Overview

URL slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655
IP172.67.134.39
ASNCLOUDFLARENET
Location United States
Report completed2022-10-02 17:00:06 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-02 2 slotbusterscasino.com/ca/aweber/lp1/main_script.js Phishing
2022-10-02 2 slotbusterscasino.com/ca/aweber/lp1/coin.mp3 Phishing
2022-10-02 2 slotbusterscasino.com/ca/aweber/lp1/sound.mp3 Phishing
2022-10-02 2 slotbusterscasino.com/ca/aweber/lp1/coin.mp3 Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-10-02 2 unphionetor.com Sinkholed
2022-10-02 2 unphionetor.com Sinkholed
2022-10-02 2 unphionetor.com Sinkholed


Files

No files detected



Passive DNS (13)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS my.rtmark.net (2) 9054 2017-08-22 14:11:49 UTC 2022-10-02 11:43:59 UTC 139.45.195.8
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-02 10:20:02 UTC 52.35.167.249
mnemonic passive DNS img-getpocket.cdn.mozilla.net (7) 1631 2017-09-01 03:40:57 UTC 2022-10-02 05:30:03 UTC 34.120.237.76
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-10-02 08:03:17 UTC 18.165.201.80
mnemonic passive DNS slotbusterscasino.com (14) 0 2022-07-19 14:55:26 UTC 2022-10-02 11:00:44 UTC 104.21.6.14 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-02 04:45:21 UTC 34.117.237.239
mnemonic passive DNS ocsp.sectigo.com (2) 487 2018-12-17 11:31:55 UTC 2022-10-02 07:22:57 UTC 172.64.155.188
mnemonic passive DNS code.jquery.com (1) 634 2012-05-21 17:28:02 UTC 2022-10-02 05:26:46 UTC 69.16.175.42
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-10-02 05:33:45 UTC 23.36.76.226
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-02 05:00:42 UTC 108.156.28.39
mnemonic passive DNS propeller-tracking.com (2) 187053 2020-04-16 08:57:14 UTC 2022-10-02 13:48:06 UTC 139.45.197.240
mnemonic passive DNS unphionetor.com (3) 54035 2022-02-11 12:53:49 UTC 2022-10-02 13:48:54 UTC 139.45.197.236
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-10-02 10:21:36 UTC 93.184.220.29


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.67.134.39

Date UQ / IDS / BL URL IP
2022-11-30 12:45:14 +0000
0 - 0 - 12 slotbusterscasino.com/ca/aweber/lp4/index.html 172.67.134.39
2022-11-30 08:57:26 +0000
0 - 0 - 14 slotbusterscasino.com/ca/aweber/lp4/index.html 172.67.134.39
2022-11-30 06:57:48 +0000
0 - 0 - 6 slotbusterscasino.com/ca/aweber/lp1/index.htm (...) 172.67.134.39
2022-11-29 06:57:39 +0000
0 - 0 - 14 slotbusterscasino.com/ca/aweber/lp2/index.htm (...) 172.67.134.39
2022-11-25 06:57:42 +0000
0 - 0 - 7 slotbusterscasino.com/ca/aweber/lp1/index.htm (...) 172.67.134.39

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-12-07 03:00:51 +0000
0 - 0 - 1 pornzog.com/http:/pornzog.com/video/7329599/s (...) 172.64.175.16
2022-12-07 02:59:50 +0000
0 - 0 - 4 pornzog.com/http:/pornzog.com/embed.php?id=7864397 172.64.175.16
2022-12-07 02:59:49 +0000
0 - 0 - 5 pornzog.com/http:/pornzog.com/video/8605838/s (...) 172.64.174.16
2022-12-07 02:59:45 +0000
0 - 0 - 4 pornzog.com/http:/pornzog.com/video/7864397/j (...) 172.64.175.16
2022-12-07 02:53:28 +0000
0 - 0 - 5 sxyprn.net/post/638ef43407638 104.21.235.6

