date
Tue, 21 May 2024 01:42:36 GMT
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
10747
last-modified
Fri, 12 Nov 2021 10:33:05 GMT
server
AmazonS3
etag
"cd2f426a0e72b9f7c38b76d152790d3b"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
x-amz-cf-id
X0VFL08mJk9Hj6sR0gEGu243WhbHwvOXnzJB2PSyuCDQMHJAOJPGcg==
c2a_loading.gif
promo.botolaquizinwi.ma/nautilus/templates/common/files/commun/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/common/files/commun/c2a_loading.gif
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
67045b2289294c222cbab0dbfd07e0af1a40ba39c4ff6165ea9578e2345385da

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
zD7W9y4baGthU9CSgZZpAHBJxVBuq8sG
date
Tue, 21 May 2024 01:23:46 GMT
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
age
1130
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
2892
last-modified
Mon, 28 Jan 2019 14:30:43 GMT
server
AmazonS3
etag
"f5f09658da453dca7d686ad9e5786ada"
vary
Accept-Encoding
content-type
image/gif
cache-control
public
accept-ranges
bytes
x-amz-cf-id
JYne_8YycmlsbxtWwMcbfZUysBRiwbix7MbWiaYbAcT_AsIm8G2CQw==
expires
604800
BG1.jpg
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/ 		71 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/BG1.jpg
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d49de8b4d80b3878e980bc169236d095b254525284d60f6ac155b96f558db33a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
C5cVIS9PO8OLTc3Xxp6EKrZxhS1SRs0u
date
Tue, 21 May 2024 01:42:35 GMT
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
age
1128
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
72803
last-modified
Tue, 16 Nov 2021 16:48:03 GMT
server
AmazonS3
etag
"ece04fe219fc337fec9983219cf624f5"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=1209600
accept-ranges
bytes
x-amz-cf-id
-auaZIQ1IAqmgOHjyOs2ZKuPywflliiv1fWwAvhHVbo4X_n-MACwkA==
arc-one.png
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/arc-one.png
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d058523479e7e237fc6998248deb216f2062982bf2d8986fdc5b92bfb85121b2

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
L9YeQs.9SsaOjDCh.qbawoaDejgM9ZWt
date
Tue, 21 May 2024 01:42:36 GMT
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
5367
last-modified
Tue, 16 Nov 2021 16:48:04 GMT
server
AmazonS3
etag
"ea3220ddff814b28440bc092fd90f687"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
x-amz-cf-id
bc0zC56IKXvsxUxukJnxCeKjVrVANyJZBNbV10LQpfAAJa3xbqigPQ==
arc-form.png
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/arc-form.png
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3e9c30605dde0bde31111c01849ca2a3258161b329ff589e1d990d61ce1dfc9d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
4BqQXHxyEt0c_Asrf2RhrBunbNcbrwJi
date
Tue, 21 May 2024 01:42:36 GMT
via
1.1 1cd1c24523b61d46b093d317bb196d92.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
15077
last-modified
Tue, 16 Nov 2021 16:48:04 GMT
server
AmazonS3
etag
"f5616aab0bb4af53430da41b34129fdf"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
x-amz-cf-id
-CTKJnrgjQ1-6j_vvFpIGRr_aSb2A2PX3hkrhWtz8P-egBzoJxa8kQ==
cgothic-webfont.woff
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/fonts/cgothic-webfont.woff
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
deaedc4f7d9399b234c27ca3716705cf00fc3c0c911124f50c67c8fa6464c4f6

