Overview

URL comilar-efferiff.icu/e4caf37b-5cda-4660-8134-b38acdadec25
IP18.193.146.82
ASNAMAZON-02
Location Germany
Report completed2022-11-24 07:06:57 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-24 2 securely-send.com/storage/CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.js Phishing
2022-11-24 2 spinningwheel.online/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Malware
2022-11-24 2 spinningwheel.online/wp-content/plugins/bet-landers/media/prize.svg Malware
2022-11-24 2 spinningwheel.online/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 Malware
2022-11-24 2 spinningwheel.online/wp-content/plugins/bet-landers/assets/js/bet-landers-s (...) Malware
2022-11-24 2 spinningwheel.online/wp-content/plugins/bet-landers/assets/js/bet-landers-p (...) Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (17)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS www.sportsinteraction.com (1) 359201 2017-02-04 10:50:40 UTC 2022-11-23 11:02:23 UTC 104.18.20.10
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-23 05:36:31 UTC 34.102.187.140
mnemonic passive DNS e1.o.lencr.org (2) 6159 No data No data 23.36.76.226
mnemonic passive DNS media.sia.com (2) 0 No data No data 40.127.232.184 Unknown ranking
mnemonic passive DNS ocsp2.globalsign.com (1) 1544 2012-05-23 18:10:04 UTC 2020-03-15 21:19:16 UTC 104.18.21.226
mnemonic passive DNS push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.187.31.159
mnemonic passive DNS img-getpocket.cdn.mozilla.net (3) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
mnemonic passive DNS ic.aff-handler.com (2) 186950 2020-03-06 10:30:38 UTC 2022-11-23 20:30:06 UTC 217.147.127.42
mnemonic passive DNS r3.o.lencr.org (3) 344 No data No data 23.36.77.32
mnemonic passive DNS cdn.onesignal.com (1) 3015 2015-04-22 13:41:50 UTC 2022-11-23 06:38:52 UTC 104.18.225.52
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-23 05:36:46 UTC 34.117.237.239
mnemonic passive DNS securely-send.com (1) 289562 2019-12-16 23:44:57 UTC 2022-11-23 12:01:27 UTC 161.35.78.172
mnemonic passive DNS spinningwheel.online (10) 0 2019-07-09 12:45:22 UTC 2022-11-24 02:57:56 UTC 172.64.97.8 Unknown ranking
mnemonic passive DNS status.thawte.com (1) 5123 2019-03-13 17:00:46 UTC 2020-04-10 08:00:21 UTC 93.184.220.29
mnemonic passive DNS comilar-efferiff.icu (1) 202270 2020-05-04 10:08:02 UTC 2022-11-23 10:09:50 UTC 18.193.146.82
mnemonic passive DNS ocsp.digicert.com (8) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 18.193.146.82

Date UQ / IDS / BL URL IP
2022-12-02 00:19:43 +0000
0 - 0 - 12 bl.trackham.com/f9908105-7257-45be-97c0-99904 (...) 18.193.146.82
2022-12-01 21:51:14 +0000
0 - 0 - 1 walter-larence.com/e90c5688-f303-43ee-8f72-7d (...) 18.193.146.82
2022-12-01 11:07:14 +0000
0 - 0 - 1 walter-larence.com/32090fb9-a01d-4354-a8dc-ba (...) 18.193.146.82
2022-11-30 21:40:38 +0000
0 - 0 - 11 bl.trackham.com/f9908105-7257-45be-97c0-99904 (...) 18.193.146.82
2022-11-30 07:34:34 +0000
0 - 0 - 1 walter-larence.com/f8756588-2326-45d7-95cb-b1 (...) 18.193.146.82

Last 5 reports on ASN: AMAZON-02

Date UQ / IDS / BL URL IP
2022-12-02 03:36:01 +0000
7 - 0 - 4 www.onlineservicetec.com/landingpages/fe996bb (...) 52.208.240.113
2022-12-02 03:35:12 +0000
7 - 0 - 4 www.e-serviceparts.info/landingpages/fe996bbf (...) 34.254.123.254
2022-12-02 03:35:07 +0000
7 - 0 - 3 www.e-serviceparts.info/landingpages/fe996bbf (...) 34.254.123.254
2022-12-02 03:33:05 +0000
0 - 0 - 1 theorganicfarmgate.com.au/assets.wetransfer.n (...) 5.22.145.180
2022-12-02 03:33:04 +0000
0 - 0 - 2 ww25.tivi.itepress.com/feeds/posts/default%5C (...) 199.59.243.222