Last 5 reports on domain: slotbusterscasino.com

Date UQ / IDS / BL URL IP
2022-11-30 12:45:14 +0000
0 - 0 - 12 slotbusterscasino.com/ca/aweber/lp4/index.html 172.67.134.39
2022-11-30 08:57:26 +0000
0 - 0 - 14 slotbusterscasino.com/ca/aweber/lp4/index.html 172.67.134.39
2022-11-30 06:57:48 +0000
0 - 0 - 6 slotbusterscasino.com/ca/aweber/lp1/index.htm (...) 172.67.134.39
2022-11-29 08:56:59 +0000
0 - 0 - 8 slotbusterscasino.com/ca/aweber/lp1/index.html 104.21.6.14
2022-11-29 06:57:39 +0000
0 - 0 - 14 slotbusterscasino.com/ca/aweber/lp2/index.htm (...) 172.67.134.39

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-30 06:57:48 +0000
0 - 0 - 6 slotbusterscasino.com/ca/aweber/lp1/index.htm (...) 172.67.134.39
2022-11-29 08:56:59 +0000
0 - 0 - 8 slotbusterscasino.com/ca/aweber/lp1/index.html 104.21.6.14
2022-11-28 08:56:29 +0000
0 - 0 - 8 slotbusterscasino.com/ca/aweber/lp1/index.html 104.21.6.14
2022-11-25 06:57:42 +0000
0 - 0 - 7 slotbusterscasino.com/ca/aweber/lp1/index.htm (...) 172.67.134.39
2022-11-23 10:58:21 +0000
0 - 0 - 2 track.tracktilldeath.club/5ceac543-972d-48f9- (...) 18.192.108.151


JavaScript

Executed Scripts (15)


Executed Evals (1)

#1 JavaScript::Eval (size: 80, repeated: 1) - SHA256: 344dd1c47b0c68eb8ac3a4f626292956353d820b36aabdabf0096adbf2ab91b4

                                        (() => {
    const a = async
    function name() {};
    window['tzbl5v7prk8'] = true;
})()
                                    

Executed Writes (0)



HTTP Transactions (43)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 02 Oct 2022 16:03:11 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 0f9abff0779787e38b3d83ae17ff6224.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: ghD3C91GkN7ITVqNCul_V6hVTLWkVOFBMp0JtFs9MEI7xhjbf5ce0Q==
Age: 3403


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            GET /ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655 HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.21.6.14
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sun, 02 Oct 2022 16:59:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 03 Jun 2022 17:04:12 GMT
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t6b7LVzwD6h0HLSUasy3f8Hgkn4qG%2BUp6%2BnMPGx1uVjWVQI3Cb8vhQFm3kT%2Fd485S2vvaKlSZFOPAs55MwYXD7VYDPzWrpEf%2FZsCvInJUN5HRqla%2F%2FLUC7WsE%2BKr%2BcHXUBG8%2B5OC868%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc3dccfb4eb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size:   2652
Md5:    7ab42dc14a23ebdb033db47e49266f31
Sha1:   292b98dcaa3d8e358aa28d66d88997b5cd7f511d
Sha256: 79ef5d5a5d891ab809aa9f44878c9ceee47b8b8cd7953210dd61693c67ddd8ee
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4026
Expires: Sun, 02 Oct 2022 18:07:01 GMT
Date: Sun, 02 Oct 2022 16:59:55 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         108.156.28.39
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 03:33:17 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 59970c86d3717db509a968eaad0da4de.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: G563eneqzxCbYFb_OTXF0wPTxHv12ykxH5wgi3fF89ZwEnUvQlJEBQ==
age: 48399
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 01 Oct 2022 20:32:15 GMT
Expires: Sat, 08 Oct 2022 20:32:14 GMT
Etag: "e7160d8ac9cb818ae5eb7c86b177e450055dab0e"
Cache-Control: max-age=530538,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753efdc67ce9b505-OSL