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Origin
https://promo.botolaquizinwi.ma
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 01:42:36 GMT
x-amz-version-id
1fKiSQ7M7JqpO8Pov_qpwMLlgh1O.2kw
via
1.1 8ac1a27a8fede22f241f081ad0edec42.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
18220
last-modified
Tue, 16 Nov 2021 16:48:03 GMT
server
AmazonS3
etag
"9cad7c15c62999260b9000c9e47b2b09"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=1209600
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
C8eoXGqnb6HKbvSXQpRnqP9Obd117CPVByuZXpFxs83zf-t7qpS6Dg==
/
ipv.p-secure.net/ 		230 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ipv.p-secure.net/?il_ipvlookup=jNOg5kpNclPDPAyWq62e5EtkcLa8zAPO4xsuZZTItDYF9guespZqTmsiSf6PHOQ2PeJR46oueVSul3-__E9fHsGa9v3ro37ORyN9HNPwg6vl3MzNIjVWjRL3dKuId5ulhO0ZsK8InxU3RprW-gYlD-clsQ3fBPSC_G46LWHyiM0
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:1400:1e:303e:e780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache / Nautilus
Resource Hash
28bc3848c957e56ee35823a88c969bcf332da8ff49e53174e729dd0928067ae3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://promo.botolaquizinwi.ma; report-uri https://ipv.p-secure.net/il_reporturi.php?from=csp; report-to csp_endpoint
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options allow-from https://promo.botolaquizinwi.ma
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://promo.botolaquizinwi.ma/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Tue, 21 May 2024 01:42:35 GMT
x-signature
Stay hungry, stay foolish
x-content-type-options
nosniff
strict-transport-security
max-age=0
content-encoding
br
content-security-policy
frame-ancestors 'self' https://promo.botolaquizinwi.ma; report-uri https://ipv.p-secure.net/il_reporturi.php?from=csp; report-to csp_endpoint
via
1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-powered-by
Nautilus
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
p3p
CP="CAO PSA OUR"
alt-svc
h3=":443"; ma=86400
content-length
196
x-xss-protection
0
x-ua-compatible
IE=edge
pragma
no-cache
referrer-policy
origin-when-cross-origin
server
Apache
expect-ct
max-age=0, report-uri="https://ipv.p-secure.net/il_reporturi.php?from=expect_ct"
x-frame-options
allow-from https://promo.botolaquizinwi.ma
access-control-allow-methods
POST, GET
content-type
application/json
access-control-allow-origin
https://promo.botolaquizinwi.ma
cache-control
private, no-transform, no-cache, no-store, must-revalidate, max-age=0
permissions-policy
document-domain=()
vary
Accept-Encoding
x-robots-tag
noindex, nofollow
x-amz-cf-id
dTltr5E3SWiuw8xVsI0S0PyQUnyWfSQqcDqy0yBYvNBQDAC2iLULGw==
expires
Tue, 01 Jan 1980 1:00:00 GMT
phone-app.png
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/ 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/phone-app.png
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2f6821c45c7bae07b9638d19e8e9e436a83290d33f1f20d05d468fc847fac2f5

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
lvE9QSEKOB1FLgcbDieByHOWe3OXiJmr
date
Tue, 21 May 2024 01:42:36 GMT
via
1.1 8ac1a27a8fede22f241f081ad0edec42.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
79697
last-modified
Tue, 16 Nov 2021 16:48:07 GMT
server
AmazonS3
etag
"146b9136ad18277ae661a04f00001676"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
x-amz-cf-id
nAecm25CL1Rl5GRJd_TTaMyEumQyK31FuyqSPuD7fCV3sJPBT0_hXg==
roulette-jeux.png
promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/ 		85 KB
85 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promo.botolaquizinwi.ma/nautilus/templates/MA/pqbpma/files/quiz_botola/img/roulette-jeux.png
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
90365a0cb592ad9b83f8234697e104805a7652d70ff92e7655312cad7a9cd720

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 01:42:36 GMT
x-amz-version-id
l5hC8rq89a7ushJ.IId_a6h3oVNMKREY
via
1.1 8ac1a27a8fede22f241f081ad0edec42.cloudfront.net (CloudFront)
last-modified
Tue, 16 Nov 2021 16:48:07 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P3
x-amz-server-side-encryption
AES256
etag
"8b9eafc6ecd88d44ff482c6a89068214"
x-cache
Miss from cloudfront
content-type
image/png
cache-control
public, max-age=1209600
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
86641
x-amz-cf-id
ChJSUDi09k9HUhEtbn9mWcqvPICnHvkKc24P3-MNYv29f7uGp5hYmQ==
uw1
promo.botolaquizinwi.ma/snp_c/ 		2 B
362 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://promo.botolaquizinwi.ma/snp_c/uw1
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/snp_s/3.15.0/gh7rnghq.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

date
Tue, 21 May 2024 01:42:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 8ac1a27a8fede22f241f081ad0edec42.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
AMS1-P3
x-cache
Miss from cloudfront
access-control-allow-origin
https://promo.botolaquizinwi.ma
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=86400
content-length
2
x-amz-cf-id
NgADyQJZrHVnx0hubkvdgAT4sJy81e0R0CHcBvGpqNPw14dG3y023A==
lp_quiz_botola
promo.botolaquizinwi.ma/ 		42 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promo.botolaquizinwi.ma/lp_quiz_botola?spsess_page_id=spsess_page_522d177cc8a8&il_ipvresult=jNOg5kpNclPDPAyWq62e5EtkcLa8zAPO4xsuZZTItDYF9guespZqTmsiSf6PHOQ2PeJR46oueVSul3-__E9fHuhOvOOJDs4uEILhPxyMcw9BzPUVdgUTIaiIOPaS3yirZz0UWWPyyTy7FZMyjnsSqsQVGdQZiPlslsAR4mROnW6-zDsgw0z5YXyDGbwqq5f6UrlFLXijjmwLxRTJQ5mqxg
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.239.94.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-94-18.ams1.r.cloudfront.net
Software
Apache / Nautilus
Resource Hash
15a6c9d403059b6fd2be28f7e77ff2669f37cb08558149c4cfe8a5372ccbc48b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://promo.botolaquizinwi.ma; report-uri https://promo.botolaquizinwi.ma/il_reporturi.php?from=csp; report-to csp_endpoint
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options allow-from https://promo.botolaquizinwi.ma
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/lp_quiz_botola
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 01:42:35 GMT
x-signature
Stay hungry, stay foolish
x-content-type-options
nosniff
strict-transport-security
max-age=0
content-encoding
br
content-security-policy
frame-ancestors 'self' https://promo.botolaquizinwi.ma; report-uri https://promo.botolaquizinwi.ma/il_reporturi.php?from=csp; report-to csp_endpoint
via
1.1 8ac1a27a8fede22f241f081ad0edec42.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P3
x-powered-by
Nautilus
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
p3p
CP="CAO PSA OUR"
alt-svc
h3=":443"; ma=86400
content-length
46
x-xss-protection
0
x-ua-compatible
IE=edge
pragma
no-cache
referrer-policy
origin-when-cross-origin
server
Apache
expect-ct
max-age=0, report-uri="https://promo.botolaquizinwi.ma/il_reporturi.php?from=expect_ct"
x-frame-options
allow-from https://promo.botolaquizinwi.ma
access-control-allow-methods
POST, GET
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://promo.botolaquizinwi.ma
cache-control
private, no-transform, no-cache, no-store, must-revalidate, max-age=0
permissions-policy
document-domain=()
vary
Accept-Encoding
x-robots-tag
noindex, nofollow
x-amz-cf-id
KrxRwgiEMUXUDVcexkfXzKKW6kwt_hsSnpSvinWSX7AhfgQYCQS75g==
expires
Tue, 01 Jan 1980 1:00:00 GMT
A240627838972426602442464086228820442220026064220
notify.clfldcbprotect.com/ 		0
134 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://notify.clfldcbprotect.com/A240627838972426602442464086228820442220026064220
Requested by
Host: promo.botolaquizinwi.ma
URL: https://promo.botolaquizinwi.ma/lp_quiz_botola
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.3.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://promo.botolaquizinwi.ma/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 21 May 2024 01:42:35 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cf-ray
8870dee978042671-TXL
alt-svc
h3=":443"; ma=86400
content-length
0
favicon.ico
promo.quizbotolainwi.ma/nautilus/templates/common/files/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://promo.quizbotolainwi.ma/nautilus/templates/common/files/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.69.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-69-11.ams58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8e64b47b1dd32d6a422cb0d718a4a0eaa7ced810596700d6990ae310ae544f99