Last 4 reports on domain: comilar-efferiff.icu

Date UQ / IDS / BL URL IP
2022-11-27 15:11:22 +0000
0 - 0 - 3 comilar-efferiff.icu/b6bad7e6-3b49-4e0d-aee2- (...) 18.193.146.82
2022-11-25 11:00:44 +0000
0 - 0 - 3 comilar-efferiff.icu/5a74d436-d033-4dea-9b5f- (...) 18.193.146.82
2022-11-24 07:06:57 +0000
0 - 0 - 6 comilar-efferiff.icu/e4caf37b-5cda-4660-8134- (...) 18.193.146.82
2022-11-23 12:01:26 +0000
0 - 0 - 1 comilar-efferiff.icu/b6bad7e6-3b49-4e0d-aee2- (...) 18.193.146.82

Last 4 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-28 09:17:54 +0000
0 - 0 - 2 convertmb.com/0a1ca9d4-80a6-4a54-bc5b-e33a5c70f460 23.22.112.25
2022-11-27 15:11:22 +0000
0 - 0 - 3 comilar-efferiff.icu/b6bad7e6-3b49-4e0d-aee2- (...) 18.193.146.82
2022-11-25 11:00:44 +0000
0 - 0 - 3 comilar-efferiff.icu/5a74d436-d033-4dea-9b5f- (...) 18.193.146.82
2022-11-23 12:01:26 +0000
0 - 0 - 1 comilar-efferiff.icu/b6bad7e6-3b49-4e0d-aee2- (...) 18.193.146.82


JavaScript

Executed Scripts (13)


Executed Evals (1)

#1 JavaScript::Eval (size: 8243, repeated: 1) - SHA256: 3b2dd7e8622a86f9df2323bcea7ef53ff8b40abbb5b8b269847ff5571eaa12af