                                        
                                            GET /jquery-2.2.4.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://slotbusterscasino.com
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         69.16.175.42
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sun, 02 Oct 2022 16:59:55 GMT
content-encoding: gzip
content-length: 29811
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-14e4a"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1664729995.dop213.sk1.t,1664729995.cds227.sk1.hn,1664729995.cds214.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32065)
Size:   29811
Md5:    82885772205f23cd59e25a221521b059
Sha1:   96ed36f45544295f28df1ab251e7e38faceeff0e
Sha256: 8e85465daae15b31a1837a4112cf920c1eeec7a5c189595651b3a53cb9b97215
                                        
                                            GET /ca/aweber/lp1/style.css HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

                                         
                                         104.21.6.14
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 6972
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:20 GMT
ETag: "9ab2-5c83ff9a1017b-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zI8n1F0%2Buji3qHnPa8NQClmNCacLJZne32N6sYQmTyet38%2Bnvk5j8mYDZimUYq0dcpgh2ITTbID%2B7a9GFkJkAWvY10c7lrjBzWL7rcnHgf2WWanf3lH99pbCzApW6ypCQBm5hSDPmhE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc79adfb4eb-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  CSV text\012- , ASCII text, with CRLF line terminators
Size:   6972
Md5:    ff862bbe0360547373b7e8248687cced
Sha1:   5155e65bb77155d161e652e8ef6ce32964405a14
Sha256: 2687d4a4f4980c569e528017b3dc23a303aaeb296700cc05b7321a0bfe05ec66
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:25:21 GMT
Expires: Thu, 06 Oct 2022 18:25:20 GMT
Etag: "dc78dc227b42d1d4967d64c81374693440bf3f4f"
Cache-Control: max-age=350124,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753efdc81f8ab505-OSL

                                        
                                            GET /ca/aweber/lp1/main_script.js HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

                                         
                                         104.21.6.14
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 311
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:20 GMT
ETag: "3d7-5c83ff9a8835c-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gDTgTkCFa0Ef0SYl%2FOGjg2fWCRcpEPQ6dL4cWW9RPz5s61d8hiriSpdc7krIFUUaEUStI0H9lsC%2FjF8Ek4u6osM0OngeBztOwZFVAWgQgOlXASwoWzhO0JrIX3fCACuKyYxxzHFJsXM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc7a81bb527-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   311
Md5:    1d7c74d5c34b4eb5ebfc8074cf35dc74
Sha1:   4be502b35ed9eb4b6e99cb203e207d8e4c0445c4
Sha256: acea34dfebc08b7e37dcf8448b95d8a5495313c45bb04f5f5b4945939a076314

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /p.js?f=sync&lr=1&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: text/javascript
                                        
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   697
Md5:    1d1522de413d0b27a43e7be4efeb0405
Sha1:   58c52eec6da93a26b374308e6189b8af139624f7
Sha256: d9b7a5a22d87f08fbcb41ab49b3494cf35afa659a2b143800bfab1c62b07b193
                                        
                                            GET /fv.js?t=90679 HTTP/1.1 
Host: propeller-tracking.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.240
HTTP/2 200 OK
content-type: text/javascript; charset=utf8
                                        
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 0a1c75dab39046322b65751914851914
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   42210
Md5:    10b179fe1e50f8a0d9f5cac44a1641c9
Sha1:   1cc7617fba67b62229e670ba62440ca83005db35
Sha256: 8fd2ea2c88af26205ee3920b824a3500f4e4f3fd19de638e1180c3e60555ad0b
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A02D6FEF62BA6464204A25042119224783F8C6EB056BE210F432F974CFE95917"
Last-Modified: Fri, 30 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8593
Expires: Sun, 02 Oct 2022 19:23:08 GMT
Date: Sun, 02 Oct 2022 16:59:55 GMT
Connection: keep-alive

                                        
                                            GET /fv.js?t=90679 HTTP/1.1 
Host: propeller-tracking.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.240
HTTP/2 200 OK
content-type: text/javascript; charset=utf8
                                        
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 376f2152eb7a08cceae5331f5c8ee902
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   28927
Md5:    0d11a272a9a7d3a83fbab33c7de85352
Sha1:   ba5250d316e1a5adb57bb276210fe6df39289c18
Sha256: 63c91729645d88c09a9356fb7eb888c951c6f25eac98ecc76ff3a222cec7335a
                                        
