urlscan.io logo urlscan.io
SecurityTrails logo

get.bestlifeoffers2023.com Open in urlscan Pro
67.212.184.150  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://linkedin.com/slink?code=eufJv7bg
Effective URL: https://get.bestlifeoffers2023.com/?utm_term=7252401704967077961
Submission: On July 05 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 11 domains to perform 14 HTTP transactions. The main IP is 67.212.184.150, located in United States and belongs to SINGLEHOP-LLC, US. The main domain is get.bestlifeoffers2023.com.
TLS certificate: Issued by R3 on May 15th 2023. Valid for: 3 months.
This is the only time get.bestlifeoffers2023.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 2620:1ec:21::14 8068 (MICROSOFT...)
1 1 209.200.243.17 1239 (SPRINTLINK)
1 205.251.153.247 11042 (NTHL)
1 4 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
3 67.212.184.146 32475 (SINGLEHOP...)
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 185.155.184.98 5398 (AS5398)
1 2 104.248.199.138 14061 (DIGITALOC...)
1 2 45.77.230.212 20473 (AS-CHOOPA)
2 67.212.184.150 32475 (SINGLEHOP...)
14 8
2    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
linkedin.com
www.linkedin.com
1    209.200.243.17 (Canada)

ASN1239 (SPRINTLINK, US)
PTR: lotto.goonforever.org.uk
docscalls.shop
1    205.251.153.247 (United States)

ASN11042 (NTHL, US)
PTR: saltworhaloak.com
alagoasredden.com
4    2606:4700:3031::ac43:92ee (United States)

ASN13335 (CLOUDFLARENET, US)
lynku.jukminung.com
1    2606:4700:3035::ac43:9efb (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.addlnk.com
3    67.212.184.146 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
rezi.turetou.com
1    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
gadbet.homes
2    185.155.184.98 (Switzerland)

ASN5398 (AS5398, CH)
thebestprizes.life
2    104.248.199.138 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: binax-cloud-aodlp9mtvv0x3wcc1yl2.cloud
522.dutynotedot.live
2    45.77.230.212 (Whitechapel, United Kingdom)

ASN20473 (AS-CHOOPA, US)
PTR: 45.77.230.212.vultrusercontent.com
appcloudlink.com
2    67.212.184.150 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
get.bestlifeoffers2023.com
Apex Domain
Subdomains		 Transfer
4 jukminung.com
lynku.jukminung.com
7 KB
3 turetou.com
rezi.turetou.com — Cisco Umbrella Rank: 911551
5 KB
2 bestlifeoffers2023.com
get.bestlifeoffers2023.com
3 KB
2 appcloudlink.com
appcloudlink.com
901 B
2 dutynotedot.live
522.dutynotedot.live
2 KB
2 thebestprizes.life
thebestprizes.life
89 KB
2 linkedin.com
linkedin.com — Cisco Umbrella Rank: 232
www.linkedin.com — Cisco Umbrella Rank: 544
3 KB
1 gadbet.homes
gadbet.homes
718 B
1 addlnk.com
cdn.addlnk.com — Cisco Umbrella Rank: 373647
1 KB
1 alagoasredden.com
alagoasredden.com
450 B
1 docscalls.shop
docscalls.shop
250 B
14 11
Domain Requested by
4 lynku.jukminung.com 1 redirects alagoasredden.com
lynku.jukminung.com
3 rezi.turetou.com lynku.jukminung.com
rezi.turetou.com
2 get.bestlifeoffers2023.com appcloudlink.com
get.bestlifeoffers2023.com
2 appcloudlink.com 1 redirects 522.dutynotedot.live
2 522.dutynotedot.live 1 redirects thebestprizes.life
2 thebestprizes.life rezi.turetou.com
thebestprizes.life
1 gadbet.homes 1 redirects
1 cdn.addlnk.com lynku.jukminung.com
1 alagoasredden.com
1 docscalls.shop 1 redirects
1 www.linkedin.com 1 redirects
1 linkedin.com 1 redirects
14 12

This site contains no links.

Subject Issuer Validity Valid
alagoasredden.com
Sectigo RSA Domain Validation Secure Server CA		 2022-12-27 -
2024-01-16		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-03-20 -
2024-03-18		 a year crt.sh
addlnk.com
GTS CA 1P5		 2023-06-13 -
2023-09-11		 3 months crt.sh
rezi.turetou.com
R3		 2023-07-03 -
2023-10-01		 3 months crt.sh
thebestprizes.life
R3		 2023-07-01 -
2023-09-29		 3 months crt.sh
*.dutynotedot.live
R3		 2023-07-04 -
2023-10-02		 3 months crt.sh
appcloudlink.com
R3		 2023-06-10 -
2023-09-08		 3 months crt.sh
get.bestlifeoffers2023.com
R3		 2023-05-15 -
2023-08-13		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://get.bestlifeoffers2023.com/?utm_term=7252401704967077961
Frame ID: 565859A34244070DCB501F619899697D
Requests: 11 HTTP requests in this frame

Frame: https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
Frame ID: 274CBFDA7166C74CD24671BA68AF910B
Requests: 2 HTTP requests in this frame

Frame: https://thebestprizes.life/media/mainstream/frame.html
Frame ID: E7967FA4AE2D527ADEC8878600F77282
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Click "Allow" To Continue