                                        const iFrameX_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = class {
    constructor({
        attr, content, append, config
    }) {
        this.attr = attr || {};
        this.content = content || [];
        this.body = document.querySelector(append) || document.querySelector('body');
        this.id = Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
        this.events = [];
        this.iframe = null;
        this.debug = config.debug || false;
        this.action = (typeof config.action === 'function') ? config.action : function(msg) {};
    };
    init() {
        this._createIframe((iframe) => {
            if (iframe) {
                this._addElements(this.content);
            }
        });
    };
    _createIframe(callback) {
        if (!this.iframe) {
            let iframe = document.createElement('iframe');
            iframe.setAttribute('iframe-id', this.id);
            iframe.setAttribute('style', 'display:none');
            const attr = Object.keys(this.attr);
            if (attr.length > 0) {
                attr.map((i) => {
                    iframe.setAttribute(i, this.attr[i]);
                });
            }
            this.body.appendChild(iframe);
            this.iframe = document.querySelector(`[iframe-id="${this.id}"]`);
            this._addEventListener();
            (typeof callback === 'function') && callback(iframe);
        } else {
            console.error('An iframe already exists, please instance a new iFrameX.');
            (typeof callback === 'function') && callback(null);
        }
    };
    _addElements(elements) {
        function _createAndBind(i) {
            const el = document.createElement(i.type);
            if (i.content && i.content !== '') {
                if (i.type === 'script' || i.type === 'style') {
                    el.appendChild(document.createTextNode(i.content));
                } else {
                    el.innerHTML = i.content;
                }
            };
            (i.attr) && Object.keys(i.attr).map((a) => {
                el.setAttribute(a, i.attr[a]);
            });
            return el;
        }
        if (Array.isArray(elements) && elements.length > 0) {
            elements.map((obj) => {
                let el = (!obj.append) ? 'body' : obj.append;
                setTimeout(() => this.iframe.contentWindow.document.querySelector(el).appendChild(_createAndBind(obj)), 1);
            });
        } else if (typeof elements === 'object') {
            let el = (!elements.append) ? 'body' : elements.append;
            setTimeout(() => this.iframe.contentWindow.document.querySelector(el).appendChild(_createAndBind(elements)), 1);
        }
    };
    _addEventListener() {
        this._addElements({
            type: 'script',
            content: this._bindEvent('window', `'message'`, this.action)
        });
    };
    _bindEvent(element, eventName, eventHandler) {
        let event = null;
        element = (element === 'window') ? element : `document.querySelector(${element})`;
        if (window.addEventListener) {
            event = `${element}.addEventListener(${eventName}, ${eventHandler}, false);`
        } else if (window.attachEvent) {
            event = `${element}.attachEvent(on${eventName}, ${eventHandler});`
        }
        return event;
    };
};
document.getElementById('CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel').innerHTML = '';
let link_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://www.bet365.com/olp/open-account?affiliate=365_01240406';
let w_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = window.innerWidth;
if ('https://www.bet365.com/olp/open-account?affiliate=365_01240406') {
    if (w_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel < 768) {
        link_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://www.bet365.com/olp/open-account?affiliate=365_01240406';
    }
}
let iframe_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = null;
const content_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = {
    attr: {
        id: 'iframex_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        attr: {
            src: link_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel,
            width: '0',
            height: '0',
            id: 'iframe_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = new iFrameX_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel(content_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel);
setTimeout(function() {
    iframe_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.init()
}, 2 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel").remove();
}, 10 * 1000);
let link_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://media.sia.com/C.ashx?btag=a_11050b_2034c_&affid=7346&siteid=11050&adid=2034&c=';
let w_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = window.innerWidth;
if ('https://media.sia.com/C.ashx?btag=a_11050b_2034c_&affid=7346&siteid=11050&adid=2034&c=') {
    if (w_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel < 768) {
        link_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://media.sia.com/C.ashx?btag=a_11050b_2034c_&affid=7346&siteid=11050&adid=2034&c=';
    }
}
let iframe_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = null;
const content_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = {
    attr: {
        id: 'iframex_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        attr: {
            src: link_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel,
            width: '0',
            height: '0',
            id: 'iframe_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = new iFrameX_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel(content_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel);
setTimeout(function() {
    iframe_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.init()
}, 2 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_0_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel").remove();
}, 10 * 1000);
let link_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://betway.com/bwp/betwaycanada1000/en-ca?s=bw210317&a=AFF3735587078847160&utm_source=210317&utm_medium=Affiliate&utm_campaign=AFF3735587078847160';
let w_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = window.innerWidth;
if ('https://betway.com/bwp/betwaycanada1000/en-ca?s=bw210317&a=AFF3735587078847160&utm_source=210317&utm_medium=Affiliate&utm_campaign=AFF3735587078847160') {
    if (w_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel < 768) {
        link_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://betway.com/bwp/betwaycanada1000/en-ca?s=bw210317&a=AFF3735587078847160&utm_source=210317&utm_medium=Affiliate&utm_campaign=AFF3735587078847160';
    }
}
let iframe_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = null;
const content_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = {
    attr: {
        id: 'iframex_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        attr: {
            src: link_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel,
            width: '0',
            height: '0',
            id: 'iframe_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = new iFrameX_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel(content_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel);
setTimeout(function() {
    iframe_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.init()
}, 2 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_1_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel").remove();
}, 10 * 1000);
let link_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://www.jackpotcitycasino.com/canada/?s=bfp23089&a=bfpadid161441';
let w_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = window.innerWidth;
if ('https://www.jackpotcitycasino.com/canada/?s=bfp23089&a=bfpadid161441') {
    if (w_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel < 768) {
        link_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://www.jackpotcitycasino.com/canada/?s=bfp23089&a=bfpadid161441';
    }
}
let iframe_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = null;
const content_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = {
    attr: {
        id: 'iframex_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        attr: {
            src: link_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel,
            width: '0',
            height: '0',
            id: 'iframe_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = new iFrameX_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel(content_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel);
setTimeout(function() {
    iframe_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.init()
}, 2 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_2_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel").remove();
}, 10 * 1000);
let link_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://ic.aff-handler.com/c/47915?sr=1845335';
let w_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = window.innerWidth;
if ('https://ic.aff-handler.com/c/47915?sr=1845335') {
    if (w_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel < 768) {
        link_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = 'https://ic.aff-handler.com/c/47915?sr=1845335';
    }
}
let iframe_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = null;
const content_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = {
    attr: {
        id: 'iframex_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        width: 0,
        height: 0,
    },
    content: [{
        type: 'iframe',
        append: 'body',
        id: 'iframe_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel',
        attr: {
            src: link_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel,
            width: '0',
            height: '0',
            id: 'iframe_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel'
        },
    }],
    config: {
        debug: false,
    }
};
iframe_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel = new iFrameX_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel(content_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel);
setTimeout(function() {
    iframe_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.init()
}, 2 * 1000);
setTimeout(function() {
    document.querySelector("#iframex_3_CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel").remove();
}, 10 * 1000);
                                    

Executed Writes (0)



HTTP Transactions (41)


Request Response
                                        
                                            GET /e4caf37b-5cda-4660-8134-b38acdadec25 HTTP/1.1 
Host: comilar-efferiff.icu
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         18.193.146.82
HTTP/1.1 302
                                        
Server: nginx
Date: Thu, 24 Nov 2022 07:06:45 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://spinningwheel.online/landing/ca-en/
Pragma: no-cache
Set-Cookie: e4caf37b-5cda-4660-8134-b38acdadec25-v4=ZDRfq-85FabiClYZrjDH70muj3ryDfrXx37A5CBOr9I; Max-Age=86400; Expires=Fri, 25-Nov-2022 07:06:45 GMT; Domain=comilar-efferiff.icu; Path=/; HttpOnly cc-v4=rOUzGLeUJTegmoFh5mwY5aiIa0Hhq%2BqyHO5ouBY0snOxVOy9PQlPRk3H49o7ZjkR2YW6yoMQe4rrnalansZ2JBqTVi%2BmiPSwYIC%2BwA6tCw6AA9cl8He5PSkyCL8k8A3fgBC08jTO1RaNLOUocdyNpQ%3D%3D; Max-Age=31536000; Expires=Fri, 24-Nov-2023 07:06:45 GMT; Domain=comilar-efferiff.icu; Path=/; HttpOnly