                                            GET /ca/aweber/lp1/cashhc.png HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

                                         
                                         104.21.6.14
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 31615
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:20 GMT
ETag: "7b7f-5c83ff9abdebc"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=39hia5S3bOweLrNW7b4sB4N9XaTm2%2BYvzsbtRSDZ34Le%2FUA57nPqvKJ1AkWHeYnsz5gnbdFYS5jNvvw4MaU85h%2FeCPvchNMSqV9iEbpMa6cS4YYOv%2Bu8J5GBlPsEXXg6dpp0btJsyNU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc85c1eb4eb-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 363 x 284, 8-bit/color RGBA, non-interlaced\012- data
Size:   31615
Md5:    6c52de939909399530fe68c55d5d6c92
Sha1:   4c7b5a3461347694c6f8076c6a3192896909426b
Sha256: ef9623401696a4c11151defd6e88c23175f831447eab99b2b49ef9501884e0a6
                                        
                                            GET /ca/aweber/lp1/5e67f0a6ca01e_v.png HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

                                         
                                         104.21.6.14
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 13376
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:18 GMT
ETag: "3440-5c83ff98693da"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=72ZjxpZe83URg9PRNr6JMHaLcJqUzhk9VKSQ3NTUcOXh2bdhrjxPRNrgPatYARlS970K5UYQh6uRd6i6x1qstsY50NIB3sYLZspduxF%2Fq0U6DhrLO2QA%2BcZzZoeDOgzE56hBLRvyh1I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc85bacb4f4-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 268 x 126, 8-bit/color RGBA, non-interlaced\012- data
Size:   13376
Md5:    4e9495005c85cc7cfbda4466110e48a8
Sha1:   3f6879faa94d4c3a767d4350a3cac329e433854e
Sha256: ea2f092d35c2e705e0018963035cd06b13c9dc20dd892c0c011ee0473a05cd1a
                                        
                                            GET /ca/aweber/lp1/5e67f0a828b4f_v.png HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

                                         
                                         104.21.6.14
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 46237
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:19 GMT
ETag: "b49d-5c83ff9997f9b"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SuFWy5HR6U8O25o35pfJrsmQkt6UOjiiHpqtMtoDICxxngukq4%2BDQEk0dq2PHEaW00jl7R3K1UDQIOAlUK9i%2BJi49W2F%2Bp0dYHYgZJKUF%2Bf4rvnGrCi4fVL2FH0BjmUyc6lPhYqj2IM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc85b571c16-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 277 x 558, 8-bit colormap, non-interlaced\012- data
Size:   46237
Md5:    cf230c7057040526271ef730a4f2c538
Sha1:   0cd0c1e88e60ad9ce4a70df1ba80c3c8879cda01
Sha256: 5d2d98590f2a25919b105a484458d20e03298c4369d5f1be42b03e76799fb61c
                                        
                                            GET /vctx?t=90679 HTTP/1.1 
Host: unphionetor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://slotbusterscasino.com
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.236
HTTP/2 204 No Content
                                        
server: nginx
date: Sun, 02 Oct 2022 16:59:55 GMT
access-control-allow-origin: http://slotbusterscasino.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 3afdfc4e3e18c187a6f0bd774d91363a
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /ca/aweber/lp1/5e67f0a6b4533_v.jpg HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/style.css

                                         
                                         104.21.6.14
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 53443
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:19 GMT
ETag: "d0c3-5c83ff992f7bb"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RRqp94%2BIIqcQ8NeLDdeccM3YuQstRp4XTMDH73Y%2BAZUpXxmJT5yWUm8fSyI2C4YDqVSDGMRkiZygYbabEYXzn4gWqhBK%2ByYuJsEQu3ViejUK%2FkHWTuoLEPeCw%2BzLzpkOMIqe4T%2B2cBo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc8794bb527-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3\012- data
Size:   53443
Md5:    88d7f03fd819c7aefcdb1074bb7990fa
Sha1:   882217405770ad036505e193943f34947fbafa48
Sha256: c3a48888af05fd6567be6d09d13fa63fad286297bf9cd027718c7a7e355ad9ae
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sun, 02 Oct 2022 16:32:56 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sun, 02 Oct 2022 16:54:57 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5059e7bd12388ef6673ed156d17eb756.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: ec6-C1-0G6y-Q-w9qhhl0sCfAGsnVWfJmgM9TTX2S49MXTlueQ3inA==
Age: 1622