Page URL History Show full URLs

  1. http://linkedin.com/slink?code=eufJv7bg HTTP 301
    https://www.linkedin.com/slink?code=eufJv7bg HTTP 301
    http://docscalls.shop/file.html?kwNUSEhDSJcqW_gAAAAABkpY-7Yzy3vzjltvPwbL72mBaEtDvYWvI6TJxypHwysXpy... HTTP 302
    https://alagoasredden.com/176366adc608189b800/2_1_41072/24_611105_0.0.0.0_4/1_1dkcfil Page URL
  2. https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356524701&pubid=690300 Page URL
  3. https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream... Page URL
  4. https://rezi.turetou.com/?utm_term=7252401687787208749 Page URL
  5. https://rezi.turetou.com/proc.php?26bc0bcd85468eded707a815e12f1b801f73999a Page URL
  6. https://gadbet.homes/help/Rm2VzY?sub_id_1=M7252401687787208749&sub_id_2=13260 HTTP 302
    https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee Page URL
  7. https://522.dutynotedot.live/wvnwcslc/article522.doc?u=bt1k60t&o=xqt63qn&m=1&t=deee&f=1&sid=t4~phwd35ekel... Page URL
  8. https://522.dutynotedot.live/web/?sid=t4~phwd35ekeln1sqjht0zpslwk HTTP 302
    https://appcloudlink.com/?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8... HTTP 302
    https://appcloudlink.com/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%... Page URL
  9. https://get.bestlifeoffers2023.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=08df... Page URL
  10. https://get.bestlifeoffers2023.com/?utm_term=7252401704967077961 Page URL

Page Statistics

14
Requests

93 %
HTTPS

36 %
IPv6

11
Domains

12
Subdomains

8
IPs

5
Countries

107 kB
Transfer

118 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://linkedin.com/slink?code=eufJv7bg HTTP 301
    https://www.linkedin.com/slink?code=eufJv7bg HTTP 301
    http://docscalls.shop/file.html?kwNUSEhDSJcqW_gAAAAABkpY-7Yzy3vzjltvPwbL72mBaEtDvYWvI6TJxypHwysXpyEWMs-tWHcMYGtMantWrRbkJW4eWBxb7j2vs5buzSni9Yajowi-mL0GwC8RSa3Sm3fmu2JEkxYBzJUIJDOTf87RRk HTTP 302
    https://alagoasredden.com/176366adc608189b800/2_1_41072/24_611105_0.0.0.0_4/1_1dkcfil Page URL
  2. https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356524701&pubid=690300 Page URL
  3. https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=8d9ae3c1&cid=pubc82c9255042042638967d028e8491b04&2=690300 Page URL
  4. https://rezi.turetou.com/?utm_term=7252401687787208749 Page URL
  5. https://rezi.turetou.com/proc.php?26bc0bcd85468eded707a815e12f1b801f73999a Page URL
  6. https://gadbet.homes/help/Rm2VzY?sub_id_1=M7252401687787208749&sub_id_2=13260 HTTP 302
    https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee Page URL
  7. https://522.dutynotedot.live/wvnwcslc/article522.doc?u=bt1k60t&o=xqt63qn&m=1&t=deee&f=1&sid=t4~phwd35ekeln1sqjht0zpslwk&fp=W97ojf4grj8yOZIWa%2BrQnMSsEZxWojQMaCzKOx43ZlkUmikg%2BlczzeMkk9jxDvaAJIKL4iTYSFeO8VU%2FyeZKJDgJw0J%2BBrhCTCrXCo8d45wAvfnOukt%2BXrNZt1YkkeIE16HuzdgR0c8hAQ4KTY6%2FV1HLywh1aAp38URw3VaQxnO%2B68kw7ENfTQfFS%2FrTvA3HGPFUifHSm2vbsn4CHScO0slfTKtKdChiveIYO3sPtcdMlbz6MnjDLx0I%2BieyUFytMeV%2BTc%2Fu7YjfWSR7S3BHlsz5jjXaB6PEQiGugh9YbMMDiB3SQC8wInUuDkqmZ8CIQQdUW%2B7dOI%2F0k4D0JWtlAYHsR4rEmh%2FawJfmfRUZ3wfnFlvzzEbv4pz2rf1x5UneLe8rG3MENKoN06s9SAiP8z%2ByQRQik71VrrpH%2BQpEgV%2BZVQ7%2B3qUjrsDMrHbdaZVJnTwyrRnB16T0Asa14W%2BkPGvd%2F11mgsEMOPCFFePwKTFwfT1MCMIxdTxO%2BFbCU7LzwXkjGdGVxu3TyRXW2LcxDlK8Wi0tDuURsRSnzr4veB3%2FWSkN27swHtvKGVJek6wo1xt75mFkkbjtRIgdXEiuv3uH9pHAVUn7uX3PHCvVloaJiulf5gFD7P%2BiaqoHAwnl5ztEIOxrCegf14747CypXcKzmf8OKumYIEXPhIze2lX0p5v6gopQOTR7u%2F3XIKAjiS0jcaiWO7z%2FNt36G9LydkfkYcJVK0VHyvWbrc1xqrl8HWmp%2FVwgy9nEhiVBkavSx%2Fh7hwxkL%2F3wV0mhG6AJtFy2GEx7%2BzZbegYMCvcFI5USkA3rkJCP9PZ4iIOmPD9v6ghyqPel4u7r8FuWjXcHp4G85okjkhCC8utUmL6lzYKpPd8c9KzlMMeF6LWM5XK%2Ft4EfAe5MJbWgMPgJ8JCTq%2BNdS05m0ccw6PUvxICvAv80s9hHoAtDeznKg8dSAQbV7ZBJhPR%2FaQjmkA6OMK6lhE5j6kWZZDUKXKxR2%2Fr3saAsykODYChHql4kPZ%2FPHCy2y09Z0BA00S9A7SDa31JeNkHqnU6eLLYV4cC7lYr%2FTSb9h5xA%2FsRcNm0l1Hk1reGBq9KSzcoWqDhSrIG2KNciCOXKF7Yd7%2FYy5lfwAFIe4Fp8IdcwCsNv2Y3ujH0h0Opzux2f2PBV2cpOBB3lwZOafOSdCjVY0N3xpIfvVt%2BNCmJOAyZ0q8whitJamfcBue0ka1I8cROAWHRbPYKgJY02rAVeQlTMMsZeT4Z84K03VZbZHHWPLOfqk3pZjZMhI6c1KDEuFEes3ZI%2BILocQg5mJzacOUVFmB3rMlbcV5%2B%2BG4fgF%2FOUTgEKrr7PZl0frtla2H%2F3AmaHgeLYfpGSPvJGmd5lMzlXluCycNlRjK4r7EWrvet67xgZ12p0JNPrXd48OppKBE%2FqDT9M0kmYpbfmTRvmFrTPsj%2BCK2ve1nWtNesGqptkLHnqIxOjAZz5RXPlX%2BRJhxdBrcSRcN%2BwVUimdcqbowZT5O0NfFI3koujpUGzHOZtCitebp%2F0oXft8ZiOLcrYPMMLKVudPq76sFqP6TXAR1IyEkX%2BRVXmO%2BdXirYKVYJm3ufOOYNI9u7jc4iyl%2FAVBbnaTifXCjfOaIwWUT16LpYxuy7dQE85nCt%2Bc2JhPJUnc1AKIXfrwi%2F8C2JEynUHi%2FiUy9DxrU%2FK2Zfzc7Ks6JADw%2FGxWkcjlcH8f0KmlY4VzMcM4YA4dkK%2FWpIe3WZiRdG8Ni4DFBewmWdGp43MYHUMEUULMydYcosA76RY53yrSOgX3XdiyK6XsYxks8ysUu1wKv0XO7CcB%2BRZufN8SXRtcQDJFJWz97afAYcLYuBimnd6KMY0ExJ0wjmEwtt%2FTyy98xOYaJVpAzYF%2FNkP40%2FqDUyaG5bu%2Fu7T%2BRRmjBFuWeOGgEtAfOVlA7F2Pwv8lt%2B6mqTwP7twd4RY0UEJdSJHsHfoyT4Xw4tU8lKQK4pmRuQHdILGQKJtRGjrmf1UoX%2F0XLwwKW0tiflBSXjqKxF7Jkt2Rk%2Fd705ifDk%3D Page URL
  8. https://522.dutynotedot.live/web/?sid=t4~phwd35ekeln1sqjht0zpslwk HTTP 302
    https://appcloudlink.com/?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11QbDIXtgrCCONTS0s4un9I4tv7PdrtYdIjQHqBaDwSQT09JW%2BRZZVcxt8eaMlaKnU%3D HTTP 302
    https://appcloudlink.com/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11QbDIXtgrCCONTS0s4un9I4tv7PdrtYdIjQHqBaDwSQT09JW%2BRZZVcxt8eaMlaKnU%3D Page URL
  9. https://get.bestlifeoffers2023.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=08df13c5-7952-4e20-ad15-fe0143aff0dc&np=1 Page URL
  10. https://get.bestlifeoffers2023.com/?utm_term=7252401704967077961 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://linkedin.com/slink?code=eufJv7bg HTTP 301
  • https://www.linkedin.com/slink?code=eufJv7bg HTTP 301
  • http://docscalls.shop/file.html?kwNUSEhDSJcqW_gAAAAABkpY-7Yzy3vzjltvPwbL72mBaEtDvYWvI6TJxypHwysXpyEWMs-tWHcMYGtMantWrRbkJW4eWBxb7j2vs5buzSni9Yajowi-mL0GwC8RSa3Sm3fmu2JEkxYBzJUIJDOTf87RRk HTTP 302
  • https://alagoasredden.com/176366adc608189b800/2_1_41072/24_611105_0.0.0.0_4/1_1dkcfil
Request Chain 3
  • https://lynku.jukminung.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
  • https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
Request Chain 8
  • https://gadbet.homes/help/Rm2VzY?sub_id_1=M7252401687787208749&sub_id_2=13260 HTTP 302
  • https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
Request Chain 11
  • https://522.dutynotedot.live/web/?sid=t4~phwd35ekeln1sqjht0zpslwk HTTP 302
  • https://appcloudlink.com/?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11QbDIXtgrCCONTS0s4un9I4tv7PdrtYdIjQHqBaDwSQT09JW%2BRZZVcxt8eaMlaKnU%3D HTTP 302
  • https://appcloudlink.com/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11QbDIXtgrCCONTS0s4un9I4tv7PdrtYdIjQHqBaDwSQT09JW%2BRZZVcxt8eaMlaKnU%3D