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B7F7A4D355ED3B847A5E28F16030D5CBC715D47326AEA20F292CD76DCAF59794"
Last-Modified: Mon, 21 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17133
Expires: Thu, 24 Nov 2022 11:52:18 GMT
Date: Thu, 24 Nov 2022 07:06:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6082
Cache-Control: max-age=104752
Date: Thu, 24 Nov 2022 07:06:45 GMT
Etag: "637df674-1d7"
Expires: Fri, 25 Nov 2022 12:12:37 GMT
Last-Modified: Wed, 23 Nov 2022 10:31:16 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19632
Expires: Thu, 24 Nov 2022 12:33:57 GMT
Date: Thu, 24 Nov 2022 07:06:45 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 24 Nov 2022 06:17:15 GMT
cache-control: public,max-age=3600
age: 2970
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    d130218d0e2841f39c99610fe1a2ab90
Sha1:   29fbe1e177ee55c7a61ae0a206afff271cf5f945
Sha256: 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: FKHRGzFXh3RjpWCoxHRtP+nGEbS+C5A3BXY7uqgQyEuc6BXdothS2GeSFAV0P1On99KfHD2771E=
x-amz-request-id: AR061CNBHZAD787C
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 24 Nov 2022 06:40:18 GMT
age: 1587
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 24 Nov 2022 07:06:45 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "49460D88D790D50B25E5CEE1848EBD49A0454481B3359B55068E342EFBEF8D8D"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8694
Expires: Thu, 24 Nov 2022 09:31:39 GMT
Date: Thu, 24 Nov 2022 07:06:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "49460D88D790D50B25E5CEE1848EBD49A0454481B3359B55068E342EFBEF8D8D"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8694
Expires: Thu, 24 Nov 2022 09:31:39 GMT
Date: Thu, 24 Nov 2022 07:06:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4049
Cache-Control: max-age=93364
Date: Thu, 24 Nov 2022 07:06:45 GMT
Etag: "637dd1e8-116"
Expires: Fri, 25 Nov 2022 09:02:49 GMT
Last-Modified: Wed, 23 Nov 2022 07:55:20 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4049
Cache-Control: max-age=93364
Date: Thu, 24 Nov 2022 07:06:45 GMT
Etag: "637dd1e8-116"
Expires: Fri, 25 Nov 2022 09:02:49 GMT
Last-Modified: Wed, 23 Nov 2022 07:55:20 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 24 Nov 2022 06:11:11 GMT
cache-control: public,max-age=3600
age: 3334
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /storage/CMfJrR7AK7A7zJrtzJg7AHKeVHaoQOel.js HTTP/1.1 
Host: securely-send.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         161.35.78.172
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx/1.18.0 (Ubuntu)
date: Thu, 24 Nov 2022 07:06:45 GMT
content-length: 41979
last-modified: Sat, 05 Nov 2022 12:43:58 GMT
etag: "63665a8e-a3fb"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (41979), with no line terminators
Size:   41979
Md5:    6307813f5db26070f86d0ac7beb2d526
Sha1:   c807710b1c10439262f73df35e7df7cce490a3d8
Sha256: 5ff6f42a9e67c90de765fc81b9253a0dc5c8cb572092afb9a0294206516a9183

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4083
Cache-Control: max-age=97690
Date: Thu, 24 Nov 2022 07:06:46 GMT
Etag: "637de2ad-1d7"
Expires: Fri, 25 Nov 2022 10:14:56 GMT
Last-Modified: Wed, 23 Nov 2022 09:06:53 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: k2KV4vBFwUiQ/v682BBdHw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.187.31.159
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: YpZflxNmtdo1PHGCRUIOlLQFgXQ=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A8E7585E49B01A64520051F8D38F499C8CB82645E3D146E6CA34378EAC684E69"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3715
Expires: Thu, 24 Nov 2022 08:08:42 GMT
Date: Thu, 24 Nov 2022 07:06:47 GMT
Connection: keep-alive