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /ca/aweber/lp1/5e67f0a655940_v.png HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/style.css

                                         
                                         104.21.6.14
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 76995
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:19 GMT
ETag: "12cc3-5c83ff99633db"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vAiO8ZTTwNkI7xWE52Ai0tHJjmcjX4jacVaoz5fvGfeUKGKUyDSGatWTvKgkC005gxgOvL0MgPyRjlsXjQz%2BV50IghwIo2hPmfmy%2BOVsiFUa3DVSpcZjSZqHDWZoarOafy2iZXTq0nM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc91f38b51e-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 857 x 204, 8-bit/color RGBA, non-interlaced\012- data
Size:   76995
Md5:    22d35d6ee41512539e529961fd51f26b
Sha1:   fc8a8a521b4bbbb50871f7439effa916fa1e5a2b
Sha256: ea18bede2d858dc8467bdc98c7fc9d751d1e1309476a5d5c81f0db96b66c505d
                                        
                                            GET /ca/aweber/lp1/5e67f0a83ba89_v.png HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/style.css

                                         
                                         104.21.6.14
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 7401
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:20 GMT
ETag: "1ce9-5c83ff9a3ef7b"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aeW4yUBwjBjHphMOg4%2FjKjdQPts1hLVKH9AV3acvFisJ6xZTfFngXd70emQK3p8WFf6HiVFU5vsYTzaPBonStSa0GuVQ9jMjzt4owH4R91axf3d7p%2Ftwbi50RJUrxKtXWxe2QazoNfU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc92cc4b4f4-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 426 x 137, 8-bit colormap, non-interlaced\012- data
Size:   7401
Md5:    9e245319753e82681922d644b1983d8e
Sha1:   6ddbf0b42027c06e4bcee68a9bb1019fcaf943aa
Sha256: 2c9bcdd3153da3c92abc1b4403b50e4f911dd27f401aff620a717ad1a0d78667
                                        
                                            GET /ca/aweber/lp1/5e67f0a6ef344_v.png HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/style.css

                                         
                                         104.21.6.14
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 6484
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:18 GMT
ETag: "1954-5c83ff98981da"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2mcJ3%2FWJvVYmCcKaPtS4fTBIqANql1EpOb%2BVuNZmBHFfesa%2FDgZ98TTbKaxCm7TIqL5y6p8Z2xBx5LJcho%2FKSEcyoZY42bHqQOzcunD7%2B00K9PmMZiIoxZ5Fs7uodx625Fnmz0rd94%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc92d3eb4eb-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 185 x 183, 8-bit colormap, non-interlaced\012- data
Size:   6484
Md5:    7816622da7fe6bb9b083251c85101dd1
Sha1:   eaa0af79fe084abb6b208d7694b04cf3784e80d0
Sha256: 1da0f0bfc01d6e5ed9d6dfb1ea07c9afb9100cf1a2be7879672059a7dd35c437
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2832
Cache-Control: 'max-age=158059'
Date: Sun, 02 Oct 2022 16:59:55 GMT
Last-Modified: Sun, 02 Oct 2022 16:12:43 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /ca/aweber/lp1/5e67f0a4b11b9_v.png HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html?cid=w3t8gjpfmjjhjvej215kc95m&camp_id=5ceac543-972d-48f9-8bab-3bf7f5e25c50&campaign.name=Email%20Collection%20Canada%20Push%2024th%20August&lander.name=AWeber%20Lander%201&trafficsource.name=PropellerAds%20Pop&zone=&banner=&cep=bEyNu6DXeYY-60W1mgP1L7O5HzjhoWl17z1hTQQcv5QniGvdoaAtNBuVaRo44FwcRCOH75RvmE6MAxWC_xgJzrAcLs5QT95-8S2gm_kM9-lat5NqVs067xGVBXFZwI4Q-jteMgonlxpqaD50n4eJepC-h_aUIO3uPIob-dekMRmANmElfXsRq3U7GqGsK3RQM-L1QpXDeyvPp_MOnYNeEb6UKRDcljQeHX3qvQ3Bj0SzK355x4cXa9q5Oo6f17XDQF53kV04NXcYd1fQDkJ8Z6wu-I9zN7p6VV20OCn7HK6Dfx7o6Wh_HT2GataHdv2K7WTgqglwJjCQoZk9Vayq1dGtskO3SQcaH-n5taSfdSNu4KyUuVqDAaFQZYAM922r&lptoken=16ae6488694d58418655