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
1_1dkcfil
alagoasredden.com/176366adc608189b800/2_1_41072/24_611105_0.0.0.0_4/
Redirect Chain
  • http://linkedin.com/slink?code=eufJv7bg
  • https://www.linkedin.com/slink?code=eufJv7bg
  • http://docscalls.shop/file.html?kwNUSEhDSJcqW_gAAAAABkpY-7Yzy3vzjltvPwbL72mBaEtDvYWvI6TJxypHwysXpyEWMs-tWHcMYGtMantWrRbkJW4eWBxb7j2vs5buzSni9Yajowi-mL0GwC8RSa3Sm3fmu2JEkxYBzJUIJDOTf87RRk
  • https://alagoasredden.com/176366adc608189b800/2_1_41072/24_611105_0.0.0.0_4/1_1dkcfil
137 B
450 B 		Document
General
Check archive.org
Download Go to
Full URL
https://alagoasredden.com/176366adc608189b800/2_1_41072/24_611105_0.0.0.0_4/1_1dkcfil
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
205.251.153.247 , United States, ASN11042 (NTHL, US),
Reverse DNS
saltworhaloak.com
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Length
137
Content-Type
text/html; charset=UTF-8
Date
Wed, 05 Jul 2023 18:22:32 GMT
Server
Apache

Redirect headers

Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Wed, 05 Jul 2023 18:22:30 GMT
Location
https://alagoasredden.com/176366adc608189b800/2_1_41072/24_611105_0.0.0.0_4/1_1dkcfil
Server
Apache
9e8aef8068
lynku.jukminung.com/rc/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356524701&pubid=690300
Requested by
Host: alagoasredden.com
URL: https://alagoasredden.com/176366adc608189b800/2_1_41072/24_611105_0.0.0.0_4/1_1dkcfil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc38c4fad1ecd27b833c5709650a792176b52e69f35a99af2686397d7ee6db38