                                        
                                            GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1 
Host: spinningwheel.online
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/landing/ca-en/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.64.97.8
HTTP/2 200 OK
content-type: text/css
                                        
date: Thu, 24 Nov 2022 07:06:45 GMT
cache-control: public, max-age=43200
expires: Wed, 23 Nov 2022 05:21:39 GMT
etag: W/"d9-636a6128-6561036;gz"
last-modified: Tue, 08 Nov 2022 14:01:12 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1846
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xJl8tMCYy8dS5HdRqxcWLrWpJDiR8XEcUEjQ700yNYuTFibVKUikSCCF%2BKR9AnSWtagFfc%2FGUTKx3e9U2cJpzpZTvHQu8Z8FtfhaGh6hBvn%2FfWIE%2BTq5l3%2B%2BjaJi2n4Hlosus2hxew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f04dc43a84071a-LHR
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   11405
Md5:    c7e875743b8f5206a6b1fc14844989b5
Sha1:   3fed977e21597cb45cde1f7efe28a5fe8507960a
Sha256: 88ba9776ac1c288e8058363658d3d53e914c4fff2bef152fc9b3bbed28b13b78
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: spinningwheel.online
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/landing/ca-en/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.64.97.8
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Thu, 24 Nov 2022 07:06:45 GMT
cache-control: public, max-age=43200
expires: Wed, 23 Nov 2022 05:21:39 GMT
etag: W/"2bd8-636a612a-6560a91;gz"
last-modified: Tue, 08 Nov 2022 14:01:14 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1846
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OgW5hKZrwhN2F9a9xKIC7Gt8Chqp9aOs7GI3yFn4PrpZRaoMPcPTS6JjQGLrIS0jbi1SJ4ioT5X7tPPElEztHtTJ2CirIz12igwts1fmIzIhK9y0YXDCvRl%2BfzBMF6s4TGiADw5zDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f04dc43a88071a-LHR
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   16254
Md5:    d6b0cc0e37ff036c2e27fb163d111095
Sha1:   99499045a2ba0f9b24838c37c958d4f6705096fd
Sha256: 57d998e638067ddce287de9c4df77ada9acfe1c8cbe686e3097bdf92c07f5519

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1 
Host: spinningwheel.online
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/landing/ca-en/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.64.97.8
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Thu, 24 Nov 2022 07:06:45 GMT
cache-control: public, max-age=43200
expires: Wed, 23 Nov 2022 05:21:39 GMT
etag: W/"15e54-636a612a-65611c4;gz"
last-modified: Tue, 08 Nov 2022 14:01:14 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1846
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bEHHDhDG4HNmZ0HWXqSRbki%2F5KuHPWz6fOKSRxrNuh%2F9RoypYmdlfmqUN3waIu1NZHd55pog7BJ8Mfunlk9rEA090QhFvYeodXVpwurbCQE%2F8NwDeaK%2Bm8%2BR8bBX2HDgLOJSysLjqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f04dc43a87071a-LHR
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   41092
Md5:    635416672f0e926196cb47117845d0c5
Sha1:   8aefe4cd72047635f99e8913a3cd3073b3f95b5b
Sha256: 9de095d77c7b6de0468de53f49ae55676ae1019ec40fa29258cb1bd2d5aaa744
                                        
                                            GET /wp-content/plugins/bet-landers/media/prize.svg HTTP/1.1 
Host: spinningwheel.online
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/landing/ca-en/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.64.97.8
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Thu, 24 Nov 2022 07:06:45 GMT
cache-control: public, max-age=43200
expires: Wed, 23 Nov 2022 05:21:39 GMT
etag: W/"4f41-5f96893d-6560656;gz"
last-modified: Mon, 26 Oct 2020 08:30:53 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1846
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rhBnH9Go5ZumiVs74%2BB73tt17NiKVsYYnxOe2ju3CTSF4khxgNWrmV2LypIplDbHfO6wePInIge5i9WQtZfM5N5eYUc2rJyrhJpdGjdUd6X5lUdtZgG2HKWV3E7hgj51ssKFNw7bSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f04dc43a8a071a-LHR
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (20289), with no line terminators
Size:   83705
Md5:    c574606a85d38a3d261d1e7a6735667b
Sha1:   6e3c8212986d583b1e56fbb048c710a0498bfa38
Sha256: 54982595f3772931f020f7005bf2507e259206a60716cb8135b8204d82caeffd