                                         
                                         104.21.6.14
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 756748
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:18 GMT
ETag: "b8c0c-5c83ff980e6ba"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GBIWPtKnYi5xZCJxhEVWD%2BTTg1ktrLT%2F6GPkddI%2BAzVSPwMaYt86gYMFI1BKpn3Ku6dubkwU%2BRdzLlVPWxVSPDiTf05fGzMc5zXz5Q%2F2IZ1Y5byytcbwTtE7DkCGvP3dv8tLkC78uUM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753efdc858f40afa-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 872 x 872, 8-bit/color RGBA, non-interlaced\012- data
Size:   756748
Md5:    3ef027366bb237fd9eb040ccad94198c
Sha1:   3e588f5915a38786a29e2e1b10cbf9df4e09004c
Sha256: 4836e6c4891318fd9b274ec2076d04d0f0df3460b9d7d051894c55fd5334c2e7
                                        
                                            GET /ca/aweber/lp1/coin.mp3 HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html

                                         
                                         104.21.6.14
HTTP/1.1 206 Partial Content
Content-Type: audio/mpeg
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 22067
Connection: keep-alive
Last-Modified: Fri, 06 Aug 2021 19:29:55 GMT
ETag: "5633-5c8e90f728a62"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Content-Range: bytes 0-22066/22067
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTReLfKcWLZjk4XWL8EdNOVZ2NkPgZ1yRgi6OeaXTQmQRdJ2O%2BJt7%2F7ci2nXDOByCbKRIwg%2FzDOpx9ELM%2BWX57RlfTPVa5bmKeQXrdurdffQJfrdetQhxRTmpSfbLj22QOAHZZnqgD8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc99caa1c16-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2.5, 24 kbps, 11.025 kHz, Monaural\012- data
Size:   22067
Md5:    c74dca6a3ab16c097234033fec7a8573
Sha1:   a6e73f993b73d589b9688a0679bdac39028017a0
Sha256: 79e8f06f8cb25d13c57d798f7e068d282dd2dfdb026b54aacc8ead2641542a56

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /ca/aweber/lp1/sound.mp3 HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html

                                         
                                         104.21.6.14
HTTP/1.1 206 Partial Content
Content-Type: audio/mpeg
                                        
Date: Sun, 02 Oct 2022 16:59:55 GMT
Content-Length: 48945
Connection: keep-alive
Last-Modified: Thu, 29 Jul 2021 09:46:19 GMT
ETag: "bf31-5c83ff99cbbbb"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Content-Range: bytes 0-48944/48945
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ycwjgxdICRBiG%2FUq6WnUNhWcrs4XVvOjz8Ev1vcjuVSr3k8KTT3tSCrXB2kieBeHcKHmheYRFJUb1D0oA7bwAT72y7t568CTerUUGDhROQNU2L6ENn1xlbxULHoZ8XStUSAK31lUkJA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc9ab5cb527-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Size:   48945
Md5:    277c43fdefb88a30fe36f33a148600f0
Sha1:   2bc68cf98b4b4902bc509c2b53af4baa7efe44d9
Sha256: 9eaa1694cf0be56df45f5424b8b314d45ed55e9ac372e5f0b05bf586e5d4552c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /ca/aweber/lp1/coin.mp3 HTTP/1.1 
Host: slotbusterscasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://slotbusterscasino.com/ca/aweber/lp1/index.html