Request headers

Referer
https://alagoasredden.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7e21a24e4d11377b-FRA
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Wed, 05 Jul 2023 18:22:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DXftzeHBdpXZ%2BBiz4ehGUVfvcBYX4EOB5rvhHjV6C6MXIzYeL5mJSO15f866wz%2F3Q0N%2FOUx%2BjQ0GJ94a5HtZCVM1pogj5em0Xd4DcilDCYq4RjvQ7%2FYw7BKVdWu78iXIlNCNKeb8%2FFsTrpwcFxVJsJrL"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie
redirect.css
cdn.addlnk.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356524701&pubid=690300
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:9efb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 05 Jul 2023 18:22:32 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
SK3KBGMKJ4YWWVBV
age
3507
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400
x-amz-id-2
eBDdEZo2g3ixnFPTboxVSgjMRQX3dQ63xWWEjrbl2vu0jkNe5fS7HtGt8F3jGl6QdU4QACxpR9I=
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5lzLrSp2nNzjVGQJeODH1DzVsCSBYOVXCXERhdC87tAaSBY%2BmrVpUD8DKxEpbCX5%2Br13PaWgOOg1mlacrKvfi0PyuLhBPs31TdNmNPanudh9BEJBCuIspFPQWldsKLkKJ8VV8OnONIIUSKLC8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
7e21a24f3ddf9195-FRA
invisible.js
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/ Frame 274C
Redirect Chain
  • https://lynku.jukminung.com/cdn-cgi/challenge-platform/scripts/invisible.js
  • https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
Protocol
H3
Server
2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
504c9c74c09d9a7dec78b575bb6498957bed380c08285d2ac4bb0132508c0579
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 05 Jul 2023 18:22:32 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7MANbypWZ3iH3f%2BOlxYSbzE5zexgPfSENT%2FBEczpDUy4Fc44%2FrrKFSA3yQfx70O37TaPzVMDNHcj50Hi7A9ppHjMUvjfaswJNLjzuS%2BHbHxSuPxxm6Inf4pdnBPP72QBQw5%2BqteuDKJYU4Ux8NcKPcy5"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
7e21a24f9f562c52-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Wed, 05 Jul 2023 18:22:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rEK%2B68NruUtBKN%2Bgle52%2B1YMEzuOdNtH0eAcSrZvAvE6LCP6bE49zCCtsBhE5QjCpXHR4cyUsKLWDrliQOWCmlxK%2FjMcry2dtTiDvCCjNrcmYZSGV82y1V9L0Mv3PJbZLG0t%2BQZAqxs9v7QzOuc7%2Fr2z"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/19b997cb/invisible.js
cache-control
max-age=300, public
cf-ray
7e21a24f8ece377b-FRA
alt-svc
h3=":443"; ma=86400
7e21a24e4d11377b
lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 274C 		0
588 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lynku.jukminung.com/cdn-cgi/challenge-platform/h/g/cv/result/7e21a24e4d11377b
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:92ee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 05 Jul 2023 18:22:33 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m8QOXrfXGZZ8QbmhGAwtQN4GIPuIFUQSGPYSD%2FOgts2zDpHZeIPlU05PLWzWEH2L1dz0IQJqAJMxxoMb7XO3GwZZqE%2FEyAXjl2MXwMHLXSm3O7KsCazY%2ByHtLMJKLo4eJgnrEUlDX%2FDEW34VCcav1PTt"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
7e21a250b9762c52-FRA
alt-svc
h3=":443"; ma=86400
/
rezi.turetou.com/ 		1 KB
926 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=8d9ae3c1&cid=pubc82c9255042042638967d028e8491b04&2=690300
Requested by
Host: lynku.jukminung.com
URL: https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356524701&pubid=690300
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 05 Jul 2023 18:22:33 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://rezi.turetou.com/?utm_term=7252401687787208749
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
/
rezi.turetou.com/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rezi.turetou.com/?utm_term=7252401687787208749
Requested by
Host: rezi.turetou.com
URL: https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=8d9ae3c1&cid=pubc82c9255042042638967d028e8491b04&2=690300
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
9024a3f8ea7fa125a24871dd4815960bd23587a8436d76756ffb852183aa0b9c

Request headers

Referer
https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=8d9ae3c1&cid=pubc82c9255042042638967d028e8491b04&2=690300
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 05 Jul 2023 18:22:33 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
proc.php
rezi.turetou.com/ 		1 KB
974 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rezi.turetou.com/proc.php?26bc0bcd85468eded707a815e12f1b801f73999a
Requested by
Host: rezi.turetou.com
URL: https://rezi.turetou.com/?utm_term=7252401687787208749
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash

Request headers

Referer
https://rezi.turetou.com/?utm_term=7252401687787208749
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 05 Jul 2023 18:22:33 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://gadbet.homes/help/Rm2VzY?sub_id_1=M7252401687787208749&sub_id_2=13260
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
/
thebestprizes.life/
Redirect Chain
  • https://gadbet.homes/help/Rm2VzY?sub_id_1=M7252401687787208749&sub_id_2=13260
  • https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
88 KB
88 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
Requested by
Host: rezi.turetou.com
URL: https://rezi.turetou.com/proc.php?26bc0bcd85468eded707a815e12f1b801f73999a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.155.184.98 , Switzerland, ASN5398 (AS5398, CH),
Reverse DNS
Software
nginx /
Resource Hash
7c8657ac02b036e5573e214e2b0c1550a6cff11043fa8123b4acb039b7582112

Request headers

Referer
https://rezi.turetou.com/proc.php?26bc0bcd85468eded707a815e12f1b801f73999a
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-transform
Connection
keep-alive
Content-Length
89776
Content-Type
text/html
Date
Wed, 05 Jul 2023 18:22:35 GMT
Server
nginx
cache-control
private