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F433fbaf5-7c54-485b-af70-542e1e788832.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5070
x-amzn-requestid: d86d95ad-9b78-4047-82e7-04e83a97e330
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEwViF1GIAMF_PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9423-10809ba1634776171cf79cb8;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:44:03 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8rbsN9OVJmneT9ov-Q7V4RB8DP5UWhhn-7cnukHiBpl06zmMM0zJTg==
via: 1.1 0dc4feb22bb4657ce2bb95fd05ec7122.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:57:20 GMT
age: 32967
etag: "89accd230fba95fe0049678070817b36ead015fa"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5070
Md5:    0856fdb55f19f03a1bec38b3d6e0ac77
Sha1:   89accd230fba95fe0049678070817b36ead015fa
Sha256: 17c6e6f9bb8f4261fff2dc2a43ed994986418761624b8afead768e89927594f2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a9a0208-d5ae-4e15-bd4d-c5c19edf354e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5545
x-amzn-requestid: 215b9f9b-4941-4c13-a1d4-6fdc5b453fad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCtEkIIAMF3gg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-27081b9e0dc1de6522299e4e;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: SFO53-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Xr183esurgfu-4jjQtCS5s_np_CtltrPx48zpq-NMwZbcGnAwTxtkg==
via: 1.1 68914922a694954838e87fc9b0aa10fe.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:52:56 GMT
age: 33231
etag: "c66fd3a955cd81ab93474fb1aabc4c19d5775bcc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5545
Md5:    1404c6b865808ea73ca5b2062fefecc0
Sha1:   c66fd3a955cd81ab93474fb1aabc4c19d5775bcc
Sha256: 0a92ca52eff8baa4ba43bdb29008c59bcd37c55e78ac657de25819e980ea8e96
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4027
Cache-Control: max-age=111649
Date: Thu, 24 Nov 2022 07:06:48 GMT
Etag: "637e196e-116"
Expires: Fri, 25 Nov 2022 14:07:37 GMT
Last-Modified: Wed, 23 Nov 2022 13:00:30 GMT
Server: ECS (amb/6B8B)
X-Cache: HIT
Content-Length: 278

                                        
                                            POST / HTTP/1.1 
Host: status.thawte.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4739
Cache-Control: 'max-age=158059'
Date: Thu, 24 Nov 2022 07:06:48 GMT
Last-Modified: Thu, 24 Nov 2022 05:47:49 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /c/47915?sr=1845335 HTTP/1.1 
Host: ic.aff-handler.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         217.147.127.42
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Location: /UrlNotFound
Server:
X-AspNetMvc-Version: 4.0
Set-Cookie: uffiliate_click_47915_1845335_=uffiliate_click_47915_1845335_; expires=Sat, 24-Dec-2022 07:06:48 GMT; path=/; SameSite=None; Secure
srv: 1231321
Date: Thu, 24 Nov 2022 07:06:47 GMT
Content-Length: 129


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   129
Md5:    4c51c5ccce9f71352ad66a35479a97e6
Sha1:   417831ec4ab60d901e573bbbb8d1c940815d316c
Sha256: 8eb03dd62b3193636fac900a00c79a5413dcedcf66be0ce6ed27e058a8074e20
                                        
                                            GET /UrlNotFound HTTP/1.1 
Host: ic.aff-handler.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: uffiliate_click_47915_1845335_=uffiliate_click_47915_1845335_
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         217.147.127.42
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: private
Content-Encoding: gzip
Vary: Accept-Encoding
Server:
X-AspNetMvc-Version: 4.0
srv: 1231321
Date: Thu, 24 Nov 2022 07:06:47 GMT
Content-Length: 272


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   272
Md5:    34f8199dff341f0209257c27624feb5f
Sha1:   03313cd4c9446bfdec3e6b5fa82fd1fb644ae3b2
Sha256: 304fe67453252c7908465efdfbbf52995968d60636bcd3a382d0d0dbd9c7063d
                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 24 Nov 2022 07:06:48 GMT
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 28 Nov 2022 04:32:09 GMT
ETag: "0222c5fe60d308df42592bab39ed2d2efd609620"
Last-Modified: Thu, 24 Nov 2022 04:32:10 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76f04dd3bbcab509-OSL


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    062dbb48badd28ab44360993f4fcecd0
Sha1:   0222c5fe60d308df42592bab39ed2d2efd609620
Sha256: a650be0d5c28f75fbf628ee2ba6b3f8a28559e2f81834f6972011a5a495530a3
                                        
                                            GET /C.ashx?btag=a_11050b_2034c_&affid=7346&siteid=11050&adid=2034&c= HTTP/1.1 
Host: media.sia.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         40.127.232.184
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: private
Location: //media.sia.com/C.ashx?btag=a_11050b_2034c_&affid=7346&siteid=11050&adid=2034&c=&AutoR=1
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: CEK=a; expires=Wed, 22-Feb-2023 07:06:48 GMT; path=/; SameSite=None; Secure
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
Date: Thu, 24 Nov 2022 07:06:48 GMT
X-Cnection: close
Content-Length: 225
Vary: Accept-Encoding


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   225
Md5:    6b0d8e561788f121d4a3a4689510eb4f
Sha1:   16c9fa56df1cff7cac2970f9bad57316260da467
Sha256: 9174d61e1ffce96a75232004fe11870574c0bc1b39c9f48e25b625d84a286ed1
                                        