                                         
                                         104.21.6.14
HTTP/1.1 206 Partial Content
Content-Type: audio/mpeg
                                        
Date: Sun, 02 Oct 2022 16:59:56 GMT
Content-Length: 22067
Connection: keep-alive
Last-Modified: Fri, 06 Aug 2021 19:29:55 GMT
ETag: "5633-5c8e90f728a62"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1
Content-Range: bytes 0-22066/22067
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=soOWX0FsyWHsVN6By1dbxjWprYswZDhDQNxH7SwnMkFfOuqjQn%2BBDU21XpHHKacTHbUlQEZGH70LcyROmpIL6lmm%2BE0yxBfA8QmW7HXeAtBAwjbNOmtkMF1%2By03ANLAEiEhAWYM5lUY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 753efdc9d85bb51e-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2.5, 24 kbps, 11.025 kHz, Monaural\012- data
Size:   22067
Md5:    c74dca6a3ab16c097234033fec7a8573
Sha1:   a6e73f993b73d589b9688a0679bdac39028017a0
Sha256: 79e8f06f8cb25d13c57d798f7e068d282dd2dfdb026b54aacc8ead2641542a56

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /vbl?t=90679&bid=undefined&aid=undefined HTTP/1.1 
Host: unphionetor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://slotbusterscasino.com
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         139.45.197.236
HTTP/2 204 No Content
                                        
server: nginx
date: Sun, 02 Oct 2022 16:59:56 GMT
access-control-allow-origin: http://slotbusterscasino.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 9aff2080fd9d5dc168317c8bbbad082b
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iOSGIqjZz+pS0jP/erXuBA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.35.167.249
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: oW6HE4dd7DSrMhqdbE8080vAXW8=

                                        
                                            GET /img.gif?f=sync&partner=74d44051bdf63891ec9a8cba30e46aed2367a03bc7dd2aa700e02f28bbdd2847&ttl=&rurl=http%3A%2F%2Fslotbusterscasino.com%2Fca%2Faweber%2Flp1%2Findex.html HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Sun, 02 Oct 2022 16:59:56 GMT
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=5501dd5f3e5a4f3783efda6a170aaf7b; expires=Mon, 02 Oct 2023 16:59:56 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3168
Expires: Sun, 02 Oct 2022 17:52:45 GMT
Date: Sun, 02 Oct 2022 16:59:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3168
Expires: Sun, 02 Oct 2022 17:52:45 GMT
Date: Sun, 02 Oct 2022 16:59:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3168
Expires: Sun, 02 Oct 2022 17:52:45 GMT
Date: Sun, 02 Oct 2022 16:59:57 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4987
x-amzn-requestid: 763edd04-7f8d-42ae-8864-482be3549958
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHpFs4oAMFbqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ca-2f7b67e85aa83b69183e62b5;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2Zoggf30lA-Kvt5QYa-IdhGePHCNiphR7pfFiOaFvL8ZkWZIaiK4pA==
via: 1.1 f4367b41311e3e9a490d7461b7b85490.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:54:45 GMT
etag: "2e533332ee5c49143e58dad32ee3717a39179532"
age: 68712
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4987
Md5:    463bdcfbec5426e18ecef83b1c373b71
Sha1:   2e533332ee5c49143e58dad32ee3717a39179532
Sha256: 2c40befd28781482b9be249a792571612d68d7045324083d2c832fa5ec42f04b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8602
x-amzn-requestid: 89329169-bc7a-46b1-85fc-20383a85cae8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf9GxzoAMFg0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-27952f8357fa25c956b1cd72;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YDfn3Xd8m6jaBrj_M9hs4dePku_eEhJbYv3NJSHjCdAWifhBkiKUhw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:38 GMT
age: 68779
etag: "5d3389a965cfa45dab2202d89b40264368674e8a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8602
Md5:    94d82ad8d70761f6ee1384b4183335f3
Sha1:   5d3389a965cfa45dab2202d89b40264368674e8a
Sha256: ad495dc0ede3bfcbaebfd3bf2eb55fc5596cd7643a539e030ccce0b8a3bcf8dd
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 04:41:39 GMT
age: 44298
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6315
Md5:    206fb65e75dbadf119512f71e0b78402
Sha1:   58ff0bf8ce7528b303d28bab01a80ad721705569
Sha256: 56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9340
x-amzn-requestid: e892265e-836d-4638-871f-0548eda57745
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf8FCEoAMFyow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-7f39bb92066a75a90868dd03;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Sk1Dahp1gliiBIghSCZselE7-Fy45svrCk7TdmunOwNefSNqY1P1jA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:47:23 GMT
age: 69154
etag: "6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9340
Md5:    6047192460abf4afd600948abb5e6ee1
Sha1:   6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4
Sha256: d1fd21a5913f6831d2128c8e9e84767d9730bf9e779da5395dc31b82a10e32e9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6871
x-amzn-requestid: e1fdb2ee-c0e7-4a0c-ae26-d968aef00503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEIOGp2IAMFxSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ce-24b26a8048ffd84071a2ad57;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:30 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -svKnYBuiMSdWObzJyNah9TDIi6IuPP6VMzEJWmn0zxoZbFmwpzkJw==
via: 1.1 c07670802688417c8b871124c547eb0a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:35 GMT
age: 68782
etag: "087521979efd5936416fd7f030779fa5725f0a8f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6871
Md5:    9dddb9d84a16a3004821d89836b83dc3
Sha1:   087521979efd5936416fd7f030779fa5725f0a8f
Sha256: a6251ac43958031d765b5743d43e14bc04b1e465bed81f757c3609ee6f2bea66
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11083
x-amzn-requestid: 53e2c961-bcc0-4977-8648-ee3c1aed9cde
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHRFWfIAMFhlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3c7-070212d7386d5efa1b4aa8d3;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Z1KmxHJh9QNfg5x0enkqOjbmiqHvg7nlQiMnuDuCRNWQUBFEiKELbw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:35 GMT
etag: "d63b6ba630736d32c364b0e6a369274b2389b7ff"
age: 68782
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11083
Md5:    edded48f558f739287a040151349ef67
Sha1:   d63b6ba630736d32c364b0e6a369274b2389b7ff
Sha256: 33b4a459df0ba7b36b907ba96d74e08660cc75640c42a5748b97d18ec2e9d533
                                        
                                            POST /vbri?t=90679&bid=undefined&aid=undefined&tp=2465 HTTP/1.1 
Host: unphionetor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://slotbusterscasino.com
Connection: keep-alive
Referer: http://slotbusterscasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

                                         
                                         139.45.197.236
HTTP/2 204 No Content
                                        
server: nginx
date: Sun, 02 Oct 2022 16:59:57 GMT
access-control-allow-origin: http://slotbusterscasino.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: a8124286f5550d634a95ddced22cd4cd
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fcf832b-84d6-4938-a540-280bf3205df1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9012
x-amzn-requestid: 4ea2bfb1-fc99-4777-aa98-0605d4a704ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDpmEBlIAMFj2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b30a-039358f5691f895941f485fd;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -zAvZvugUNsIscx7YT34xPY-AiaxduJGMkM23GqxSvfl0EmqWOmysA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:52:38 GMT
age: 68846
etag: "b3cb36455b3cb0a160c705958add6c422a0a48a2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9012
Md5:    b11c8ecfed53e302ab48fa5f757513a4
Sha1:   b3cb36455b3cb0a160c705958add6c422a0a48a2
Sha256: fb66239038dddd134d3c5c7a656c91c57737bc784fabefe15a5ef2981e68e2b0
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "988E40422D6903CB69AF1B0D475F4F8383660C21B85E1A87EC5D6814A67EC327"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6550
Expires: Sun, 02 Oct 2022 18:49:14 GMT
Date: Sun, 02 Oct 2022 17:00:04 GMT
Connection: keep-alive