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=0
cf-cache-status
DYNAMIC
cf-ray
7e21a2564b459bbe-FRA
content-type
text/html; charset=utf-8
date
Wed, 05 Jul 2023 18:22:34 GMT
expires
Thu, 21 Jul 1977 07:30:00 GMT
last-modified
Wed, 05 Jul 2023 18:22:34 GMT
location
https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kqo%2Bt20rEZ%2FlnIWwvwXyX%2F9J7iARKbxGWWO1JcYzMTdsj%2BhCG2z6tAYApukVhpdlVo8w19hnrEwW0qnz7y5kTtGkCRxQ3TMlFejoDSjXCN0KO34471AjuCX5Bts3DfXtcrGbk0RgC8cY5aw%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.0.33
frame.html
thebestprizes.life/media/mainstream/ Frame E796 		39 B
825 B 		Document
General
Check archive.org
Download Go to
Full URL
https://thebestprizes.life/media/mainstream/frame.html
Requested by
Host: thebestprizes.life
URL: https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.155.184.98 , Switzerland, ASN5398 (AS5398, CH),
Reverse DNS
Software
nginx /
Resource Hash
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=31536000 no-transform
Connection
keep-alive
Content-Length
39
Content-Security-Policy
block-all-mixed-content
Content-Type
text/html
Date
Wed, 05 Jul 2023 18:22:35 GMT
ETag
"086707e4369f60afedcafb16050a7618"
Expires
Thu, 04 Jul 2024 18:22:35 GMT
Last-Modified
Mon, 20 Feb 2023 09:34:05 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Origin Accept-Encoding
X-Amz-Request-Id
176F0A4F8891B3EF
X-Content-Type-Options
nosniff
X-Xss-Protection
1; mode=block
x-amz-meta-mc-attrs
atime:1676843338#351669788/gid:0/gname:root/mode:33279/mtime:1655387452#842583333/uid:0/uname:root
x-amz-meta-mm-source-mtime
2022-06-16T13:50:52.842583333Z
article522.doc
522.dutynotedot.live/wvnwcslc/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://522.dutynotedot.live/wvnwcslc/article522.doc?u=bt1k60t&o=xqt63qn&m=1&t=deee&f=1&sid=t4~phwd35ekeln1sqjht0zpslwk&fp=W97ojf4grj8yOZIWa%2BrQnMSsEZxWojQMaCzKOx43ZlkUmikg%2BlczzeMkk9jxDvaAJIKL4iTYSFeO8VU%2FyeZKJDgJw0J%2BBrhCTCrXCo8d45wAvfnOukt%2BXrNZt1YkkeIE16HuzdgR0c8hAQ4KTY6%2FV1HLywh1aAp38URw3VaQxnO%2B68kw7ENfTQfFS%2FrTvA3HGPFUifHSm2vbsn4CHScO0slfTKtKdChiveIYO3sPtcdMlbz6MnjDLx0I%2BieyUFytMeV%2BTc%2Fu7YjfWSR7S3BHlsz5jjXaB6PEQiGugh9YbMMDiB3SQC8wInUuDkqmZ8CIQQdUW%2B7dOI%2F0k4D0JWtlAYHsR4rEmh%2FawJfmfRUZ3wfnFlvzzEbv4pz2rf1x5UneLe8rG3MENKoN06s9SAiP8z%2ByQRQik71VrrpH%2BQpEgV%2BZVQ7%2B3qUjrsDMrHbdaZVJnTwyrRnB16T0Asa14W%2BkPGvd%2F11mgsEMOPCFFePwKTFwfT1MCMIxdTxO%2BFbCU7LzwXkjGdGVxu3TyRXW2LcxDlK8Wi0tDuURsRSnzr4veB3%2FWSkN27swHtvKGVJek6wo1xt75mFkkbjtRIgdXEiuv3uH9pHAVUn7uX3PHCvVloaJiulf5gFD7P%2BiaqoHAwnl5ztEIOxrCegf14747CypXcKzmf8OKumYIEXPhIze2lX0p5v6gopQOTR7u%2F3XIKAjiS0jcaiWO7z%2FNt36G9LydkfkYcJVK0VHyvWbrc1xqrl8HWmp%2FVwgy9nEhiVBkavSx%2Fh7hwxkL%2F3wV0mhG6AJtFy2GEx7%2BzZbegYMCvcFI5USkA3rkJCP9PZ4iIOmPD9v6ghyqPel4u7r8FuWjXcHp4G85okjkhCC8utUmL6lzYKpPd8c9KzlMMeF6LWM5XK%2Ft4EfAe5MJbWgMPgJ8JCTq%2BNdS05m0ccw6PUvxICvAv80s9hHoAtDeznKg8dSAQbV7ZBJhPR%2FaQjmkA6OMK6lhE5j6kWZZDUKXKxR2%2Fr3saAsykODYChHql4kPZ%2FPHCy2y09Z0BA00S9A7SDa31JeNkHqnU6eLLYV4cC7lYr%2FTSb9h5xA%2FsRcNm0l1Hk1reGBq9KSzcoWqDhSrIG2KNciCOXKF7Yd7%2FYy5lfwAFIe4Fp8IdcwCsNv2Y3ujH0h0Opzux2f2PBV2cpOBB3lwZOafOSdCjVY0N3xpIfvVt%2BNCmJOAyZ0q8whitJamfcBue0ka1I8cROAWHRbPYKgJY02rAVeQlTMMsZeT4Z84K03VZbZHHWPLOfqk3pZjZMhI6c1KDEuFEes3ZI%2BILocQg5mJzacOUVFmB3rMlbcV5%2B%2BG4fgF%2FOUTgEKrr7PZl0frtla2H%2F3AmaHgeLYfpGSPvJGmd5lMzlXluCycNlRjK4r7EWrvet67xgZ12p0JNPrXd48OppKBE%2FqDT9M0kmYpbfmTRvmFrTPsj%2BCK2ve1nWtNesGqptkLHnqIxOjAZz5RXPlX%2BRJhxdBrcSRcN%2BwVUimdcqbowZT5O0NfFI3koujpUGzHOZtCitebp%2F0oXft8ZiOLcrYPMMLKVudPq76sFqP6TXAR1IyEkX%2BRVXmO%2BdXirYKVYJm3ufOOYNI9u7jc4iyl%2FAVBbnaTifXCjfOaIwWUT16LpYxuy7dQE85nCt%2Bc2JhPJUnc1AKIXfrwi%2F8C2JEynUHi%2FiUy9DxrU%2FK2Zfzc7Ks6JADw%2FGxWkcjlcH8f0KmlY4VzMcM4YA4dkK%2FWpIe3WZiRdG8Ni4DFBewmWdGp43MYHUMEUULMydYcosA76RY53yrSOgX3XdiyK6XsYxks8ysUu1wKv0XO7CcB%2BRZufN8SXRtcQDJFJWz97afAYcLYuBimnd6KMY0ExJ0wjmEwtt%2FTyy98xOYaJVpAzYF%2FNkP40%2FqDUyaG5bu%2Fu7T%2BRRmjBFuWeOGgEtAfOVlA7F2Pwv8lt%2B6mqTwP7twd4RY0UEJdSJHsHfoyT4Xw4tU8lKQK4pmRuQHdILGQKJtRGjrmf1UoX%2F0XLwwKW0tiflBSXjqKxF7Jkt2Rk%2Fd705ifDk%3D
Requested by
Host: thebestprizes.life
URL: https://thebestprizes.life/?u=bt1k60t&o=xqt63qn&m=1&t=deee
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.248.199.138 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
binax-cloud-aodlp9mtvv0x3wcc1yl2.cloud
Software
nginx /
Resource Hash