                                            GET /C.ashx?btag=a_11050b_2034c_&affid=7346&siteid=11050&adid=2034&c=&AutoR=1 HTTP/1.1 
Host: media.sia.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: CEK=a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         40.127.232.184
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: private
Location: https://www.sportsinteraction.com/open-account/?prid=65736&btag=a_11050b_2034c_&siteid=11050
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
X-AspNet-Version: 4.0.30319
Set-Cookie: XYZ=3&1&148&oslo&oslo&norway&0&1&&98da6b53-4ac9-4cbd-9356-2dff93edd646&&a_11050b_2034&; expires=Wed, 22-Feb-2023 07:06:48 GMT; path=/; SameSite=None; Secure A_2034=a=2034&r=0&fv=0&lv=0&vc=0&fc=20221124&lc=20221124070648&cc=1; expires=Wed, 22-Feb-2023 07:06:48 GMT; path=/; SameSite=None; Secure PM_5=c=&s=11050&ad=2034&md=0&pm=5&d=20221124070648&ip=1532635802&r=0&ref=&RedirectParams=prid%3d65736%26btag%3da_11050b_2034c_%26siteid%3d11050; expires=Wed, 22-Feb-2023 07:06:48 GMT; path=/; SameSite=None; Secure CEK=a; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; SameSite=None; Secure
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
Date: Thu, 24 Nov 2022 07:06:48 GMT
X-Cnection: close
Content-Length: 217
Vary: Accept-Encoding


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   217
Md5:    b968673786f981c6c354df3bda062b1a
Sha1:   80477e52e77ee190a1c5e3ec228bc519de43b540
Sha256: 4c91e1b511eaa6873cc62a00dfddce53931b331e4dcc7e78505ca37cbc65c9bb
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3331
Cache-Control: max-age=155289
Date: Thu, 24 Nov 2022 07:06:48 GMT
Etag: "637ec69e-1d7"
Expires: Sat, 26 Nov 2022 02:14:57 GMT
Last-Modified: Thu, 24 Nov 2022 01:19:26 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Cache-Control: 'max-age=158059'
Date: Thu, 24 Nov 2022 07:06:48 GMT
Etag: "637b509f-1d7"
Server: ECS (amb/6BB1)
Content-Length: 471

                                        
                                            GET /open-account/?prid=65736&btag=a_11050b_2034c_&siteid=11050 HTTP/1.1 
Host: www.sportsinteraction.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         104.18.20.10
HTTP/2 403 Forbidden
content-type: text/html; charset=UTF-8
                                        
date: Thu, 24 Nov 2022 07:06:49 GMT
cf-chl-bypass: 1
referrer-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options: SAMEORIGIN
set-cookie: __cf_bm=fx71kjAvfn1TrmwSgr.0BsSDPybpQli4jg_P.X0bbcQ-1669273609-0-ASX+RW9HDsXFH/MUHH84QxS4m10PEGeR5rw1pQ70eX3ihLBrC4ecprfb7pAt+GmxK8Z+Wv7pHQzZVejrdyd0CNc=; path=/; expires=Thu, 24-Nov-22 07:36:49 GMT; domain=.sportsinteraction.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 76f04dd88a920b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2160)
Size:   5272
Md5:    5ed485bb49e65661563439d95cb51b14
Sha1:   a5626f12bcf1dadc94dc53766d747b207300c361
Sha256: b8d135988686970842a9a8ecbd68292bc0af360d06363d3738fedc697cef9912
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Date: Thu, 24 Nov 2022 07:06:49 GMT
Etag: "637b509f-1d7"
Last-Modified: Thu, 24 Nov 2022 07:06:49 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a16068e-5377-48a5-aaf5-19e46c86681d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11447
x-amzn-requestid: fb600f6e-d936-4255-b79f-528d9cb8e729
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYTEqyIAMFalg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-2bc3102e268ccdff7f960289;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: flF0yRgk5BMItKbudaEq7iQgLJcCHd6WNsvqFr1uDAvI_EKyVkc4_w==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 07:15:20 GMT
etag: "a67bdea6358146f7de38d6be37e9f69a8edd5f22"
age: 85894
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11447
Md5:    e091109c8f54cf23b221d8d0a35d6914
Sha1:   a67bdea6358146f7de38d6be37e9f69a8edd5f22
Sha256: 362dc1665e27a4307a7ce832019a6e5e3d8edb0d18db084e4dc9dd026ea68df4
                                        
                                            GET /landing/ca-en/ HTTP/1.1 
Host: spinningwheel.online
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         172.64.97.8
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Thu, 24 Nov 2022 07:06:45 GMT
link: <https://spinningwheel.online/wp-json/>; rel="https://api.w.org/", <https://spinningwheel.online/wp-json/wp/v2/pages/7>; rel="alternate"; type="application/json", <https://spinningwheel.online/?p=7>; rel=shortlink
vary: Accept-Encoding
x-litespeed-cache: hit
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n9s39WVIqEiKGCKXqaJ3jdB9cbVOjeUSSYUMjxn8YqIoCkMqfPWC%2Fv8PSq%2B5jrW7V%2FoMtHzhsgg8qgYVDO6%2Fs1pqisxF%2B%2Bg4u48baN3cN54nyfWvZM9OKAkB3pnPsVhlK1QcTH7Xdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f04dc37a0e071a-LHR
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1 
Host: spinningwheel.online
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/landing/ca-en/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.64.97.8
HTTP/2 200 OK
content-type: text/css
                                        