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://promo.botolaquizinwi.ma/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
NT_SHlS4_7ScjX3TxUap0HZmNnvBBJ1H
date
Tue, 21 May 2024 01:42:35 GMT
via
1.1 b6b3214c2f1500227643824508cb5d1c.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P4
age
1113
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
1150
last-modified
Fri, 27 Sep 2019 11:20:23 GMT
server
AmazonS3
etag
"487688cc4ad04b55532e7719b729b3a6"
vary
Accept-Encoding
content-type
image/x-icon
cache-control
public
accept-ranges
bytes
x-amz-cf-id
KChQprTL-39BDC4IZy70n70Ra1AUCf5Eol4Tf8k5ZqgDnWON5Mpmqg==
expires
1209600

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

126 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| nautilus_url_api string| sp_url_api string| urlinfo_file string| sp_dir boolean| csm_gtm_tag object| async_obj boolean| passiveSupported object| passiveSupported_options function| addEvent function| untilLoad function| getSubDomain function| query2obj function| add_get function| remove_get function| setCookie function| getRootDomain function| getDomain function| cookie2obj function| analytics_is_loaded function| gtag object| datalayer_callback_registry function| datalayer_callback_func function| datalayer_lastval function| datalayer_send function| event_send function| vpv_send object| dataLayer object| navco function| snp_contexts function| snp_trackpageview object| GlobalSnowplowNamespace function| snowplow boolean| snp_trackpageview_done function| getStyle function| listen4pstmsg function| nauti_event function| querySelectorAll_do function| ajax_query function| nautiajax function| ajxlog function| underscorify function| strSimplify function| keyClassSet function| addcss function| addclass function| nsc function| bc_getmsg function| bc_send object| bc function| bc_read object| async_job_tmp function| async_job function| parentQuerySelector function| parentMatchClass function| counter function| attrib_data function| dataping function| ajax_rcv function| bottomfooter object| inputplacehold_backups function| inputplacehold string| spsess_page_id string| dve_trk_id string| full_url_without_params string| curhandle string| rel_url_without_params string| siteconf_GAOPTI boolean| fraudeur boolean| has_K911_script string| billing_url function| evina_notify object| queries object| cookie_obj undefined| redirect_url object| match number| ifr_fix_display_i function| ifr_fix_display object| lp_conf function| send_bod_event function| user_enriched function| user_mobilenumber function| user_mobilephone function| user_mobileoperator function| user_operator function| mobileoperator_name function| mobileoperator_code function| user_mobileoperator_code function| country_mobileoperator_code boolean| cta_not_ready function| cta_loading function| cta_reset_all string| load_flow_obj undefined| load_subflow_obj function| load_flow function| load_flow_v2 function| applyStyleAttribute string| display_step_obj object| display_step_form function| display_step function| trigger_cta_click function| trigger_cta_form function| keyClassUpdateAll function| check_ifalreadysub_error function| apply_custom_rules function| querysel_display function| checkalreadysub function| ar2num function| fullredirect function| redirect function| generate_aftoken function| nautiajx_bod function| imgautoload_func boolean| imgautoload_started boolean| imgautoload_doing function| bod_event function| bod_errors function| sendpin object| flowform number| form_i number| form_n function| affich_lead number| time_start string| key object| google_tag_manager object| google_tag_data

10 Cookies

Domain/Path Name / Value
www.botolaquizinwi.ma/ Name: PHPSESSID
Value: rhm45g8qf7ss93g3g0r2mobooa
.botolaquizinwi.ma/ Name: nautisession_v3
Value: nauti_session_96b881b5ce4e551dbbc27a086723f041_42844917162557541863
promo.botolaquizinwi.ma/ Name: nautisession_v3
Value: nauti_session_96b881b5ce4e551dbbc27a086723f041_42844917162557541863
.botolaquizinwi.ma/ Name: sp
Value: cc66c317-e6b6-f069-ee14-9cffd2c4ce1f
.botolaquizinwi.ma/ Name: snp_csid
Value: sp-pqbpma-f5116ab6fca0936bc017df67d019023a
.botolaquizinwi.ma/ Name: _snp_ses.5a6a
Value: *
.botolaquizinwi.ma/ Name: _snp_id.5a6a
Value: 8cf13d27-fd83-472a-9ab1-20f27a0c5cd3.1716255755.1.1716255755..339b9254-031f-4d52-b0e0-b56006b9c55f..f9e75690-a59f-4d5e-b90e-4661e8832b8e.1716255755177.1
promo.botolaquizinwi.ma/ Name: sp
Value: cc66c317-e6b6-f069-ee14-9cffd2c4ce1f
.botolaquizinwi.ma/ Name: _gcl_au
Value: 1.1.854744932.1716255755
.botolaquizinwi.ma/ Name: ga_cid
Value: 1863575171.1716255755

1 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'; report-uri https://promo.botolaquizinwi.ma/il_reporturi.php?from=csp; report-to csp_endpoint
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

botolaquizinwi.ma
gateway.dvpass.io
ipv.p-secure.net
notify.clfldcbprotect.com
promo.botolaquizinwi.ma
promo.quizbotolainwi.ma
www.botolaquizinwi.ma
www.googletagmanager.com
104.18.3.124
18.239.18.16
18.239.69.11
18.239.94.18
2600:9000:238d:1400:1e:303e:e780:93a1
2a00:1450:4001:82f::2008
52.30.116.180
76.223.90.41
15a6c9d403059b6fd2be28f7e77ff2669f37cb08558149c4cfe8a5372ccbc48b
1f0a00a6c01c716dc9c854c5248e443e5865cc962b556e6605cdb3ad0587eee9
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28bc3848c957e56ee35823a88c969bcf332da8ff49e53174e729dd0928067ae3
2f6821c45c7bae07b9638d19e8e9e436a83290d33f1f20d05d468fc847fac2f5
37cd99978b6a7e8e2042a062bc8fa1e9ca82f7e8e373604f678954cd1af35fae
3e9c30605dde0bde31111c01849ca2a3258161b329ff589e1d990d61ce1dfc9d
49221f819839550d733b06c41bcb57bd8cf1f7234172705f6fd9d8b336430886
4cd2cae2024379e893635ea253b0c5925ea4753bb2e15da2e78d9715b34dccb2
67045b2289294c222cbab0dbfd07e0af1a40ba39c4ff6165ea9578e2345385da
703f015990cb20808a683b25ab9ff8bb249153618d675dd16045a226f90cb6cb
8e64b47b1dd32d6a422cb0d718a4a0eaa7ced810596700d6990ae310ae544f99
90365a0cb592ad9b83f8234697e104805a7652d70ff92e7655312cad7a9cd720
ad512b33a68e45416ad52088348189715a3a33adb7d931f839f8807191393163
ad873e25470ad006459307fca9874f4e384a8c6ed881caa84aba4f49d2803903
d058523479e7e237fc6998248deb216f2062982bf2d8986fdc5b92bfb85121b2
d49de8b4d80b3878e980bc169236d095b254525284d60f6ac155b96f558db33a
d64f2906bd87faddb11fd9a7d28e602536c79f3050bd736bf8d3b0af1854b846
deaedc4f7d9399b234c27ca3716705cf00fc3c0c911124f50c67c8fa6464c4f6
df494d8181c112cdad7bfbae7bdb8b8725b6150e8c4b125971c5ac926d5b10ba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e463cba8457dc5f11ac6bd776c67d87d1fc3e07eb3e9a56b313f35e0da28f052
f8e43900ad689a93a0e049c66b7fce5882b244730f4b199d2f3ee99b87aecf31
f90ca0846f50f796347ff88a79575d19634f2c576aea04831f0b0fbbef4e6d76