Request headers

Referer
https://thebestprizes.life/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-transform
Connection
keep-alive
Content-Length
1644
Content-Type
text/html
Date
Wed, 05 Jul 2023 18:22:37 GMT
Server
nginx
cache-control
private
away.php
appcloudlink.com/
Redirect Chain
  • https://522.dutynotedot.live/web/?sid=t4~phwd35ekeln1sqjht0zpslwk
  • https://appcloudlink.com/?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11QbDIXtgrCCONTS0s4un9...
  • https://appcloudlink.com/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11QbDIXtgrCCON...
349 B
489 B 		Document
General
Check archive.org
Download Go to
Full URL
https://appcloudlink.com/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11QbDIXtgrCCONTS0s4un9I4tv7PdrtYdIjQHqBaDwSQT09JW%2BRZZVcxt8eaMlaKnU%3D
Requested by
Host: 522.dutynotedot.live
URL: https://522.dutynotedot.live/wvnwcslc/article522.doc?u=bt1k60t&o=xqt63qn&m=1&t=deee&f=1&sid=t4~phwd35ekeln1sqjht0zpslwk&fp=W97ojf4grj8yOZIWa%2BrQnMSsEZxWojQMaCzKOx43ZlkUmikg%2BlczzeMkk9jxDvaAJIKL4iTYSFeO8VU%2FyeZKJDgJw0J%2BBrhCTCrXCo8d45wAvfnOukt%2BXrNZt1YkkeIE16HuzdgR0c8hAQ4KTY6%2FV1HLywh1aAp38URw3VaQxnO%2B68kw7ENfTQfFS%2FrTvA3HGPFUifHSm2vbsn4CHScO0slfTKtKdChiveIYO3sPtcdMlbz6MnjDLx0I%2BieyUFytMeV%2BTc%2Fu7YjfWSR7S3BHlsz5jjXaB6PEQiGugh9YbMMDiB3SQC8wInUuDkqmZ8CIQQdUW%2B7dOI%2F0k4D0JWtlAYHsR4rEmh%2FawJfmfRUZ3wfnFlvzzEbv4pz2rf1x5UneLe8rG3MENKoN06s9SAiP8z%2ByQRQik71VrrpH%2BQpEgV%2BZVQ7%2B3qUjrsDMrHbdaZVJnTwyrRnB16T0Asa14W%2BkPGvd%2F11mgsEMOPCFFePwKTFwfT1MCMIxdTxO%2BFbCU7LzwXkjGdGVxu3TyRXW2LcxDlK8Wi0tDuURsRSnzr4veB3%2FWSkN27swHtvKGVJek6wo1xt75mFkkbjtRIgdXEiuv3uH9pHAVUn7uX3PHCvVloaJiulf5gFD7P%2BiaqoHAwnl5ztEIOxrCegf14747CypXcKzmf8OKumYIEXPhIze2lX0p5v6gopQOTR7u%2F3XIKAjiS0jcaiWO7z%2FNt36G9LydkfkYcJVK0VHyvWbrc1xqrl8HWmp%2FVwgy9nEhiVBkavSx%2Fh7hwxkL%2F3wV0mhG6AJtFy2GEx7%2BzZbegYMCvcFI5USkA3rkJCP9PZ4iIOmPD9v6ghyqPel4u7r8FuWjXcHp4G85okjkhCC8utUmL6lzYKpPd8c9KzlMMeF6LWM5XK%2Ft4EfAe5MJbWgMPgJ8JCTq%2BNdS05m0ccw6PUvxICvAv80s9hHoAtDeznKg8dSAQbV7ZBJhPR%2FaQjmkA6OMK6lhE5j6kWZZDUKXKxR2%2Fr3saAsykODYChHql4kPZ%2FPHCy2y09Z0BA00S9A7SDa31JeNkHqnU6eLLYV4cC7lYr%2FTSb9h5xA%2FsRcNm0l1Hk1reGBq9KSzcoWqDhSrIG2KNciCOXKF7Yd7%2FYy5lfwAFIe4Fp8IdcwCsNv2Y3ujH0h0Opzux2f2PBV2cpOBB3lwZOafOSdCjVY0N3xpIfvVt%2BNCmJOAyZ0q8whitJamfcBue0ka1I8cROAWHRbPYKgJY02rAVeQlTMMsZeT4Z84K03VZbZHHWPLOfqk3pZjZMhI6c1KDEuFEes3ZI%2BILocQg5mJzacOUVFmB3rMlbcV5%2B%2BG4fgF%2FOUTgEKrr7PZl0frtla2H%2F3AmaHgeLYfpGSPvJGmd5lMzlXluCycNlRjK4r7EWrvet67xgZ12p0JNPrXd48OppKBE%2FqDT9M0kmYpbfmTRvmFrTPsj%2BCK2ve1nWtNesGqptkLHnqIxOjAZz5RXPlX%2BRJhxdBrcSRcN%2BwVUimdcqbowZT5O0NfFI3koujpUGzHOZtCitebp%2F0oXft8ZiOLcrYPMMLKVudPq76sFqP6TXAR1IyEkX%2BRVXmO%2BdXirYKVYJm3ufOOYNI9u7jc4iyl%2FAVBbnaTifXCjfOaIwWUT16LpYxuy7dQE85nCt%2Bc2JhPJUnc1AKIXfrwi%2F8C2JEynUHi%2FiUy9DxrU%2FK2Zfzc7Ks6JADw%2FGxWkcjlcH8f0KmlY4VzMcM4YA4dkK%2FWpIe3WZiRdG8Ni4DFBewmWdGp43MYHUMEUULMydYcosA76RY53yrSOgX3XdiyK6XsYxks8ysUu1wKv0XO7CcB%2BRZufN8SXRtcQDJFJWz97afAYcLYuBimnd6KMY0ExJ0wjmEwtt%2FTyy98xOYaJVpAzYF%2FNkP40%2FqDUyaG5bu%2Fu7T%2BRRmjBFuWeOGgEtAfOVlA7F2Pwv8lt%2B6mqTwP7twd4RY0UEJdSJHsHfoyT4Xw4tU8lKQK4pmRuQHdILGQKJtRGjrmf1UoX%2F0XLwwKW0tiflBSXjqKxF7Jkt2Rk%2Fd705ifDk%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.77.230.212 Whitechapel, United Kingdom, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.230.212.vultrusercontent.com
Software
openresty /
Resource Hash

Request headers

Referer
https://522.dutynotedot.live/wvnwcslc/article522.doc?u=bt1k60t&o=xqt63qn&m=1&t=deee&f=1&sid=t4~phwd35ekeln1sqjht0zpslwk&fp=W97ojf4grj8yOZIWa%2BrQnMSsEZxWojQMaCzKOx43ZlkUmikg%2BlczzeMkk9jxDvaAJIKL4iTYSFeO8VU%2FyeZKJDgJw0J%2BBrhCTCrXCo8d45wAvfnOukt%2BXrNZt1YkkeIE16HuzdgR0c8hAQ4KTY6%2FV1HLywh1aAp38URw3VaQxnO%2B68kw7ENfTQfFS%2FrTvA3HGPFUifHSm2vbsn4CHScO0slfTKtKdChiveIYO3sPtcdMlbz6MnjDLx0I%2BieyUFytMeV%2BTc%2Fu7YjfWSR7S3BHlsz5jjXaB6PEQiGugh9YbMMDiB3SQC8wInUuDkqmZ8CIQQdUW%2B7dOI%2F0k4D0JWtlAYHsR4rEmh%2FawJfmfRUZ3wfnFlvzzEbv4pz2rf1x5UneLe8rG3MENKoN06s9SAiP8z%2ByQRQik71VrrpH%2BQpEgV%2BZVQ7%2B3qUjrsDMrHbdaZVJnTwyrRnB16T0Asa14W%2BkPGvd%2F11mgsEMOPCFFePwKTFwfT1MCMIxdTxO%2BFbCU7LzwXkjGdGVxu3TyRXW2LcxDlK8Wi0tDuURsRSnzr4veB3%2FWSkN27swHtvKGVJek6wo1xt75mFkkbjtRIgdXEiuv3uH9pHAVUn7uX3PHCvVloaJiulf5gFD7P%2BiaqoHAwnl5ztEIOxrCegf14747CypXcKzmf8OKumYIEXPhIze2lX0p5v6gopQOTR7u%2F3XIKAjiS0jcaiWO7z%2FNt36G9LydkfkYcJVK0VHyvWbrc1xqrl8HWmp%2FVwgy9nEhiVBkavSx%2Fh7hwxkL%2F3wV0mhG6AJtFy2GEx7%2BzZbegYMCvcFI5USkA3rkJCP9PZ4iIOmPD9v6ghyqPel4u7r8FuWjXcHp4G85okjkhCC8utUmL6lzYKpPd8c9KzlMMeF6LWM5XK%2Ft4EfAe5MJbWgMPgJ8JCTq%2BNdS05m0ccw6PUvxICvAv80s9hHoAtDeznKg8dSAQbV7ZBJhPR%2FaQjmkA6OMK6lhE5j6kWZZDUKXKxR2%2Fr3saAsykODYChHql4kPZ%2FPHCy2y09Z0BA00S9A7SDa31JeNkHqnU6eLLYV4cC7lYr%2FTSb9h5xA%2FsRcNm0l1Hk1reGBq9KSzcoWqDhSrIG2KNciCOXKF7Yd7%2FYy5lfwAFIe4Fp8IdcwCsNv2Y3ujH0h0Opzux2f2PBV2cpOBB3lwZOafOSdCjVY0N3xpIfvVt%2BNCmJOAyZ0q8whitJamfcBue0ka1I8cROAWHRbPYKgJY02rAVeQlTMMsZeT4Z84K03VZbZHHWPLOfqk3pZjZMhI6c1KDEuFEes3ZI%2BILocQg5mJzacOUVFmB3rMlbcV5%2B%2BG4fgF%2FOUTgEKrr7PZl0frtla2H%2F3AmaHgeLYfpGSPvJGmd5lMzlXluCycNlRjK4r7EWrvet67xgZ12p0JNPrXd48OppKBE%2FqDT9M0kmYpbfmTRvmFrTPsj%2BCK2ve1nWtNesGqptkLHnqIxOjAZz5RXPlX%2BRJhxdBrcSRcN%2BwVUimdcqbowZT5O0NfFI3koujpUGzHOZtCitebp%2F0oXft8ZiOLcrYPMMLKVudPq76sFqP6TXAR1IyEkX%2BRVXmO%2BdXirYKVYJm3ufOOYNI9u7jc4iyl%2FAVBbnaTifXCjfOaIwWUT16LpYxuy7dQE85nCt%2Bc2JhPJUnc1AKIXfrwi%2F8C2JEynUHi%2FiUy9DxrU%2FK2Zfzc7Ks6JADw%2FGxWkcjlcH8f0KmlY4VzMcM4YA4dkK%2FWpIe3WZiRdG8Ni4DFBewmWdGp43MYHUMEUULMydYcosA76RY53yrSOgX3XdiyK6XsYxks8ysUu1wKv0XO7CcB%2BRZufN8SXRtcQDJFJWz97afAYcLYuBimnd6KMY0ExJ0wjmEwtt%2FTyy98xOYaJVpAzYF%2FNkP40%2FqDUyaG5bu%2Fu7T%2BRRmjBFuWeOGgEtAfOVlA7F2Pwv8lt%2B6mqTwP7twd4RY0UEJdSJHsHfoyT4Xw4tU8lKQK4pmRuQHdILGQKJtRGjrmf1UoX%2F0XLwwKW0tiflBSXjqKxF7Jkt2Rk%2Fd705ifDk%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 05 Jul 2023 18:22:37 GMT
Server
openresty
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 05 Jul 2023 18:22:37 GMT
Location
/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11QbDIXtgrCCONTS0s4un9I4tv7PdrtYdIjQHqBaDwSQT09JW%2BRZZVcxt8eaMlaKnU%3D
Server
openresty
Transfer-Encoding
chunked
/
get.bestlifeoffers2023.com/ 		1 KB
939 B 		Document
General
Check archive.org
Download Go to
Full URL
https://get.bestlifeoffers2023.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=08df13c5-7952-4e20-ad15-fe0143aff0dc&np=1
Requested by
Host: appcloudlink.com
URL: https://appcloudlink.com/away.php?url=I4WHKFughjJnh4P2Hz2GP%2FqqRx0kMfznGIMtsxAHmnvOQof7FepBW%2FU30Q%2FXSYGg8rMkR63eTZnkerty2eaBph7u6Xf%2FH4aP8sDcdW4deZXFgy5lWKnuBXQZtNM7SlCYKLgtRhX7T11QbDIXtgrCCONTS0s4un9I4tv7PdrtYdIjQHqBaDwSQT09JW%2BRZZVcxt8eaMlaKnU%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.212.184.150 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 05 Jul 2023 18:22:37 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://get.bestlifeoffers2023.com/?utm_term=7252401704967077961
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
Primary Request /
get.bestlifeoffers2023.com/ 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://get.bestlifeoffers2023.com/?utm_term=7252401704967077961
Requested by
Host: get.bestlifeoffers2023.com
URL: https://get.bestlifeoffers2023.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=08df13c5-7952-4e20-ad15-fe0143aff0dc&np=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.212.184.150 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
e3f68c5aca926145feb767e5eded2b9e79ee783dc3667e88ea821a1bfa31a449

Request headers

Referer
https://get.bestlifeoffers2023.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=08df13c5-7952-4e20-ad15-fe0143aff0dc&np=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 05 Jul 2023 18:22:37 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend string| pm_appKey function| pm_denyAction string| pm_tag function| pm_allowAction

11 Cookies

Domain/Path Name / Value
.linkedin.com/ Name: bcookie
Value: "v=2&8157ccb9-c248-45a9-8fb9-43efbb9b9756"
.www.linkedin.com/ Name: bscookie
Value: "v=1&20230705182229a38b7a6e-cfcc-401a-8750-3c60b42e7f6eAQFehVdfYwrfP-9msCmGKFd25q6Ac-7v"
.linkedin.com/ Name: li_gc
Value: MTswOzE2ODg1ODEzNDk7MjswMjEwyq3NjkZ6T58Y/kMxsZUkpie4reuGZA1+LhfeEUGYkA==
.linkedin.com/ Name: lidc
Value: "b=OGST01:s=O:r=O:a=O:p=O:g=2992:u=1:x=1:i=1688581349:t=1688667749:v=2:sig=AQHl6KW2EF15n2SsYaSzIFFTvrUVVtOS"
alagoasredden.com/ Name: uid15295
Value: 1356524701-20230705142232-57a538ad41413b288dcf73ad4a945ff2-
lynku.jukminung.com/ Name: AWSALB
Value: 9oYafdjOnhOXhFnWp1HUe+QDDKCmPrPmSefoLAfs8bRAjq8ZPDQ7U6f+r15tKALo8tDkthuo3gDfmZmfD8MOG/hUvmyVc8Idzl2f/1o5uoOPEQ2Y3WFo+1gh1nPg
.jukminung.com/ Name: __cf_bm
Value: ZLuGQEgVKmtsXxB8BtA6XqbpkJq46JDl2z2EHfgg9rU-1688581353-0-AZABBIKm0fHOwEqYdH31WIUePvMXiMVEkHOHDjNFt5ZSwRwZCEx5kRJaQtekDXgkkQ==
.gadbet.homes/ Name: 00831
Value: %7B%22streams%22%3A%7B%2213160%22%3A1688581354%7D%2C%22campaigns%22%3A%7B%2210166%22%3A1688581354%7D%2C%22time%22%3A1688581354%7D
thebestprizes.life/ Name: sid
Value: t4~phwd35ekeln1sqjht0zpslwk
thebestprizes.life/ Name: p1
Value: https://dutynotedot.live/wvnwcslc/
thebestprizes.life/ Name: s1
Value: 87c15iwwi7u4a48y