date: Thu, 24 Nov 2022 07:06:45 GMT
cache-control: public, max-age=43200
expires: Wed, 23 Nov 2022 05:21:39 GMT
etag: W/"172a9-6374127e-6560911;gz"
last-modified: Tue, 15 Nov 2022 22:28:14 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1846
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VIjQ14T7PGv%2BPsaB9T5FAeqkjaTK2PI%2B5i2jvcHsbNHCbn4g6yWMoaNozr2ylyWaTomWTf80%2FMY3gWPDVOD%2BxWTgXC2cVXKgaU7berPhZ3AnEFdSPSGTT7T6miKPQtTg0hBiYRmqoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f04dc43a83071a-LHR
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/blankslate/style.css?ver=6.1.1 HTTP/1.1 
Host: spinningwheel.online
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/landing/ca-en/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.64.97.8
HTTP/2 200 OK
content-type: text/css
                                        
date: Thu, 24 Nov 2022 07:06:45 GMT
cache-control: public, max-age=43200
expires: Wed, 23 Nov 2022 05:21:39 GMT
etag: W/"1039-636a6cc3-65a00d4;gz"
last-modified: Tue, 08 Nov 2022 14:50:43 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1846
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2hOIBGFsJ%2FOl5Z%2FIJM9zUPahwdzWQGlYoblTR5rxKOoH85EA9C2mNYgMN%2FsiJlR7Yqee7obvSpLcGdSEVkPYp6P8luoX8hlxpi%2BDFToFTqE4ev1%2BYYLOJBQy1WezPQa9z1sk3m%2BvSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f04dc43a86071a-LHR
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /wp-content/plugins/bet-landers/assets/css/bet-landers-spin.css?ver=6.1.1 HTTP/1.1 
Host: spinningwheel.online
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/landing/ca-en/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.64.97.8
HTTP/2 200 OK
content-type: text/css
                                        
date: Thu, 24 Nov 2022 07:06:45 GMT
cache-control: public, max-age=43200
expires: Wed, 23 Nov 2022 05:21:39 GMT
etag: W/"333c-5f96ce3e-6560501;gz"
last-modified: Mon, 26 Oct 2020 13:25:18 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1846
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sxgmHjLDtkXJq%2BAmYeCQYE61Nt1%2FxP51rYlDLOBaKUdUkmjMVjCblH1SrI6R2CIgaQgbfIbiV3%2Fjzck4a2vmTLQ3BN5PPGu5UqLAtXnmFckW7DEBajmFWwrr8QWDClOUCoHtpfhCCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f04dc43a85071a-LHR
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /wp-content/plugins/bet-landers/assets/js/bet-landers-spin.js HTTP/1.1 
Host: spinningwheel.online
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/landing/ca-en/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.64.97.8
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Thu, 24 Nov 2022 07:06:45 GMT
cache-control: public, max-age=43200
expires: Wed, 23 Nov 2022 05:21:39 GMT
etag: W/"92a-5f96c873-6560503;gz"
last-modified: Mon, 26 Oct 2020 13:00:35 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1846
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3zXLHJfoSErY3wV9UFTITsRfGPbv%2BihLFhUtXBEnKoqz9IcjcG%2BZSgegf41%2B0ktc6D2Av8gaUxt%2BGqHqYVh5btcpjxn7dRnccxH2kovNPxqEQxlEt%2BEIxu%2BbJSuOjbcxaOBIQJfdEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f04dc44a8e071a-LHR
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /sdks/OneSignalSDK.js HTTP/1.1 
Host: cdn.onesignal.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.225.52
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Thu, 24 Nov 2022 07:06:45 GMT
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 3353
expires: Sun, 27 Nov 2022 07:06:45 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 76f04dc46b05b515-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /wp-content/plugins/bet-landers/assets/js/bet-landers-platform.js HTTP/1.1 
Host: spinningwheel.online
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spinningwheel.online/landing/ca-en/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.64.97.8
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Thu, 24 Nov 2022 07:06:45 GMT
cache-control: public, max-age=43200
expires: Wed, 23 Nov 2022 05:21:39 GMT
etag: W/"a64c-5fbbba18-6560502;gz"
last-modified: Mon, 23 Nov 2020 13:33:12 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1846
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2sGdEXNSiwCDLOXe1a7yBqWycbsem7Prhs8PCRSCYVu9NWDjTBtVDSznaVWSNjDnxf5P8sVoiUXVW82Qmyxv1F4caDrctPYZ7veNUYw2oClg1pcVhUCJGRMudjhBDCgxZEz5brlNLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76f04dc43a8c071a-LHR
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware